diff options
| author | Thorsten Leemhuis <fedora@leemhuis.info> | 2017-06-07 14:35:51 +0200 |
|---|---|---|
| committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2017-06-07 14:35:51 +0200 |
| commit | b35b260d2d5c1684ab6d6a7d6c20a323f0b55bf3 (patch) | |
| tree | 59109121b26723b9233b801087c35f342c4767c3 | |
| parent | c7b14c3b515929facd97301d7f2988cc3b3ff48e (diff) | |
| parent | 47956699a4d9cf596a658ae97d707df58138653d (diff) | |
| download | kernel-4.11.3-202.vanilla.knurd.1.fc25.tar.gz kernel-4.11.3-202.vanilla.knurd.1.fc25.tar.xz kernel-4.11.3-202.vanilla.knurd.1.fc25.zip | |
Merge remote-tracking branch 'origin/f25' into f25-user-thl-vanilla-fedorakernel-4.11.3-202.vanilla.knurd.1.fc25
33 files changed, 765 insertions, 256 deletions
diff --git a/0001-ipx-call-ipxitf_put-in-ioctl-error-path.patch b/0001-ipx-call-ipxitf_put-in-ioctl-error-path.patch deleted file mode 100644 index ca809297a..000000000 --- a/0001-ipx-call-ipxitf_put-in-ioctl-error-path.patch +++ /dev/null @@ -1,38 +0,0 @@ -From ee0d8d8482345ff97a75a7d747efc309f13b0d80 Mon Sep 17 00:00:00 2001 -From: Dan Carpenter <dan.carpenter@oracle.com> -Date: Tue, 2 May 2017 13:58:53 +0300 -Subject: [PATCH] ipx: call ipxitf_put() in ioctl error path -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We should call ipxitf_put() if the copy_to_user() fails. - -Reported-by: 李强 <liqiang6-s@360.cn> -Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - net/ipx/af_ipx.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c -index 8a9219f..fa31ef2 100644 ---- a/net/ipx/af_ipx.c -+++ b/net/ipx/af_ipx.c -@@ -1168,11 +1168,10 @@ static int ipxitf_ioctl(unsigned int cmd, void __user *arg) - sipx->sipx_network = ipxif->if_netnum; - memcpy(sipx->sipx_node, ipxif->if_node, - sizeof(sipx->sipx_node)); -- rc = -EFAULT; -+ rc = 0; - if (copy_to_user(arg, &ifr, sizeof(ifr))) -- break; -+ rc = -EFAULT; - ipxitf_put(ipxif); -- rc = 0; - break; - } - case SIOCAIPXITFCRT: --- -2.9.3 - diff --git a/0001-platform-x86-thinkpad_acpi-guard-generic-hotkey-case.patch b/0001-platform-x86-thinkpad_acpi-guard-generic-hotkey-case.patch new file mode 100644 index 000000000..847c70ce8 --- /dev/null +++ b/0001-platform-x86-thinkpad_acpi-guard-generic-hotkey-case.patch @@ -0,0 +1,71 @@ +From 6bb84c0f9da1144e0d443798a76d5769b7d554af Mon Sep 17 00:00:00 2001 +From: Christian Kellner <christian@kellner.me> +Date: Tue, 28 Feb 2017 17:10:56 +0100 +Subject: [PATCH 1/2] platform/x86: thinkpad_acpi: guard generic hotkey case + +Currently when dispatching hotkeys we check if the scancode is in +the range of 0 and TPACPI_HOTKEY_MAP_LEN, although the bottom 20 +entries in the hotkey keymap are already adaptive keycodes. +Therefore we introduce a TP_ACPI_HOTKEYSCAN_ADAPTIVE_START and +ensure that we are in the range 0 and ADAPTIVE_START for the generic +keycode case. + +Signed-off-by: Christian Kellner <ckellner@redhat.com> +Reviewed-by: Hans de Goede <hdegoede@redhat.com> +Acked-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> +Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> +--- + drivers/platform/x86/thinkpad_acpi.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c +index 1d18b32..e2b962f 100644 +--- a/drivers/platform/x86/thinkpad_acpi.c ++++ b/drivers/platform/x86/thinkpad_acpi.c +@@ -1922,7 +1922,9 @@ enum { /* hot key scan codes (derived from ACPI DSDT) */ + TP_ACPI_HOTKEYSCAN_UNK7, + TP_ACPI_HOTKEYSCAN_UNK8, + +- TP_ACPI_HOTKEYSCAN_MUTE2, ++ /* Adaptive keyboard keycodes */ ++ TP_ACPI_HOTKEYSCAN_ADAPTIVE_START, ++ TP_ACPI_HOTKEYSCAN_MUTE2 = TP_ACPI_HOTKEYSCAN_ADAPTIVE_START, + TP_ACPI_HOTKEYSCAN_BRIGHTNESS_ZERO, + TP_ACPI_HOTKEYSCAN_CLIPPING_TOOL, + TP_ACPI_HOTKEYSCAN_CLOUD, +@@ -3656,7 +3658,6 @@ static const int adaptive_keyboard_modes[] = { + #define DFR_CHANGE_ROW 0x101 + #define DFR_SHOW_QUICKVIEW_ROW 0x102 + #define FIRST_ADAPTIVE_KEY 0x103 +-#define ADAPTIVE_KEY_OFFSET 0x020 + + /* press Fn key a while second, it will switch to Function Mode. Then + * release Fn key, previous mode be restored. +@@ -3747,12 +3748,13 @@ static bool adaptive_keyboard_hotkey_notify_hotkey(unsigned int scancode) + default: + if (scancode < FIRST_ADAPTIVE_KEY || + scancode >= FIRST_ADAPTIVE_KEY + TPACPI_HOTKEY_MAP_LEN - +- ADAPTIVE_KEY_OFFSET) { ++ TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) { + pr_info("Unhandled adaptive keyboard key: 0x%x\n", + scancode); + return false; + } +- keycode = hotkey_keycode_map[scancode - FIRST_ADAPTIVE_KEY + ADAPTIVE_KEY_OFFSET]; ++ keycode = hotkey_keycode_map[scancode - FIRST_ADAPTIVE_KEY + ++ TP_ACPI_HOTKEYSCAN_ADAPTIVE_START]; + if (keycode != KEY_RESERVED) { + mutex_lock(&tpacpi_inputdev_send_mutex); + +@@ -3778,7 +3780,7 @@ static bool hotkey_notify_hotkey(const u32 hkey, + *ignore_acpi_ev = false; + + /* HKEY event 0x1001 is scancode 0x00 */ +- if (scancode > 0 && scancode <= TPACPI_HOTKEY_MAP_LEN) { ++ if (scancode > 0 && scancode <= TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) { + scancode--; + if (!(hotkey_source_mask & (1 << scancode))) { + tpacpi_input_send_key_masked(scancode); +-- +2.9.4 + diff --git a/0002-platform-x86-thinkpad_acpi-add-mapping-for-new-hotke.patch b/0002-platform-x86-thinkpad_acpi-add-mapping-for-new-hotke.patch new file mode 100644 index 000000000..2c9bcbbeb --- /dev/null +++ b/0002-platform-x86-thinkpad_acpi-add-mapping-for-new-hotke.patch @@ -0,0 +1,158 @@ +From 82e71b57b1b4347126b1ffd7b2beed2bc8b795bd Mon Sep 17 00:00:00 2001 +From: Christian Kellner <christian@kellner.me> +Date: Tue, 28 Feb 2017 17:10:57 +0100 +Subject: [PATCH 2/2] platform/x86: thinkpad_acpi: add mapping for new hotkeys + +The T470, X270 emits new hkey events in the 0x1311 - 0x1315 range. +According to the user manual they should launch a user selected +favorite application (star icon, 0x1311), snipping tool (0x1312, +currently ignored), enable/disable bluetooth (0x1314) and open they +keyboard settings (0x1315). + +The third nibble (0xf00) is used to differentiate between the original +hotkeys, the adaptive keyboard codes and the new, additional ones. + +Signed-off-by: Christian Kellner <ckellner@redhat.com> +Reviewed-by: Hans de Goede <hdegoede@redhat.com> +Acked-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> +Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> +--- + drivers/platform/x86/thinkpad_acpi.c | 91 +++++++++++++++++++++++++++++++----- + 1 file changed, 79 insertions(+), 12 deletions(-) + +diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c +index e2b962f..7b6cb0c 100644 +--- a/drivers/platform/x86/thinkpad_acpi.c ++++ b/drivers/platform/x86/thinkpad_acpi.c +@@ -1945,6 +1945,15 @@ enum { /* hot key scan codes (derived from ACPI DSDT) */ + TP_ACPI_HOTKEYSCAN_CAMERA_MODE, + TP_ACPI_HOTKEYSCAN_ROTATE_DISPLAY, + ++ /* Lenovo extended keymap, starting at 0x1300 */ ++ TP_ACPI_HOTKEYSCAN_EXTENDED_START, ++ /* first new observed key (star, favorites) is 0x1311 */ ++ TP_ACPI_HOTKEYSCAN_STAR = 69, ++ TP_ACPI_HOTKEYSCAN_CLIPPING_TOOL2, ++ TP_ACPI_HOTKEYSCAN_UNK25, ++ TP_ACPI_HOTKEYSCAN_BLUETOOTH, ++ TP_ACPI_HOTKEYSCAN_KEYBOARD, ++ + /* Hotkey keymap size */ + TPACPI_HOTKEY_MAP_LEN + }; +@@ -3252,6 +3261,15 @@ static int __init hotkey_init(struct ibm_init_struct *iibm) + KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, + KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, + KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ ++ /* No assignment, used for newer Lenovo models */ ++ KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ KEY_UNKNOWN, KEY_UNKNOWN ++ + }, + + /* Generic keymap for Lenovo ThinkPads */ +@@ -3337,6 +3355,29 @@ static int __init hotkey_init(struct ibm_init_struct *iibm) + KEY_RESERVED, /* Microphone cancellation */ + KEY_RESERVED, /* Camera mode */ + KEY_RESERVED, /* Rotate display, 0x116 */ ++ ++ /* ++ * These are found in 2017 models (e.g. T470s, X270). ++ * The lowest known value is 0x311, which according to ++ * the manual should launch a user defined favorite ++ * application. ++ * ++ * The offset for these is TP_ACPI_HOTKEYSCAN_EXTENDED_START, ++ * corresponding to 0x34. ++ */ ++ ++ /* (assignments unknown, please report if found) */ ++ KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, KEY_UNKNOWN, ++ KEY_UNKNOWN, ++ ++ KEY_FAVORITES, /* Favorite app, 0x311 */ ++ KEY_RESERVED, /* Clipping tool */ ++ KEY_RESERVED, ++ KEY_BLUETOOTH, /* Bluetooth */ ++ KEY_KEYBOARD /* Keyboard, 0x315 */ + }, + }; + +@@ -3747,8 +3788,9 @@ static bool adaptive_keyboard_hotkey_notify_hotkey(unsigned int scancode) + + default: + if (scancode < FIRST_ADAPTIVE_KEY || +- scancode >= FIRST_ADAPTIVE_KEY + TPACPI_HOTKEY_MAP_LEN - +- TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) { ++ scancode >= FIRST_ADAPTIVE_KEY + ++ TP_ACPI_HOTKEYSCAN_EXTENDED_START - ++ TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) { + pr_info("Unhandled adaptive keyboard key: 0x%x\n", + scancode); + return false; +@@ -3779,19 +3821,44 @@ static bool hotkey_notify_hotkey(const u32 hkey, + *send_acpi_ev = true; + *ignore_acpi_ev = false; + +- /* HKEY event 0x1001 is scancode 0x00 */ +- if (scancode > 0 && scancode <= TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) { +- scancode--; +- if (!(hotkey_source_mask & (1 << scancode))) { +- tpacpi_input_send_key_masked(scancode); +- *send_acpi_ev = false; +- } else { +- *ignore_acpi_ev = true; ++ /* ++ * Original events are in the 0x10XX range, the adaptive keyboard ++ * found in 2014 X1 Carbon emits events are of 0x11XX. In 2017 ++ * models, additional keys are emitted through 0x13XX. ++ */ ++ switch ((hkey >> 8) & 0xf) { ++ case 0: ++ if (scancode > 0 && ++ scancode <= TP_ACPI_HOTKEYSCAN_ADAPTIVE_START) { ++ /* HKEY event 0x1001 is scancode 0x00 */ ++ scancode--; ++ if (!(hotkey_source_mask & (1 << scancode))) { ++ tpacpi_input_send_key_masked(scancode); ++ *send_acpi_ev = false; ++ } else { ++ *ignore_acpi_ev = true; ++ } ++ return true; + } +- return true; +- } else { ++ break; ++ ++ case 1: + return adaptive_keyboard_hotkey_notify_hotkey(scancode); ++ ++ case 3: ++ /* Extended keycodes start at 0x300 and our offset into the map ++ * TP_ACPI_HOTKEYSCAN_EXTENDED_START. The calculated scancode ++ * will be positive, but might not be in the correct range. ++ */ ++ scancode -= (0x300 - TP_ACPI_HOTKEYSCAN_EXTENDED_START); ++ if (scancode >= TP_ACPI_HOTKEYSCAN_EXTENDED_START && ++ scancode < TPACPI_HOTKEY_MAP_LEN) { ++ tpacpi_input_send_key(scancode); ++ return true; ++ } ++ break; + } ++ + return false; + } + +-- +2.9.4 + diff --git a/2-2-nvme-Quirk-APST-on-Intel-600P-P3100-devices.patch b/2-2-nvme-Quirk-APST-on-Intel-600P-P3100-devices.patch new file mode 100644 index 000000000..088d921a7 --- /dev/null +++ b/2-2-nvme-Quirk-APST-on-Intel-600P-P3100-devices.patch @@ -0,0 +1,33 @@ +From 596bbd8d3752b0a922b7a5a059f47607a36ecc2e Mon Sep 17 00:00:00 2001 +From: Andrew Lutomirski <luto@kernel.org> +Date: Wed, 24 May 2017 15:06:31 -0700 +Subject: [PATCH] nvme: Quirk APST on Intel 600P/P3100 devices + +They have known firmware bugs. A fix is apparently in the works -- +once fixed firmware is available, someone from Intel (Hi, Keith!) +can adjust the quirk accordingly. + +Cc: stable@vger.kernel.org # v4.11 +Cc: Kai-Heng Feng <kai.heng.feng@canonical.com> +Cc: Mario Limonciello <mario_limonciello@dell.com> +Signed-off-by: Andy Lutomirski <luto@kernel.org> +--- + drivers/nvme/host/pci.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c +index d8a1707..993d16c 100644 +--- a/drivers/nvme/host/pci.c ++++ b/drivers/nvme/host/pci.c +@@ -2171,6 +2171,8 @@ static const struct pci_device_id nvme_id_table[] = { + { PCI_VDEVICE(INTEL, 0x0a54), + .driver_data = NVME_QUIRK_STRIPE_SIZE | + NVME_QUIRK_DISCARD_ZEROES, }, ++ { PCI_VDEVICE(INTEL, 0xf1a5), /* Intel 600P/P3100 */ ++ .driver_data = NVME_QUIRK_NO_DEEPEST_PS }, + { PCI_VDEVICE(INTEL, 0x5845), /* Qemu emulated controller */ + .driver_data = NVME_QUIRK_IDENTIFY_CNS, }, + { PCI_DEVICE(0x1c58, 0x0003), /* HGST adapter */ +-- +2.7.5 + diff --git a/actual_udpencap_fix.patch b/actual_udpencap_fix.patch new file mode 100644 index 000000000..bba8b7676 --- /dev/null +++ b/actual_udpencap_fix.patch @@ -0,0 +1,45 @@ +From: Steffen Klassert <steffen.klassert@secunet.com> +Subject: [PATCH] esp4: Fix udpencap for local TCP packets. + +Locally generated TCP packets are usually cloned, so we +do skb_cow_data() on this packets. After that we need to +reload the pointer to the esp header. On udpencap this +header has an offset to skb_transport_header, so take this +offset into account. + +Fixes: commit cac2661c53f ("esp4: Avoid skb_cow_data whenever possible") +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/ipv4/esp4.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c +index b1e2444..ab71fbb 100644 +--- a/net/ipv4/esp4.c ++++ b/net/ipv4/esp4.c +@@ -223,6 +223,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + int extralen; + int tailen; + __be64 seqno; ++ int esp_offset = 0; + __u8 proto = *skb_mac_header(skb); + + /* skb is pure payload to encrypt */ +@@ -288,6 +289,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + break; + } + ++ esp_offset = (unsigned char *)esph - (unsigned char *)uh; ++ + *skb_mac_header(skb) = IPPROTO_UDP; + } + +@@ -397,7 +400,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + goto error; + nfrags = err; + tail = skb_tail_pointer(trailer); +- esph = ip_esp_hdr(skb); ++ esph = (struct ip_esp_hdr *)(skb_transport_header(skb) + esp_offset); + + skip_cow: + esp_output_fill_trailer(tail, tfclen, plen, proto); diff --git a/baseconfig/CONFIG_CROS_KBD_LED_BACKLIGHT b/baseconfig/CONFIG_CROS_KBD_LED_BACKLIGHT index 95f043d68..83b61e1e1 100644 --- a/baseconfig/CONFIG_CROS_KBD_LED_BACKLIGHT +++ b/baseconfig/CONFIG_CROS_KBD_LED_BACKLIGHT @@ -1 +1 @@ -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m diff --git a/baseconfig/CONFIG_GPIO_SYSFS b/baseconfig/CONFIG_GPIO_SYSFS index 006904523..52708d181 100644 --- a/baseconfig/CONFIG_GPIO_SYSFS +++ b/baseconfig/CONFIG_GPIO_SYSFS @@ -1 +1 @@ -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y diff --git a/drm-i915-Do-not-drop-pagetables-when-empty.patch b/drm-i915-Do-not-drop-pagetables-when-empty.patch new file mode 100644 index 000000000..8dcbc81bb --- /dev/null +++ b/drm-i915-Do-not-drop-pagetables-when-empty.patch @@ -0,0 +1,95 @@ +From patchwork Fri May 26 08:29:06 2017 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Subject: drm/i915: Do not drop pagetables when empty +From: Daniel Vetter <daniel.vetter@ffwll.ch> +X-Patchwork-Id: 158340 +Message-Id: <20170526082906.8982-1-daniel.vetter@ffwll.ch> +To: Intel Graphics Development <intel-gfx@lists.freedesktop.org> +Cc: "# v4 . 