diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-01-10 08:30:44 +0100 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-01-10 08:30:44 +0100 |
commit | cc53fe7d4f11a98ada113163f905957c0666d763 (patch) | |
tree | c45ccfd7c8c176f542967a470481c9d72ab3fac5 | |
parent | 6c9d602a8ee2ec59d3966c82b50befbb57a151c9 (diff) | |
parent | 7bea88339bb12065a4f224fe2a24a7dbdade8d4c (diff) | |
download | kernel-4.15.0-0.rc7.git1.1.vanilla.knurd.1.fc27.tar.gz kernel-4.15.0-0.rc7.git1.1.vanilla.knurd.1.fc27.tar.xz kernel-4.15.0-0.rc7.git1.1.vanilla.knurd.1.fc27.zip |
Merge remote-tracking branch 'origin/master' into rawhide-user-thl-vanilla-fedorakernel-4.15.0-0.rc7.git1.1.vanilla.knurd.1.fc27
-rw-r--r-- | 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch | 109 | ||||
-rw-r--r-- | 0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch | 183 | ||||
-rw-r--r-- | 0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch | 38 | ||||
-rw-r--r-- | e1000e-Fix-e1000_check_for_copper_link_ich8lan-return-value..patch | 70 | ||||
-rw-r--r-- | gitrev | 2 | ||||
-rw-r--r-- | kernel.spec | 19 | ||||
-rw-r--r-- | sources | 1 |
7 files changed, 345 insertions, 77 deletions
diff --git a/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch b/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch new file mode 100644 index 000000000..6e8a2e039 --- /dev/null +++ b/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch @@ -0,0 +1,109 @@ +From 3ce5852ec6add45a28fe1706e9163351940e905c Mon Sep 17 00:00:00 2001 +From: Peter Jones <pjones@redhat.com> +Date: Mon, 2 Oct 2017 18:25:29 -0400 +Subject: [PATCH 1/3] Make get_cert_list() not complain about cert lists that + aren't present. + +Signed-off-by: Peter Jones <pjones@redhat.com> +--- + certs/load_uefi.c | 37 ++++++++++++++++++++++--------------- + 1 file changed, 22 insertions(+), 15 deletions(-) + +diff --git a/certs/load_uefi.c b/certs/load_uefi.c +index 3d884598601..9ef34c44fd1 100644 +--- a/certs/load_uefi.c ++++ b/certs/load_uefi.c +@@ -35,8 +35,8 @@ static __init bool uefi_check_ignore_db(void) + /* + * Get a certificate list blob from the named EFI variable. + */ +-static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, +- unsigned long *size) ++static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, ++ unsigned long *size, void **cert_list) + { + efi_status_t status; + unsigned long lsize = 4; +@@ -44,26 +44,33 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, + void *db; + + status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); ++ if (status == EFI_NOT_FOUND) { ++ *size = 0; ++ *cert_list = NULL; ++ return 0; ++ } ++ + if (status != EFI_BUFFER_TOO_SMALL) { + pr_err("Couldn't get size: 0x%lx\n", status); +- return NULL; ++ return efi_status_to_err(status); + } + + db = kmalloc(lsize, GFP_KERNEL); + if (!db) { + pr_err("Couldn't allocate memory for uefi cert list\n"); +- return NULL; ++ return -ENOMEM; + } + + status = efi.get_variable(name, guid, NULL, &lsize, db); + if (status != EFI_SUCCESS) { + kfree(db); + pr_err("Error reading db var: 0x%lx\n", status); +- return NULL; ++ return efi_status_to_err(status); + } + + *size = lsize; +- return db; ++ *cert_list = db; ++ return 0; + } + + /* +@@ -152,10 +159,10 @@ static int __init load_uefi_certs(void) + * an error if we can't get them. + */ + if (!uefi_check_ignore_db()) { +- db = get_cert_list(L"db", &secure_var, &dbsize); +- if (!db) { ++ rc = get_cert_list(L"db", &secure_var, &dbsize, &db); ++ if (rc < 0) { + pr_err("MODSIGN: Couldn't get UEFI db list\n"); +- } else { ++ } else if (dbsize != 0) { + rc = parse_efi_signature_list("UEFI:db", + db, dbsize, get_handler_for_db); + if (rc) +@@ -164,10 +171,10 @@ static int __init load_uefi_certs(void) + } + } + +- mok = get_cert_list(L"MokListRT", &mok_var, &moksize); +- if (!mok) { ++ rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok); ++ if (rc < 0) { + pr_info("MODSIGN: Couldn't get UEFI MokListRT\n"); +- } else { ++ } else if (moksize != 0) { + rc = parse_efi_signature_list("UEFI:MokListRT", + mok, moksize, get_handler_for_db); + if (rc) +@@ -175,10 +182,10 @@ static int __init load_uefi_certs(void) + kfree(mok); + } + +- dbx = get_cert_list(L"dbx", &secure_var, &dbxsize); +- if (!dbx) { ++ rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx); ++ if (rc < 0) { + pr_info("MODSIGN: Couldn't get UEFI dbx list\n"); +- } else { ++ } else if (dbxsize != 0) { + rc = parse_efi_signature_list("UEFI:dbx", + dbx, dbxsize, + get_handler_for_dbx); +-- +2.15.0 + diff --git a/0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch b/0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch new file mode 100644 index 000000000..0844550b6 --- /dev/null +++ b/0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch @@ -0,0 +1,183 @@ +From c8218e9b3c38fcd36a2d06eec09952a0c6cee9e0 Mon Sep 17 00:00:00 2001 +From: Peter Jones <pjones@redhat.com> +Date: Mon, 2 Oct 2017 18:22:13 -0400 +Subject: [PATCH 2/3] Add efi_status_to_str() and rework efi_status_to_err(). + +This adds efi_status_to_str() for use when printing efi_status_t +messages, and reworks efi_status_to_err() so that the two use a common +list of errors. + +Signed-off-by: Peter Jones <pjones@redhat.com> +--- + include/linux/efi.h | 3 ++ + drivers/firmware/efi/efi.c | 122 ++++++++++++++++++++++++++++++++++----------- + 2 files changed, 95 insertions(+), 30 deletions(-) + +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 18b16bf5ce1..436b3c93c3d 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -42,6 +42,8 @@ + #define EFI_ABORTED (21 | (1UL << (BITS_PER_LONG-1))) + #define EFI_SECURITY_VIOLATION (26 | (1UL << (BITS_PER_LONG-1))) + ++#define EFI_IS_ERROR(x) ((x) & (1UL << (BITS_PER_LONG-1))) ++ + typedef unsigned long efi_status_t; + typedef u8 efi_bool_t; + typedef u16 efi_char16_t; /* UNICODE character */ +@@ -1183,6 +1185,7 @@ static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {} + #endif + + extern int efi_status_to_err(efi_status_t status); ++extern const char *efi_status_to_str(efi_status_t status); + + /* + * Variable Attributes +diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c +index 557a47829d0..e8f9c7d84e9 100644 +--- a/drivers/firmware/efi/efi.c ++++ b/drivers/firmware/efi/efi.c +@@ -31,6 +31,7 @@ + #include <linux/acpi.h> + #include <linux/ucs2_string.h> + #include <linux/memblock.h> ++#include <linux/bsearch.h> + + #include <asm/early_ioremap.h> + +@@ -865,40 +866,101 @@ int efi_mem_type(unsigned long phys_addr) + } + #endif + ++struct efi_error_code { ++ efi_status_t status; ++ int errno; ++ const char *description; ++}; ++ ++static const struct efi_error_code efi_error_codes[] = { ++ { EFI_SUCCESS, 0, "Success"}, ++#if 0 ++ { EFI_LOAD_ERROR, -EPICK_AN_ERRNO, "Load Error"}, ++#endif ++ { EFI_INVALID_PARAMETER, -EINVAL, "Invalid Parameter"}, ++ { EFI_UNSUPPORTED, -ENOSYS, "Unsupported"}, ++ { EFI_BAD_BUFFER_SIZE, -ENOSPC, "Bad Buffer Size"}, ++ { EFI_BUFFER_TOO_SMALL, -ENOSPC, "Buffer