10+" <stable@vger.kernel.org>, + Daniel Vetter <daniel.vetter@intel.com>, + Mika Kuoppala <mika.kuoppala@intel.com> +Date: Fri, 26 May 2017 10:29:06 +0200 + +From: Chris Wilson <chris@chris-wilson.co.uk> + +This is the minimal backport for stable of the upstream commit: + +commit dd19674bacba227ae5d3ce680cbc5668198894dc +Author: Chris Wilson <chris@chris-wilson.co.uk> +Date: Wed Feb 15 08:43:46 2017 +0000 + + drm/i915: Remove bitmap tracking for used-ptes + +Due to a race with the shrinker, when we try to allocate a pagetable, we +may end up shrinking it instead. This comes as a nasty surprise as we +try to dereference it to fill in the pagetable entries for the object. + +In linus/master this is fixed by pinning the pagetables prior to +allocation, but that backport is roughly + drivers/gpu/drm/i915/i915_debugfs.c | 2 +- + drivers/gpu/drm/i915/i915_gem_evict.c | 12 +- + drivers/gpu/drm/i915/i915_gem_gtt.c | 2017 ++++++++++++++------------------- + drivers/gpu/drm/i915/i915_gem_gtt.h | 123 +- + drivers/gpu/drm/i915/i915_trace.h | 104 -- + drivers/gpu/drm/i915/i915_vgpu.c | 9 +- + drivers/gpu/drm/i915/i915_vma.c | 9 - + drivers/gpu/drm/i915/intel_lrc.c | 4 +- + 8 files changed, 946 insertions(+), 1334 deletions(-) +i.e. unsuitable for stable. Instead we neuter the code that tried to +free the pagetables. + +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99295 +Fixes: 2ce5179fe826 ("drm/i915/gtt: Free unused lower-level page tables") +Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> +Cc: Michel Thierry <michel.thierry@intel.com> +Cc: Mika Kuoppala <mika.kuoppala@intel.com> +Cc: Chris Wilson <chris@chris-wilson.co.uk> +Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> +Cc: Michał Winiarski <michal.winiarski@intel.com> +Cc: Daniel Vetter <daniel.vetter@intel.com> +Cc: Jani Nikula <jani.nikula@linux.intel.com> +Cc: intel-gfx@lists.freedesktop.org +Cc: <stable@vger.kernel.org> # v4.10+ +Tested-by: Maël Lavault <mael.lavault@protonmail.com> +Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> +--- + drivers/gpu/drm/i915/i915_gem_gtt.c | 10 ---------- + 1 file changed, 10 deletions(-) + +diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c +index 96e45a4d5441..4f581adf2fcf 100644 +--- a/drivers/gpu/drm/i915/i915_gem_gtt.c ++++ b/drivers/gpu/drm/i915/i915_gem_gtt.c +@@ -755,10 +755,6 @@ static bool gen8_ppgtt_clear_pt(struct i915_address_space *vm, + GEM_BUG_ON(pte_end > GEN8_PTES); + + bitmap_clear(pt->used_ptes, pte, num_entries); +- if (USES_FULL_PPGTT(vm->i915)) { +- if (bitmap_empty(pt->used_ptes, GEN8_PTES)) +- return true; +- } + + pt_vaddr = kmap_px(pt); + +@@ -798,9 +794,6 @@ static bool gen8_ppgtt_clear_pd(struct i915_address_space *vm, + } + } + +- if (bitmap_empty(pd->used_pdes, I915_PDES)) +- return true; +- + return false; + } + +@@ -829,9 +822,6 @@ static bool gen8_ppgtt_clear_pdp(struct i915_address_space *vm, + + mark_tlbs_dirty(ppgtt); + +- if (bitmap_empty(pdp->used_pdpes, I915_PDPES_PER_PDP(dev_priv))) +- return true; +- + return false; + } + diff --git a/efi-lockdown.patch b/efi-lockdown.patch index 54a7caa24..7803d6dff 100644 --- a/efi-lockdown.patch +++ b/efi-lockdown.patch @@ -1,4 +1,4 @@ -From df7d76ae50f18d4465e59fdf7f19d3df44906cb5 Mon Sep 17 00:00:00 2001 +From 85255f3885abdd1d2e5dc9f6e51f2fc9db075843 Mon Sep 17 00:00:00 2001 From: Josh Boyer <jwboyer@fedoraproject.org> Date: Mon, 21 Nov 2016 23:55:55 +0000 Subject: [PATCH 07/32] efi: Add EFI_SECURE_BOOT bit @@ -18,10 +18,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> 2 files changed, 2 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 69780ed..447905e 100644 +index 4bf0c89..396285b 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1182,6 +1182,7 @@ void __init setup_arch(char **cmdline_p) +@@ -1184,6 +1184,7 @@ void __init setup_arch(char **cmdline_p) pr_info("Secure boot disabled\n"); break; case efi_secureboot_mode_enabled: @@ -42,13 +42,13 @@ index 94d34e0..6049600 100644 #ifdef CONFIG_EFI /* -- -2.7.4 +2.7.5 -From f05a90c19a9613d8d50597319ed91f691e25b689 Mon Sep 17 00:00:00 2001 +From 341507e80b888b5b587bdb60f0d95275dbbcad89 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Mon, 21 Nov 2016 23:36:17 +0000 -Subject: [PATCH 09/32] Add the ability to lock down access to the running - kernel image +Subject: [PATCH 09/32] Add the ability to lock down access to the running kernel + image Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might @@ -67,10 +67,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> create mode 100644 security/lock_down.c diff --git a/include/linux/kernel.h b/include/linux/kernel.h -index cb09238..3cd3be9 100644 +index 4c26dc3..b820a80 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h -@@ -273,6 +273,15 @@ extern int oops_may_print(void); +@@ -275,6 +275,15 @@ extern int oops_may_print(void); void do_exit(long error_code) __noreturn; void complete_and_exit(struct completion *, long) __noreturn; @@ -87,10 +87,10 @@ index cb09238..3cd3be9 100644 int __must_check _kstrtoul(const char *s, unsigned int base, unsigned long *res); int __must_check _kstrtol(const char *s, unsigned int base, long *res); diff --git a/include/linux/security.h b/include/linux/security.h -index d3868f2..187b74b 100644 +index 96899fa..5808570 100644 --- a/include/linux/security.h +++ b/include/linux/security.h -@@ -1679,5 +1679,16 @@ static inline void free_secdata(void *secdata) +@@ -1678,5 +1678,16 @@ static inline void free_secdata(void *secdata) { } #endif /* CONFIG_SECURITY */ @@ -191,9 +191,9 @@ index 0000000..5788c60 +} +EXPORT_SYMBOL(kernel_is_locked_down); -- -2.7.4 +2.7.5 -From fb6feb38e297260d050fc477c72683ac51d07ae3 Mon Sep 17 00:00:00 2001 +From dfabd5c5acc95a2de69d44f794e6f1ce894fd3ff Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Mon, 21 Nov 2016 23:55:55 +0000 Subject: [PATCH 10/32] efi: Lock down the kernel if booted in secure boot mode @@ -211,10 +211,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 874c123..a315974 100644 +index cc98d5a..21f3985 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1816,6 +1816,18 @@ config EFI_MIXED +@@ -1817,6 +1817,18 @@ config EFI_MIXED If unsure, say N. @@ -234,7 +234,7 @@ index 874c123..a315974 100644 def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 447905e..d44e60e 100644 +index 396285b..85dfa74 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -69,6 +69,7 @@ @@ -245,7 +245,7 @@ index 447905e..d44e60e 100644 #include <video/edid.h> -@@ -1183,7 +1184,12 @@ void __init setup_arch(char **cmdline_p) +@@ -1185,7 +1186,12 @@ void __init setup_arch(char **cmdline_p) break; case efi_secureboot_mode_enabled: set_bit(EFI_SECURE_BOOT, &efi.flags); @@ -260,9 +260,9 @@ index 447905e..d44e60e 100644 default: pr_info("Secure boot could not be determined\n"); -- -2.7.4 +2.7.5 -From 7182f2f5b254d6dc6d3105d2f99219a76adf9de0 Mon Sep 17 00:00:00 2001 +From 0329e34894da0599619b03fa6cb16d575bfc68d4 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Wed, 23 Nov 2016 13:22:22 +0000 Subject: [PATCH 11/32] Enforce module signatures if the kernel is locked down @@ -289,13 +289,13 @@ index 7eba6de..3331f2e 100644 return err; -- -2.7.4 +2.7.5 -From 7e97c58bcd0b4c082b889fb093a2779147532b9f Mon Sep 17 00:00:00 2001 +From 236e7dcbf5eb7b27416a819d6cb69d3006481cef Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Tue, 22 Nov 2016 08:46:16 +0000 -Subject: [PATCH 12/32] Restrict /dev/mem and /dev/kmem when the kernel is - locked down +Subject: [PATCH 12/32] Restrict /dev/mem and /dev/kmem when the kernel is locked + down Allowing users to write to address space makes it possible for the kernel to be subverted, avoiding module loading restrictions. Prevent this when the @@ -308,10 +308,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> 1 file changed, 6 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 6d9cc2d..f814404 100644 +index 6e0cbe0..a97b22f 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c -@@ -163,6 +163,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, +@@ -179,6 +179,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf, if (p != *ppos) return -EFBIG; @@ -321,7 +321,7 @@ index 6d9cc2d..f814404 100644 if (!valid_phys_addr_range(p, count)) return -EFAULT; -@@ -513,6 +516,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, +@@ -540,6 +543,9 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, char *kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ int err = 0; @@ -332,9 +332,9 @@ index 6d9cc2d..f814404 100644 unsigned long to_write = min_t(unsigned long, count, (unsigned long)high_memory - p); -- -2.7.4 +2.7.5 -From b83b68a9a13120664eaabf21a7b3ff0b065bd5b2 Mon Sep 17 00:00:00 2001 +From 58a5ca7a67b9091800f61c1c411b3f411fcd857b Mon Sep 17 00:00:00 2001 From: Kyle McMartin <kyle@redhat.com> Date: Mon, 21 Nov 2016 23:55:56 +0000 Subject: [PATCH 13/32] Add a sysrq option to exit secure boot mode @@ -354,10 +354,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> 7 files changed, 68 insertions(+), 8 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index a315974..6931e68 100644 +index 21f3985..457c049 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1828,6 +1828,16 @@ config EFI_SECURE_BOOT_LOCK_DOWN +@@ -1829,6 +1829,16 @@ config EFI_SECURE_BOOT_LOCK_DOWN image. Say Y here to automatically lock down the kernel when a system boots with UEFI Secure Boot enabled. @@ -375,7 +375,7 @@ index a315974..6931e68 100644 def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index d44e60e..f7635d0 100644 +index 85dfa74..a415a48 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -71,6 +71,11 @@ @@ -390,7 +390,7 @@ index d44e60e..f7635d0 100644 #include <video/edid.h> #include <asm/mtrr.h> -@@ -1328,6 +1333,32 @@ void __init i386_reserve_resources(void) +@@ -1330,6 +1335,32 @@ void __init i386_reserve_resources(void) #endif /* CONFIG_X86_32 */ @@ -436,10 +436,10 @@ index 022be0e..4a054a5 100644 input_set_drvdata(udev->dev, udev); diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c -index 7113674..e1addc3 100644 +index c6fc714..0c96cf6 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c -@@ -479,6 +479,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = { +@@ -481,6 +481,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = { /* x: May be registered on mips for TLB dump */ /* x: May be registered on ppc/powerpc for xmon */ /* x: May be registered on sparc64 for global PMU dump */ @@ -447,7 +447,7 @@ index 7113674..e1addc3 100644 NULL, /* x */ /* y: May be registered on sparc64 for global register dump */ NULL, /* y */ -@@ -522,7 +523,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p) +@@ -524,7 +525,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p) sysrq_key_table[i] = op_p; } @@ -456,7 +456,7 @@ index 7113674..e1addc3 100644 { struct sysrq_key_op *op_p; int orig_log_level; -@@ -542,11 +543,15 @@ void __handle_sysrq(int key, bool check_mask) +@@ -544,11 +545,15 @@ void __handle_sysrq(int key, bool check_mask) op_p = __sysrq_get_key_op(key); if (op_p) { @@ -473,7 +473,7 @@ index 7113674..e1addc3 100644 pr_cont("%s\n", op_p->action_msg); console_loglevel = orig_log_level; op_p->handler(key); -@@ -578,7 +583,7 @@ void __handle_sysrq(int key, bool check_mask) +@@ -580,7 +585,7 @@ void __handle_sysrq(int key, bool check_mask) void handle_sysrq(int key) { if (sysrq_on()) @@ -482,7 +482,7 @@ index 7113674..e1addc3 100644 } EXPORT_SYMBOL(handle_sysrq); -@@ -659,7 +664,7 @@ static void sysrq_do_reset(unsigned long _state) +@@ -661,7 +666,7 @@ static void sysrq_do_reset(unsigned long _state) static void sysrq_handle_reset_request(struct sysrq_state *state) { if (state->reset_requested) @@ -491,7 +491,7 @@ index 7113674..e1addc3 100644 if (sysrq_reset_downtime_ms) mod_timer(&state->keyreset_timer, -@@ -810,8 +815,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq, +@@ -812,8 +817,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq, default: if (sysrq->active && value && value != 2) { @@ -503,7 +503,7 @@ index 7113674..e1addc3 100644 } break; } -@@ -1095,7 +1102,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, +@@ -1097,7 +1104,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, if (get_user(c, buf)) return -EFAULT; @@ -570,10 +570,10 @@ index 387fa7d..f7c52a9 100644 int unregister_sysrq_key(int key, struct sysrq_key_op *op); struct sysrq_key_op *__sysrq_get_key_op(int key); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index ca18391..c4524b8 100644 +index c8146d5..b480cad 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c -@@ -1967,7 +1967,7 @@ static int kdb_sr(int argc, const char **argv) +@@ -1970,7 +1970,7 @@ static int kdb_sr(int argc, const char **argv) return KDB_ARGCOUNT; kdb_trap_printk++; @@ -583,9 +583,9 @@ index ca18391..c4524b8 100644 return 0; -- -2.7.4 +2.7.5 -From 8884bd44932e595323fcddfb09c2a2a586134cdf Mon Sep 17 00:00:00 2001 +From 1b5f90719268c27616172f00cde6e1078eb413c5 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Tue, 22 Nov 2016 08:46:15 +0000 Subject: [PATCH 14/32] kexec: Disable at runtime if the kernel is locked down @@ -622,13 +622,12 @@ index 980936a..46de8e6 100644 * This leaves us room for future extensions. */ -- -2.7.4 +2.7.5 -From cace563d1743c3d2faf1e46bd4df8e63e2310207 Mon Sep 17 00:00:00 2001 +From 85eaf32ad6cb1ce6ab88601daac8e601386929bb Mon Sep 17 00:00:00 2001 From: Dave Young <dyoung@redhat.com> Date: Tue, 22 Nov 2016 08:46:15 +0000 -Subject: [PATCH 15/32] Copy secure_boot flag in boot params across kexec - reboot +Subject: [PATCH] Copy secure_boot flag in boot params across kexec reboot Kexec reboot in case secure boot being enabled does not keep the secure boot mode in new kernel, so later one can load unsigned kernel via legacy @@ -660,13 +659,12 @@ index d0a814a..3551bca 100644 ei->efi_systab = current_ei->efi_systab; ei->efi_systab_hi = current_ei->efi_systab_hi; -- -2.7.4 +2.7.5 -From 08a3467acbc28bb469d1eebd0f5fd40b944d984a Mon Sep 17 00:00:00 2001 +From 421f4933387c7663b99d63624bdc23d4037e9c26 Mon Sep 17 00:00:00 2001 From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com> Date: Wed, 23 Nov 2016 13:49:19 +0000 -Subject: [PATCH 16/32] kexec_file: Disable at runtime if securelevel has been - set +Subject: [PATCH 16/32] kexec_file: Disable at runtime if securelevel has been set When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image through kexec_file systemcall if securelevel has been set. @@ -682,7 +680,7 @@ Signed-off-by: David Howells <dhowells@redhat.com> 1 file changed, 6 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c -index b56a558..003cade 100644 +index b118735..f6937ee 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -268,6 +268,12 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, @@ -699,9 +697,9 @@ index b56a558..003cade 100644 if (flags != (flags & KEXEC_FILE_FLAGS)) return -EINVAL; -- -2.7.4 +2.7.5 -From 925fd10d7a99a6f999dde76daf2b1ef1238b251a Mon Sep 17 00:00:00 2001 +From 0376070dd24c4226e047cf5ab8d68c8341b8d521 Mon Sep 17 00:00:00 2001 From: Josh Boyer <jwboyer@fedoraproject.org> Date: Tue, 22 Nov 2016 08:46:15 +0000 Subject: [PATCH 17/32] hibernate: Disable when the kernel is locked down @@ -718,10 +716,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c -index 86385af..1629798 100644 +index a8b978c..50cca5d 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c -@@ -67,7 +67,7 @@ static const struct platform_hibernation_ops *hibernation_ops; +@@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { @@ -731,12 +729,12 @@ index 86385af..1629798 100644 /** -- -2.7.4 +2.7.5 -From b14fb5fcd60c84a09a15bd7ec974b6fbce68335c Mon Sep 17 00:00:00 2001 +From fff7953fd653f695d0a43872726086637cad224b Mon Sep 17 00:00:00 2001 From: Matthew Garrett <mjg59@srcf.ucam.org> Date: Wed, 23 Nov 2016 13:28:17 +0000 -Subject: [PATCH 18/32] uswsusp: Disable when the kernel is locked down +Subject: [PATCH] uswsusp: Disable when the kernel is locked down uswsusp allows a user process to dump and then restore kernel state, which makes it possible to modify the running kernel. Disable this if the kernel @@ -763,13 +761,12 @@ index 22df9f7..e4b926d 100644 if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { -- -2.7.4 +2.7.5 -From d8167273e7562e5aa866d2b65e25bb1962de972c Mon Sep 17 00:00:00 2001 +From a4cb6a7d28d27aa8166b7e0d5f75fe16f2f18ac8 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Tue, 22 Nov 2016 08:46:15 +0000 -Subject: [PATCH 19/32] PCI: Lock down BAR access when the kernel is locked - down +Subject: [PATCH 19/32] PCI: Lock down BAR access when the kernel is locked down Any hardware that can potentially generate DMA has to be locked down in order to avoid it being possible for an attacker to modify kernel code, @@ -786,10 +783,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 0666287..b10992c 100644 +index 7ac258f..7d29b03 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c -@@ -718,6 +718,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, +@@ -727,6 +727,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, loff_t init_off = off; u8 *data = (u8 *) buf; @@ -799,7 +796,7 @@ index 0666287..b10992c 100644 if (off > dev->cfg_size) return 0; if (off + count > dev->cfg_size) { -@@ -1009,6 +1012,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, +@@ -1022,6 +1025,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, resource_size_t start, end; int i; @@ -809,7 +806,7 @@ index 0666287..b10992c 100644 for (i = 0; i < PCI_ROM_RESOURCE; i++) if (res == &pdev->resource[i]) break; -@@ -1108,6 +1114,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, +@@ -1121,6 +1127,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { @@ -820,7 +817,7 @@ index 0666287..b10992c 100644 } diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c -index f82710a..139d6f0 100644 +index dc8912e..e2c5eff 100644 --- a/drivers/pci/proc.c +++ b/drivers/pci/proc.c @@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf, @@ -845,13 +842,13 @@ index f82710a..139d6f0 100644 ret = pci_domain_nr(dev->bus); @@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma) struct pci_filp_private *fpriv = file->private_data; - int i, ret, write_combine; + int i, ret, write_combine = 0, res_bit; - if (!capable(CAP_SYS_RAWIO)) + if (!capable(CAP_SYS_RAWIO) || kernel_is_locked_down()) return -EPERM; - /* Make sure the caller is mapping a real resource for this device */ + if (fpriv->mmap_state == pci_mmap_io) diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c index 9bf993e..c095247 100644 --- a/drivers/pci/syscall.c @@ -866,13 +863,12 @@ index 9bf993e..c095247 100644 dev = pci_get_bus_and_slot(bus, dfn); -- -2.7.4 +2.7.5 -From 169d13e0c5240ac6aad13aace5ecbdb3de2cfada Mon Sep 17 00:00:00 2001 +From 4f9b39483a30ae4bd6e9c90caaf3a0466161d024 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Tue, 22 Nov 2016 08:46:16 +0000 -Subject: [PATCH 20/32] x86: Lock down IO port access when the kernel is locked - down +Subject: [PATCH 20/32] x86: Lock down IO port access when the kernel is locked down IO port access would permit users to gain access to PCI configuration registers, which in turn (on a lot of hardware) give access to MMIO @@ -890,10 +886,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c -index b01bc8517..4ccaace 100644 +index 9c3cf09..4a613fe 100644 --- a/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c -@@ -29,7 +29,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) +@@ -30,7 +30,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) return -EINVAL; @@ -902,7 +898,7 @@ index b01bc8517..4ccaace 100644 return -EPERM; /* -@@ -113,7 +113,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) +@@ -120,7 +120,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) return -EINVAL; /* Trying to gain more privileges? */ if (level > old) { @@ -912,10 +908,10 @@ index b01bc8517..4ccaace 100644 } regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index f814404..9afebb6 100644 +index a97b22f..8705f8f 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c -@@ -741,6 +741,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) +@@ -768,6 +768,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) static int open_port(struct inode *inode, struct file *filp) { @@ -925,9 +921,9 @@ index f814404..9afebb6 100644 } -- -2.7.4 +2.7.5 -From efd24f7e9af624b62f39efce4f60b31f0ca643d8 Mon Sep 17 00:00:00 2001 +From b746ba587c937240794cd7006c15a0fb3b2f8128 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Tue, 22 Nov 2016 08:46:17 +0000 Subject: [PATCH 21/32] x86: Restrict MSR access when the kernel is locked down @@ -969,9 +965,9 @@ index ef68880..fbcce02 100644 err = -EFAULT; break; -- -2.7.4 +2.7.5 -From 62ebdffbcb0726b98562e9f1173a6d5967755764 Mon Sep 17 00:00:00 2001 +From 5aff4c16ee0a6441b1abbf6e80a5da9cf2007469 Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Tue, 22 Nov 2016 08:46:16 +0000 Subject: [PATCH 22/32] asus-wmi: Restrict debugfs interface when the kernel is @@ -990,10 +986,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> 1 file changed, 9 insertions(+) diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c -index 43cb680..9be3e08 100644 +index 8fe5890..feef250 100644 --- a/drivers/platform/x86/asus-wmi.c +++ b/drivers/platform/x86/asus-wmi.c -@@ -1898,6 +1898,9 @@ static int show_dsts(struct seq_file *m, void *data) +@@ -1900,6 +1900,9 @@ static int show_dsts(struct seq_file *m, void *data) int err; u32 retval = -1; @@ -1003,7 +999,7 @@ index 43cb680..9be3e08 100644 err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval); if (err < 0) -@@ -1914,6 +1917,9 @@ static int show_devs(struct seq_file *m, void *data) +@@ -1916,6 +1919,9 @@ static int show_devs(struct seq_file *m, void *data) int err; u32 retval = -1; @@ -1013,7 +1009,7 @@ index 43cb680..9be3e08 100644 err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param, &retval); -@@ -1938,6 +1944,9 @@ static int show_call(struct seq_file *m, void *data) +@@ -1940,6 +1946,9 @@ static int show_call(struct seq_file *m, void *data) union acpi_object *obj; acpi_status status; @@ -1024,13 +1020,13 @@ index 43cb680..9be3e08 100644 1, asus->debug.method_id, &input, &output); -- -2.7.4 +2.7.5 -From 31f493d03dde1854fa9e540f87a751fbeeb41cb9 Mon Sep 17 00:00:00 2001 +From f0b27fdb42b57c2044ea3cf49371f786acc7b58e Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Tue, 22 Nov 2016 08:46:16 +0000 -Subject: [PATCH 23/32] ACPI: Limit access to custom_method when the kernel is - locked down +Subject: [PATCH 23/32] ACPI: Limit access to custom_method when the kernel is locked + down custom_method effectively allows arbitrary access to system memory, making it possible for an attacker to circumvent restrictions on module loading. @@ -1057,13 +1053,13 @@ index c68e724..e4d721c 100644 /* parse the table header to get the table length */ if (count <= sizeof(struct acpi_table_header)) -- -2.7.4 +2.7.5 -From 1dec5dc62c78f78b9efe44aac3d6119d97b67017 Mon Sep 17 00:00:00 2001 +From d67f882220ae3d969b496ad93fcbbcd3b09288cd Mon Sep 17 00:00:00 2001 From: Josh Boyer <jwboyer@redhat.com> Date: Tue, 22 Nov 2016 08:46:16 +0000 -Subject: [PATCH 24/32] acpi: Ignore acpi_rsdp kernel param when the kernel has - been locked down +Subject: [PATCH 24/32] acpi: Ignore acpi_rsdp kernel param when the kernel has been + locked down This option allows userspace to pass the RSDP address to the kernel, which makes it possible for a user to circumvent any restrictions imposed on @@ -1089,13 +1085,13 @@ index db78d35..d4d4ba3 100644 #endif -- -2.7.4 +2.7.5 -From 96eaf04100d7365d93f898013175351c7d2702a6 Mon Sep 17 00:00:00 2001 +From 15b10045321ac2af988918726a461178237d2d24 Mon Sep 17 00:00:00 2001 From: Linn Crosetto <linn@hpe.com> Date: Wed, 23 Nov 2016 13:32:27 +0000 -Subject: [PATCH 25/32] acpi: Disable ACPI table override if the kernel is - locked down +Subject: [PATCH 25/32] acpi: Disable ACPI table override if the kernel is locked + down From the kernel documentation (initrd_table_override.txt): @@ -1130,13 +1126,13 @@ index 2604189..601096d 100644 memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS, all_tables_size, PAGE_SIZE); -- -2.7.4 +2.7.5 -From 521979b819b853f7578ba8edef8b33bc2077026d Mon Sep 17 00:00:00 2001 +From dec3a108f63021d82b132847a02e8496f613ac6f Mon Sep 17 00:00:00 2001 From: Linn Crosetto <linn@hpe.com> Date: Wed, 23 Nov 2016 13:39:41 +0000 -Subject: [PATCH 26/32] acpi: Disable APEI error injection if the kernel is - locked down +Subject: [PATCH 26/32] acpi: Disable APEI error injection if the kernel is locked + down ACPI provides an error injection mechanism, EINJ, for debugging and testing the ACPI Platform Error Interface (APEI) and other RAS features. If @@ -1174,9 +1170,9 @@ index ec50c32..e082718 100644 if (flags && (flags & ~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF))) -- -2.7.4 +2.7.5 -From fe597dad1cba83345d62c4079c0d8861c426698c Mon Sep 17 00:00:00 2001 +From dcc51d5b69c23c3f955b332d959f13cb61b4500c Mon Sep 17 00:00:00 2001 From: Matthew Garrett <mjg59@coreos.com> Date: Wed, 23 Nov 2016 13:41:23 +0000 Subject: [PATCH 27/32] Enable cold boot attack mitigation @@ -1232,13 +1228,13 @@ index 801c7a1..ef9409b 100644 * If the boot loader gave us a value for secure_boot then we use that, * otherwise we ask the BIOS. -- -2.7.4 +2.7.5 -From 04fac895731801bc6cb26a6061f1c353c80a866c Mon Sep 17 00:00:00 2001 +From 6cff44c809671affbf65ac2e0d0c2b0a0f705756 Mon Sep 17 00:00:00 2001 From: "Lee, Chun-Yi" <jlee@suse.com> Date: Wed, 23 Nov 2016 13:52:16 +0000 -Subject: [PATCH 28/32] bpf: Restrict kernel image access functions when the - kernel is locked down +Subject: [PATCH 28/32] bpf: Restrict kernel image access functions when the kernel + is locked down There are some bpf functions can be used to read kernel memory: bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow @@ -1289,9 +1285,9 @@ index cee9802..7fde851 100644 for (i = 0; i < fmt_size; i++) { if ((!isprint(fmt[i]) && !isspace(fmt[i])) || !isascii(fmt[i])) -- -2.7.4 +2.7.5 -From 707d0e14c2c0d6c3139ff4bcb16ee22c462b4304 Mon Sep 17 00:00:00 2001 +From 9c7dd48309e4d8e18a9979f6c0cbf9c7b8bf4ea1 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Tue, 22 Nov 2016 10:10:34 +0000 Subject: [PATCH 29/32] scsi: Lock down the eata driver @@ -1317,7 +1313,7 @@ cc: linux-scsi@vger.kernel.org 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c -index 227dd2c..5c036d10 100644 +index 227dd2c..5c036d1 100644 --- a/drivers/scsi/eata.c +++ b/drivers/scsi/eata.c @@ -1552,8 +1552,13 @@ static int eata2x_detect(struct scsi_host_template *tpnt) @@ -1336,13 +1332,12 @@ index 227dd2c..5c036d10 100644 #if defined(MODULE) /* io_port could have been modified when loading as a module */ -- -2.7.4 +2.7.5 -From 07e05e0b7d806a05eba55092630bb75a92311344 Mon Sep 17 00:00:00 2001 +From 5e2b99e099ba52131c7a87695b294961a0bf54f1 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Fri, 25 Nov 2016 14:37:45 +0000 -Subject: [PATCH 30/32] Prohibit PCMCIA CIS storage when the kernel is locked - down +Subject: [PATCH 30/32] Prohibit PCMCIA CIS storage when the kernel is locked down Prohibit replacement of the PCMCIA Card Information Structure when the kernel is locked down. @@ -1369,9 +1364,9 @@ index 55ef7d1..193e4f7 100644 if (off) -- -2.7.4 +2.7.5 -From cf1e877adbe35c5f72a9d85570b494aa3f35be6a Mon Sep 17 00:00:00 2001 +From 6d6e052a6c2df0a7a492439efe1ac6d62498e0d4 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Wed, 7 Dec 2016 10:28:39 +0000 Subject: [PATCH 31/32] Lock down TIOCSSERIAL @@ -1388,10 +1383,10 @@ Signed-off-by: David Howells <dhowells@redhat.com> 1 file changed, 6 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index 9939c3d..7c040e2 100644 +index 3fe5689..4181b00 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c -@@ -820,6 +820,12 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, +@@ -821,6 +821,12 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, new_flags = new_info->flags; old_custom_divisor = uport->custom_divisor; @@ -1405,5 +1400,5 @@ index 9939c3d..7c040e2 100644 retval = -EPERM; if (change_irq || change_port || -- -2.7.4 +2.7.5 diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index a21c4c941..44a0ae1d9 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -912,7 +912,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1686,7 +1686,7 @@ CONFIG_GPIO_PL061=y # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y CONFIG_GPIO_TEGRA=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set diff --git a/kernel-aarch64.config b/kernel-aarch64.config index 8282fcf19..3cb49dc32 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -911,7 +911,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1669,7 +1669,7 @@ CONFIG_GPIO_PL061=y # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y CONFIG_GPIO_TEGRA=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 6619ed9df..86e855181 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -964,7 +964,7 @@ CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y CONFIG_CROS_EC_CHARDEV=m CONFIG_CROS_EC_PROTO=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1823,7 +1823,7 @@ CONFIG_GPIO_PL061=y CONFIG_GPIO_STMPE=y # CONFIG_GPIO_SX150X is not set CONFIG_GPIO_SYSCON=m -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y CONFIG_GPIO_TEGRA=y # CONFIG_GPIO_TPIC2810 is not set CONFIG_GPIO_TPS65218=m diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 1dd956c60..dcc3f6968 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -935,7 +935,7 @@ CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y CONFIG_CROS_EC_CHARDEV=m CONFIG_CROS_EC_PROTO=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1733,7 +1733,7 @@ CONFIG_GPIO_PL061=y # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set CONFIG_GPIO_SYSCON=m -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y CONFIG_GPIO_TEGRA=y # CONFIG_GPIO_TPIC2810 is not set CONFIG_GPIO_TPS65910=y diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index f138e32e5..c73231c33 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -933,7 +933,7 @@ CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y CONFIG_CROS_EC_CHARDEV=m CONFIG_CROS_EC_PROTO=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1716,7 +1716,7 @@ CONFIG_GPIO_PL061=y # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set CONFIG_GPIO_SYSCON=m -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y CONFIG_GPIO_TEGRA=y # CONFIG_GPIO_TPIC2810 is not set CONFIG_GPIO_TPS65910=y diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index d8b2302ca..6453d392c 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -962,7 +962,7 @@ CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y CONFIG_CROS_EC_CHARDEV=m CONFIG_CROS_EC_PROTO=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1806,7 +1806,7 @@ CONFIG_GPIO_PL061=y CONFIG_GPIO_STMPE=y # CONFIG_GPIO_SX150X is not set CONFIG_GPIO_SYSCON=m -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y CONFIG_GPIO_TEGRA=y # CONFIG_GPIO_TPIC2810 is not set CONFIG_GPIO_TPS65218=m diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index 77daef22c..b78f88d58 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -795,7 +795,7 @@ CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_PMIC_OPREGION=y CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1580,7 +1580,7 @@ CONFIG_GPIO_SCH=m # CONFIG_GPIO_SODAVILLE is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index 5d6a84534..1971d52db 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -797,7 +797,7 @@ CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_PMIC_OPREGION=y CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1598,7 +1598,7 @@ CONFIG_GPIO_SCH=m # CONFIG_GPIO_SODAVILLE is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index 024755175..ad302fa5e 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -797,7 +797,7 @@ CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_PMIC_OPREGION=y CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1598,7 +1598,7 @@ CONFIG_GPIO_SCH=m # CONFIG_GPIO_SODAVILLE is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-i686.config b/kernel-i686.config index 