Too Small"}, ++ { EFI_NOT_READY, -EAGAIN, "Not Ready"}, ++ { EFI_DEVICE_ERROR, -EIO, "Device Error"}, ++ { EFI_WRITE_PROTECTED, -EROFS, "Write Protected"}, ++ { EFI_OUT_OF_RESOURCES, -ENOMEM, "Out of Resources"}, ++#if 0 ++ { EFI_VOLUME_CORRUPTED, -EPICK_AN_ERRNO, "Volume Corrupt"}, ++ { EFI_VOLUME_FULL, -EPICK_AN_ERRNO, "Volume Full"}, ++ { EFI_NO_MEDIA, -EPICK_AN_ERRNO, "No Media"}, ++ { EFI_MEDIA_CHANGED, -EPICK_AN_ERRNO, "Media changed"}, ++#endif ++ { EFI_NOT_FOUND, -ENOENT, "Not Found"}, ++#if 0 ++ { EFI_ACCESS_DENIED, -EPICK_AN_ERRNO, "Access Denied"}, ++ { EFI_NO_RESPONSE, -EPICK_AN_ERRNO, "No Response"}, ++ { EFI_NO_MAPPING, -EPICK_AN_ERRNO, "No mapping"}, ++ { EFI_TIMEOUT, -EPICK_AN_ERRNO, "Time out"}, ++ { EFI_NOT_STARTED, -EPICK_AN_ERRNO, "Not started"}, ++ { EFI_ALREADY_STARTED, -EPICK_AN_ERRNO, "Already started"}, ++#endif ++ { EFI_ABORTED, -EINTR, "Aborted"}, ++#if 0 ++ { EFI_ICMP_ERROR, -EPICK_AN_ERRNO, "ICMP Error"}, ++ { EFI_TFTP_ERROR, -EPICK_AN_ERRNO, "TFTP Error"}, ++ { EFI_PROTOCOL_ERROR, -EPICK_AN_ERRNO, "Protocol Error"}, ++ { EFI_INCOMPATIBLE_VERSION, -EPICK_AN_ERRNO, "Incompatible Version"}, ++#endif ++ { EFI_SECURITY_VIOLATION, -EACCES, "Security Policy Violation"}, ++#if 0 ++ { EFI_CRC_ERROR, -EPICK_AN_ERRNO, "CRC Error"}, ++ { EFI_END_OF_MEDIA, -EPICK_AN_ERRNO, "End of Media"}, ++ { EFI_END_OF_FILE, -EPICK_AN_ERRNO, "End of File"}, ++ { EFI_INVALID_LANGUAGE, -EPICK_AN_ERRNO, "Invalid Languages"}, ++ { EFI_COMPROMISED_DATA, -EPICK_AN_ERRNO, "Compromised Data"}, ++ ++ // warnings ++ { EFI_WARN_UNKOWN_GLYPH, -EPICK_AN_ERRNO, "Warning Unknown Glyph"}, ++ { EFI_WARN_DELETE_FAILURE, -EPICK_AN_ERRNO, "Warning Delete Failure"}, ++ { EFI_WARN_WRITE_FAILURE, -EPICK_AN_ERRNO, "Warning Write Failure"}, ++ { EFI_WARN_BUFFER_TOO_SMALL, -EPICK_AN_ERRNO, "Warning Buffer Too Small"}, ++#endif ++}; ++ ++static int ++efi_status_cmp_bsearch(const void *key, const void *item) ++{ ++ u64 status = (u64)(uintptr_t)key; ++ struct efi_error_code *code = (struct efi_error_code *)item; ++ ++ if (status < code->status) ++ return -1; ++ if (status > code->status) ++ return 1; ++ return 0; ++} ++ + int efi_status_to_err(efi_status_t status) + { +- int err; ++ struct efi_error_code *found; ++ size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code); + +- switch (status) { +- case EFI_SUCCESS: +- err = 0; +- break; +- case EFI_INVALID_PARAMETER: +- err = -EINVAL; +- break; +- case EFI_OUT_OF_RESOURCES: +- err = -ENOSPC; +- break; +- case EFI_DEVICE_ERROR: +- err = -EIO; +- break; +- case EFI_WRITE_PROTECTED: +- err = -EROFS; +- break; +- case EFI_SECURITY_VIOLATION: +- err = -EACCES; +- break; +- case EFI_NOT_FOUND: +- err = -ENOENT; +- break; +- case EFI_ABORTED: +- err = -EINTR; +- break; +- default: +- err = -EINVAL; +- } ++ found = bsearch((void *)(uintptr_t)status, efi_error_codes, ++ sizeof(struct efi_error_code), num, ++ efi_status_cmp_bsearch); ++ if (!found) ++ return -EINVAL; ++ return found->errno; ++} + +- return err; ++const char * ++efi_status_to_str(efi_status_t status) ++{ ++ struct efi_error_code *found; ++ size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code); ++ ++ found = bsearch((void *)(uintptr_t)status, efi_error_codes, ++ sizeof(struct efi_error_code), num, ++ efi_status_cmp_bsearch); ++ if (!found) ++ return "Unknown error code"; ++ return found->description; + } + + bool efi_is_table_address(unsigned long phys_addr) +-- +2.15.0 + diff --git