72ce387b9..66104bf5f 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -795,7 +795,7 @@ CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_PMIC_OPREGION=y CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1580,7 +1580,7 @@ CONFIG_GPIO_SCH=m # CONFIG_GPIO_SODAVILLE is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index 150765726..4c127db1b 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -785,7 +785,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1500,7 +1500,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-ppc64.config b/kernel-ppc64.config index cb00d554b..11ae013e5 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -783,7 +783,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1482,7 +1482,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index ca57664e1..805609631 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -740,7 +740,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1454,7 +1454,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 6e734ceff..b1bdc13e1 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -738,7 +738,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1436,7 +1436,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-ppc64p7-debug.config b/kernel-ppc64p7-debug.config index 9009a2e8c..930ad0336 100644 --- a/kernel-ppc64p7-debug.config +++ b/kernel-ppc64p7-debug.config @@ -740,7 +740,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1453,7 +1453,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-ppc64p7.config b/kernel-ppc64p7.config index 1ab2950f0..d405b8ba9 100644 --- a/kernel-ppc64p7.config +++ b/kernel-ppc64p7.config @@ -738,7 +738,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1435,7 +1435,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index de69bd62f..9465b3503 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -735,7 +735,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1424,7 +1424,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-s390x.config b/kernel-s390x.config index 024696649..ff799a3bd 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -733,7 +733,7 @@ CONFIG_CRC8=m CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1406,7 +1406,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH311X is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index d676999e1..6cff372e8 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -804,7 +804,7 @@ CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_PMIC_OPREGION=y CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1625,7 +1625,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel-x86_64.config b/kernel-x86_64.config index fc4ee1c5d..8f09d8b87 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -802,7 +802,7 @@ CONFIG_CRC_CCITT=y CONFIG_CRC_ITU_T=m CONFIG_CRC_PMIC_OPREGION=y CONFIG_CRC_T10DIF=y -# CONFIG_CROS_KBD_LED_BACKLIGHT is not set +CONFIG_CROS_KBD_LED_BACKLIGHT=m CONFIG_CROSS_COMPILE="" CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CRYPTO_842=m @@ -1607,7 +1607,7 @@ CONFIG_GPIO_PCI_IDIO_16=m # CONFIG_GPIO_SCH is not set # CONFIG_GPIO_SX150X is not set # CONFIG_GPIO_SYSCON is not set -# CONFIG_GPIO_SYSFS is not set +CONFIG_GPIO_SYSFS=y # CONFIG_GPIO_TPIC2810 is not set # CONFIG_GPIO_TS4900 is not set # CONFIG_GPIO_TS5500 is not set diff --git a/kernel.spec b/kernel.spec index 895a57e0c..96a65c3fa 100644 --- a/kernel.spec +++ b/kernel.spec @@ -44,7 +44,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 200 +%global baserelease 202 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -58,7 +58,7 @@ Summary: The Linux kernel %define stable_rc 0 # Do we have a -stable update to apply? -%define stable_update 2 +%define stable_update 3 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -566,9 +566,6 @@ Patch437: bcm283x-hdmi-audio.patch # https://www.spinics.net/lists/arm-kernel/msg554183.html Patch438: arm-imx6-hummingboard2.patch -# https://lkml.org/lkml/2017/4/4/316 -Patch339: media-cec-Fix-runtime-BUG-when-CONFIG_RC_CORE-CEC_CAP_RC.patch - Patch440: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch Patch460: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch @@ -637,9 +634,6 @@ Patch668: CVE-2017-7477.patch #rhbz 1436686 Patch864: dell-laptop-Adds-support-for-keyboard-backlight-timeout-AC-settings.patch -#CVE-2017-7487 rhbz 1447734 1450417 -Patch865: 0001-ipx-call-ipxitf_put-in-ioctl-error-path.patch - #CVE-2017-9059 rhbz 1451386 1451996 Patch866: 0001-SUNRPC-Refactor-svc_set_num_threads.patch Patch867: 0002-NFSv4-Fix-callback-server-shutdown.patch @@ -656,6 +650,23 @@ Patch870: 0001-sctp-do-not-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch #CVE-2017-9076 CVE-2017-9077 rhbz 1452688 1452744 Patch871: 0001-ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch +#Fix broadwell issues +Patch675: drm-i915-Do-not-drop-pagetables-when-empty.patch + +# rhbz 1455780 +Patch676: 2-2-nvme-Quirk-APST-on-Intel-600P-P3100-devices.patch + +# Networking fix reported on bodhi +Patch678: net-v2-ip6_tunnel-ip6_gre-fix-setting-of-DSCP-on-encapsulated-packets.patch + +# rhbz 1458222 1458499 +# As linked from http://marc.info/?l=linux-netdev&m=149336766030175&w=2 +Patch679: actual_udpencap_fix.patch + +# rhbz 1459272 +Patch680: 0001-platform-x86-thinkpad_acpi-guard-generic-hotkey-case.patch +Patch681: 0002-platform-x86-thinkpad_acpi-add-mapping-for-new-hotke.patch + # END OF PATCH DEFINITIONS %endif @@ -2223,6 +2234,34 @@ fi # # %changelog +* Tue Jun 06 2017 Laura Abbott <labbott@redhat.com> +- Backport hotkey event support for 2017 thinkpad models (rhbz 1459272) + +* Mon Jun 05 2017 Laura Abbott <labbott@fedoraproject.org> - 4.11.3-202 +- Bump and build once again + +* Mon Jun 05 2017 Laura Abbott <labbott@fedoraproject.org> +- Actually fix ipsec encapsulation problems (rhbz 1458222 1458499) + +* Fri Jun 02 2017 Laura Abbott <labbott@fedoraproject.org> +- Turn CONFIG_GPIO_SYSFS back on + +* Fri Jun 02 2017 Laura Abbott <labbott@fedoraproject.org> +- Enable Chromebook keyboard backlight (rhbz 1447031) + +* Fri Jun 02 2017 Laura Abbott <labbott@fedoraproject.org> - 4.11.3-201 +- Bump and build + +* Tue May 30 2017 Laura Abbott <labbott@fedoraproject.org> +- NVME firmware quirk (rhbz 1455780) +- Fix for IPv6 tunnels reported on bodhi) + +* Tue May 30 2017 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix for some broadwell issues + +* Thu May 25 2017 Laura Abbott <labbott@fedoraproject.org> - 4.11.3-200 +- Linux v4.11.3 + * Mon May 22 2017 Laura Abbott <labbott@fedoraproject.org> - 4.11.2-200 - Linux v4.11.2 diff --git a/media-cec-Fix-runtime-BUG-when-CONFIG_RC_CORE-CEC_CAP_RC.patch b/media-cec-Fix-runtime-BUG-when-CONFIG_RC_CORE-CEC_CAP_RC.patch deleted file mode 100644 index 7a29d72bf..000000000 --- a/media-cec-Fix-runtime-BUG-when-CONFIG_RC_CORE-CEC_CAP_RC.patch +++ /dev/null @@ -1,45 +0,0 @@ -From patchwork Tue Apr 4 12:32:19 2017 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: [2/2, media] cec: Fix runtime BUG when (CONFIG_RC_CORE && !CEC_CAP_RC) -From: Lee Jones <lee.jones@linaro.org> -X-Patchwork-Id: 9661691 -Message-Id: <20170404123219.22040-2-lee.jones@linaro.org> -To: hans.verkuil@cisco.com, - mchehab@kernel.org -Cc: benjamin.gaignard@st.com, patrice.chotard@st.com, - linux-kernel@vger.kernel.org, kernel@stlinux.com, - Lee Jones <lee.jones@linaro.org>, linux-arm-kernel@lists.infradead.org, - linux-media@vger.kernel.org -Date: Tue, 4 Apr 2017 13:32:19 +0100 - -Currently when the RC Core is enabled (reachable) core code located -in cec_register_adapter() attempts to populate the RC structure with -a pointer to the 'parent' passed in by the caller. - -Unfortunately if the caller did not specify RC capibility when calling -cec_allocate_adapter(), then there will be no RC structure to populate. - -This causes a "NULL pointer dereference" error. - -Fixes: f51e80804f0 ("[media] cec: pass parent device in register(), not allocate()") -Signed-off-by: Lee Jones <lee.jones@linaro.org> ---- - drivers/media/cec/cec-core.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/media/cec/cec-core.c b/drivers/media/cec/cec-core.c -index 06a312c..d64937b 100644 ---- a/drivers/media/cec/cec-core.c -+++ b/drivers/media/cec/cec-core.c -@@ -286,8 +286,8 @@ int cec_register_adapter(struct cec_adapter *adap, - adap->devnode.dev.parent = parent; - - #if IS_REACHABLE(CONFIG_RC_CORE) -- adap->rc->dev.parent = parent; - if (adap->capabilities & CEC_CAP_RC) { -+ adap->rc->dev.parent = parent; - res = rc_register_device(adap->rc); - - if (res) { diff --git a/net-v2-ip6_tunnel-ip6_gre-fix-setting-of-DSCP-on-encapsulated-packets.patch b/net-v2-ip6_tunnel-ip6_gre-fix-setting-of-DSCP-on-encapsulated-packets.patch new file mode 100644 index 000000000..ce6ff6cb6 --- /dev/null +++ b/net-v2-ip6_tunnel-ip6_gre-fix-setting-of-DSCP-on-encapsulated-packets.patch @@ -0,0 +1,156 @@ +From 479c281e52ae159f09bb7467c1ef47e3d77ef23a Mon Sep 17 00:00:00 2001 +From: Peter Dawson <petedaws@gmail.com> +Date: Fri, 26 May 2017 06:35:18 +1000 +Subject: [PATCH] ip6_tunnel, ip6_gre: fix setting of DSCP on encapsulated + packets + +This fix addresses two problems in the way the DSCP field is formulated + on the encapsulating header of IPv6 tunnels. +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=195661 + +1) The IPv6 tunneling code was manipulating the DSCP field of the + encapsulating packet using the 32b flowlabel. Since the flowlabel is + only the lower 20b it was incorrect to assume that the upper 12b + containing the DSCP and ECN fields would remain intact when formulating + the encapsulating header. This fix handles the 'inherit' and + 'fixed-value' DSCP cases explicitly using the extant dsfield u8 variable. + +2) The use of INET_ECN_encapsulate(0, dsfield) in ip6_tnl_xmit was + incorrect and resulted in the DSCP value always being set to 0. + +Commit 90427ef5d2a4 ("ipv6: fix flow labels when the traffic class + is non-0") caused the regression by masking out the flowlabel + which exposed the incorrect handling of the DSCP portion of the + flowlabel in ip6_tunnel and ip6_gre. + +Fixes: 90427ef5d2a4 ("ipv6: fix flow labels when the traffic class is non-0") +Signed-off-by: Peter Dawson <peter.a.dawson@boeing.com> +--- + net/ipv6/ip6_gre.c | 13 +++++++------ + net/ipv6/ip6_tunnel.c | 21 +++++++++++++-------- + 2 files changed, 20 insertions(+), 14 deletions(-) + +diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c +index 6fcb7cb..4d60164 100644 +--- a/net/ipv6/ip6_gre.c ++++ b/net/ipv6/ip6_gre.c +@@ -537,11 +537,10 @@ static inline int ip6gre_xmit_ipv4(struct sk_buff *skb, struct net_device *dev) + + memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6)); + +- dsfield = ipv4_get_dsfield(iph); +- + if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) +- fl6.flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT) +- & IPV6_TCLASS_MASK; ++ dsfield = ipv4_get_dsfield(iph); ++ else ++ dsfield = ip6_tclass(t->parms.flowinfo); + if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) + fl6.flowi6_mark = skb->mark; + +@@ -596,9 +595,11 @@ static inline int ip6gre_xmit_ipv6(struct sk_buff *skb, struct net_device *dev) + + memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6)); + +- dsfield = ipv6_get_dsfield(ipv6h); + if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) +- fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK); ++ dsfield = ipv6_get_dsfield(ipv6h); ++ else ++ dsfield = ip6_tclass(t->parms.flowinfo); ++ + if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) + fl6.flowlabel |= ip6_flowlabel(ipv6h); + if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) +diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c +index a9692ec..15ff339 100644 +--- a/net/ipv6/ip6_tunnel.c ++++ b/net/ipv6/ip6_tunnel.c +@@ -1196,7 +1196,7 @@ int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield, + skb_push(skb, sizeof(struct ipv6hdr)); + skb_reset_network_header(skb); + ipv6h = ipv6_hdr(skb); +- ip6_flow_hdr(ipv6h, INET_ECN_encapsulate(0, dsfield), ++ ip6_flow_hdr(ipv6h, dsfield, + ip6_make_flowlabel(net, skb, fl6->flowlabel, true, fl6)); + ipv6h->hop_limit = hop_limit; + ipv6h->nexthdr = proto; +@@ -1231,8 +1231,6 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) + if (tproto != IPPROTO_IPIP && tproto != 0) + return -1; + +- dsfield = ipv4_get_dsfield(iph); +- + if (t->parms.collect_md) { + struct ip_tunnel_info *tun_info; + const struct ip_tunnel_key *key; +@@ -1246,6 +1244,7 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) + fl6.flowi6_proto = IPPROTO_IPIP; + fl6.daddr = key->u.ipv6.dst; + fl6.flowlabel = key->label; ++ dsfield = ip6_tclass(key->label); + } else { + if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) + encap_limit = t->parms.encap_limit; +@@ -1254,8 +1253,9 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) + fl6.flowi6_proto = IPPROTO_IPIP; + + if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) +- fl6.flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT) +- & IPV6_TCLASS_MASK; ++ dsfield = ipv4_get_dsfield(iph); ++ else ++ dsfield = ip6_tclass(t->parms.flowinfo); + if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) + fl6.flowi6_mark = skb->mark; + } +@@ -1265,6 +1265,8 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) + if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6)) + return -1; + ++ dsfield = INET_ECN_encapsulate(dsfield, ipv4_get_dsfield(iph)); ++ + skb_set_inner_ipproto(skb, IPPROTO_IPIP); + + err = ip6_tnl_xmit(skb, dev, dsfield, &fl6, encap_limit, &mtu, +@@ -1298,8 +1300,6 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) + ip6_tnl_addr_conflict(t, ipv6h)) + return -1; + +- dsfield = ipv6_get_dsfield(ipv6h); +- + if (t->parms.collect_md) { + struct ip_tunnel_info *tun_info; + const struct ip_tunnel_key *key; +@@ -1313,6 +1313,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) + fl6.flowi6_proto = IPPROTO_IPV6; + fl6.daddr = key->u.ipv6.dst; + fl6.flowlabel = key->label; ++ dsfield = ip6_tclass(key->label); + } else { + offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb)); + /* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */ +@@ -1335,7 +1336,9 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) + fl6.flowi6_proto = IPPROTO_IPV6; + + if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) +- fl6.flowlabel |= (*(__be32 *)ipv6h & IPV6_TCLASS_MASK); ++ dsfield = ipv6_get_dsfield(ipv6h); ++ else ++ dsfield = ip6_tclass(t->parms.flowinfo); + if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) + fl6.flowlabel |= ip6_flowlabel(ipv6h); + if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) +@@ -1347,6 +1350,8 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) + if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6)) + return -1; + ++ dsfield = INET_ECN_encapsulate(dsfield, ipv6_get_dsfield(ipv6h)); ++ + skb_set_inner_ipproto(skb, IPPROTO_IPV6); + + err = ip6_tnl_xmit(skb, dev, dsfield, &fl6, encap_limit, &mtu, +-- +2.7.5 + @@ -1,3 +1,3 @@ SHA512 (perf-man-4.11.tar.gz) = 0b070d2f10a743329de2f532e2d7e19ef385a3e6ef3c700b591ae2697604dbe542b36e31121b3e37517ee8071ab800386fa8663c24a5b36520a18e096c6eefc8 SHA512 (linux-4.11.tar.xz) = 6610eed97ffb7207c71771198c36179b8244ace7222bebb109507720e26c5f17d918079a56d5febdd8605844d67fb2df0ebe910fa2f2f53690daf6e2a8ad09c3 -SHA512 (patch-4.11.2.xz) = e090598bb339f04a92febe9c03317b76e51f67c2e3bfebaddb97177b19a2c195332477333be29e9f46483ff937fc85fd63fea1bb4ae18dec0fbe5bc1738afbcb +SHA512 (patch-4.11.3.xz) = d1beb9b48ce12e87bb6ec53f0cf03d5650fd421edd8757d31dda20821c9a9f5b5c3dc8f131058ea8b9de45d67c43424ad246baf5c33e0174372f952cce26ad72 |