a/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch b/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch new file mode 100644 index 000000000..abb313a29 --- /dev/null +++ b/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch @@ -0,0 +1,38 @@ +From 520e902d864930e2d4f329983d9ae9781a24231f Mon Sep 17 00:00:00 2001 +From: Peter Jones <pjones@redhat.com> +Date: Mon, 2 Oct 2017 18:18:30 -0400 +Subject: [PATCH 3/3] Make get_cert_list() use efi_status_to_str() to print + error messages. + +Signed-off-by: Peter Jones <pjones@redhat.com> +--- + certs/load_uefi.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/certs/load_uefi.c b/certs/load_uefi.c +index 9ef34c44fd1..13a2826715d 100644 +--- a/certs/load_uefi.c ++++ b/certs/load_uefi.c +@@ -51,7 +51,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, + } + + if (status != EFI_BUFFER_TOO_SMALL) { +- pr_err("Couldn't get size: 0x%lx\n", status); ++ pr_err("Couldn't get size: %s (0x%lx)\n", ++ efi_status_to_str(status), status); + return efi_status_to_err(status); + } + +@@ -64,7 +65,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, + status = efi.get_variable(name, guid, NULL, &lsize, db); + if (status != EFI_SUCCESS) { + kfree(db); +- pr_err("Error reading db var: 0x%lx\n", status); ++ pr_err("Error reading db var: %s (0x%lx)\n", ++ efi_status_to_str(status), status); + return efi_status_to_err(status); + } + +-- +2.15.0 + diff --git a/e1000e-Fix-e1000_check_for_copper_link_ich8lan-return-value..patch b/e1000e-Fix-e1000_check_for_copper_link_ich8lan-return-value..patch deleted file mode 100644 index a31d5d2c5..000000000 --- a/e1000e-Fix-e1000_check_for_copper_link_ich8lan-return-value..patch +++ /dev/null @@ -1,70 +0,0 @@ -From patchwork Mon Dec 11 07:26:40 2017 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: e1000e: Fix e1000_check_for_copper_link_ich8lan return value. -From: Benjamin Poirier <bpoirier@suse.com> -X-Patchwork-Id: 10104349 -Message-Id: <20171211072640.7935-1-bpoirier@suse.com> -To: Jeff Kirsher <jeffrey.t.kirsher@intel.com> -Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>, - Christian Hesse <list@eworm.de>, Gabriel C <nix.or.die@gmail.com>, - intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org, - linux-kernel@vger.kernel.org, stable@vger.kernel.org -Date: Mon, 11 Dec 2017 16:26:40 +0900 - -e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() -are the two functions that may be assigned to mac.ops.check_for_link when -phy.media_type == e1000_media_type_copper. Commit 19110cfbb34d ("e1000e: -Separate signaling for link check/link up") changed the meaning of the -return value of check_for_link for copper media but only adjusted the first -function. This patch adjusts the second function likewise. - -Reported-by: Christian Hesse <list@eworm.de> -Reported-by: Gabriel C <nix.or.die@gmail.com> -Link: https://bugzilla.kernel.org/show_bug.cgi?id=198047 -Fixes: 19110cfbb34d ("e1000e: Separate signaling for link check/link up") -Tested-by: Christian Hesse <list@eworm.de> -Signed-off-by: Benjamin Poirier <bpoirier@suse.com> ---- - drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c -index d6d4ed7acf03..31277d3bb7dc 100644 ---- a/drivers/net/ethernet/intel/e1000e/ich8lan.c -+++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c -@@ -1367,6 +1367,9 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) - * Checks to see of the link status of the hardware has changed. If a - * change in link status has been detected, then we read the PHY registers - * to get the current speed/duplex if link exists. -+ * -+ * Returns a negative error code (-E1000_ERR_*) or 0 (link down) or 1 (link -+ * up). - **/ - static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw) - { -@@ -1382,7 +1385,7 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw) - * Change or Rx Sequence Error interrupt. - */ - if (!mac->get_link_status) -- return 0; -+ return 1; - - /* First we want to see if the MII Status Register reports - * link. If so, then we want to get the current speed/duplex -@@ -1613,10 +1616,12 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw) - * different link partner. - */ - ret_val = e1000e_config_fc_after_link_up(hw); -- if (ret_val) -+ if (ret_val) { - e_dbg("Error configuring flow control\n"); -+ return ret_val; -+ } - -- return ret_val; -+ return 1; - } - - static s32 e1000_get_variants_ich8lan(struct e1000_adapter *adapter) @@ -1 +1 @@ -e1915c8195b38393005be9b74bfa6a3a367c83b3 +ef7f8cec80a0ba7bd00ece46844c8994117dc910 diff --git a/kernel.spec b/kernel.spec index 85e7e4fc5..36be5fb3f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -77,7 +77,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 7 # The git snapshot level -%define gitrev 0 +%define gitrev 1 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -129,7 +129,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. -%define debugbuildsenabled 1 +%define debugbuildsenabled 0 # Want to build a vanilla kernel build without any non-upstream patches? %define with_vanilla %{?_without_vanilla: 0} %{?!_without_vanilla: 1} @@ -565,6 +565,11 @@ Patch205: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch Patch206: MODSIGN-Support-not-importing-certs-from-db.patch +# bz 1497559 - Make kernel MODSIGN code not error on missing variables +Patch207: 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch +Patch208: 0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch +Patch209: 0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch + Patch210: disable-i8042-check-on-apple-mac.patch Patch211: drm-i915-hush-check-crtc-state.patch @@ -603,10 +608,6 @@ Patch332: arm64-socionext-96b-enablement.patch # 500 - Temp fixes/CVEs etc -# rhbz 1525523 -# https://patchwork.kernel.org/patch/10104349/ -Patch500: e1000e-Fix-e1000_check_for_copper_link_ich8lan-return-value..patch - # 600 - Patches for improved Bay and Cherry Trail device support # Below patches are submitted upstream, awaiting review / merging Patch610: 0010-Input-silead-Add-support-for-capactive-home-button-f.patch @@ -1911,6 +1912,12 @@ fi # # %changelog +* Tue Jan 09 2018 Laura Abbott <labbott@redhat.com> - 4.15.0-0.rc7.git1.1 +- Linux v4.15-rc7-79-gef7f8cec80a0 + +* Tue Jan 09 2018 Laura Abbott <labbott@redhat.com> +- Reenable debugging options. + * Mon Jan 08 2018 Laura Abbott <labbott@redhat.com> - Disable CONFIG_RESET_ATTACK_MITIGATION (rhbz 1532058) @@ -1,3 +1,4 @@ SHA512 (linux-4.14.tar.xz) = 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 SHA512 (perf-man-4.14.tar.gz) = 76a9d8adc284cdffd4b3fbb060e7f9a14109267707ce1d03f4c3239cd70d8d164f697da3a0f90a363fbcac42a61d3c378afbcc2a86f112c501b9cb5ce74ef9f8 SHA512 (patch-4.15-rc7.xz) = 1c9c74917f5bc5e259d4b918d429d606419f4564ae15f754ef01404234f53d02c8782db0bcce75bf8103510231e723df2fa4a8c8cca8ea4db458b585c0e01570 +SHA512 (patch-4.15-rc7-git1.xz) = 71637b07bac963bd4f34b3dea9e9b3cc33b918c297592c6e229d09ca1649ca232991a6caedbd97847d2a4d1b10bbf82e1f202986d94b878d452df5d5e1c4d10f |