Merge remote-tracking branch 'origin/master' into rawhide-user-thl-vanilla-fedorakernel-4.15.0-0.rc7.git1.1.vanilla.knurd.1.fc27

7 files changed, 345 insertions, 77 deletions

diff --git a/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch b/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
new file mode 100644
index 000000000..6e8a2e039
--- /dev/null
+++ b/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
@@ -0,0 +1,109 @@
+From 3ce5852ec6add45a28fe1706e9163351940e905c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 2 Oct 2017 18:25:29 -0400
+Subject: [PATCH 1/3] Make get_cert_list() not complain about cert lists that
+ aren't present.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ certs/load_uefi.c | 37 ++++++++++++++++++++++---------------
+ 1 file changed, 22 insertions(+), 15 deletions(-)
+
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
+index 3d884598601..9ef34c44fd1 100644
+--- a/certs/load_uefi.c
++++ b/certs/load_uefi.c
+@@ -35,8 +35,8 @@ static __init bool uefi_check_ignore_db(void)
+ /*
+  * Get a certificate list blob from the named EFI variable.
+  */
+-static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+-				  unsigned long *size)
++static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
++				unsigned long *size, void **cert_list)
+ {
+ 	efi_status_t status;
+ 	unsigned long lsize = 4;
+@@ -44,26 +44,33 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ 	void *db;
+ 
+ 	status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
++	if (status == EFI_NOT_FOUND) {
++		*size = 0;
++		*cert_list = NULL;
++		return 0;
++	}
++
+ 	if (status != EFI_BUFFER_TOO_SMALL) {
+ 		pr_err("Couldn't get size: 0x%lx\n", status);
+-		return NULL;
++		return efi_status_to_err(status);
+ 	}
+ 
+ 	db = kmalloc(lsize, GFP_KERNEL);
+ 	if (!db) {
+ 		pr_err("Couldn't allocate memory for uefi cert list\n");
+-		return NULL;
++		return -ENOMEM;
+ 	}
+ 
+ 	status = efi.get_variable(name, guid, NULL, &lsize, db);
+ 	if (status != EFI_SUCCESS) {
+ 		kfree(db);
+ 		pr_err("Error reading db var: 0x%lx\n", status);
+-		return NULL;
++		return efi_status_to_err(status);
+ 	}
+ 
+ 	*size = lsize;
+-	return db;
++	*cert_list = db;
++	return 0;
+ }
+ 
+ /*
+@@ -152,10 +159,10 @@ static int __init load_uefi_certs(void)
+ 	 * an error if we can't get them.
+ 	 */
+ 	if (!uefi_check_ignore_db()) {
+-		db = get_cert_list(L"db", &secure_var, &dbsize);
+-		if (!db) {
++		rc = get_cert_list(L"db", &secure_var, &dbsize, &db);
++		if (rc < 0) {
+ 			pr_err("MODSIGN: Couldn't get UEFI db list\n");
+-		} else {
++		} else if (dbsize != 0) {
+ 			rc = parse_efi_signature_list("UEFI:db",
+ 						      db, dbsize, get_handler_for_db);
+ 			if (rc)
+@@ -164,10 +171,10 @@ static int __init load_uefi_certs(void)
+ 		}
+ 	}
+ 
+-	mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
+-	if (!mok) {
++	rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok);
++	if (rc < 0) {
+ 		pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
+-	} else {
++	} else if (moksize != 0) {
+ 		rc = parse_efi_signature_list("UEFI:MokListRT",
+ 					      mok, moksize, get_handler_for_db);
+ 		if (rc)
+@@ -175,10 +182,10 @@ static int __init load_uefi_certs(void)
+ 		kfree(mok);
+ 	}
+ 
+-	dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
+-	if (!dbx) {
++	rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx);
++	if (rc < 0) {
+ 		pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
+-	} else {
++	} else if (dbxsize != 0) {
+ 		rc = parse_efi_signature_list("UEFI:dbx",
+ 					      dbx, dbxsize,
+ 					      get_handler_for_dbx);
+-- 
+2.15.0
+
diff --git a/0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch b/0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch
new file mode 100644
index 000000000..0844550b6
--- /dev/null
+++ b/0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch
@@ -0,0 +1,183 @@
+From c8218e9b3c38fcd36a2d06eec09952a0c6cee9e0 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 2 Oct 2017 18:22:13 -0400
+Subject: [PATCH 2/3] Add efi_status_to_str() and rework efi_status_to_err().
+
+This adds efi_status_to_str() for use when printing efi_status_t
+messages, and reworks efi_status_to_err() so that the two use a common
+list of errors.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/linux/efi.h        |   3 ++
+ drivers/firmware/efi/efi.c | 122 ++++++++++++++++++++++++++++++++++-----------
+ 2 files changed, 95 insertions(+), 30 deletions(-)
+
+diff --git a/include/linux/efi.h b/include/linux/efi.h
+index 18b16bf5ce1..436b3c93c3d 100644
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -42,6 +42,8 @@
+ #define EFI_ABORTED		(21 | (1UL << (BITS_PER_LONG-1)))
+ #define EFI_SECURITY_VIOLATION	(26 | (1UL << (BITS_PER_LONG-1)))
+ 
++#define EFI_IS_ERROR(x)		((x) & (1UL << (BITS_PER_LONG-1)))
++
+ typedef unsigned long efi_status_t;
+ typedef u8 efi_bool_t;
+ typedef u16 efi_char16_t;		/* UNICODE character */
+@@ -1183,6 +1185,7 @@ static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
+ #endif
+ 
+ extern int efi_status_to_err(efi_status_t status);
++extern const char *efi_status_to_str(efi_status_t status);
+ 
+ /*
+  * Variable Attributes
+diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
+index 557a47829d0..e8f9c7d84e9 100644
+--- a/drivers/firmware/efi/efi.c
++++ b/drivers/firmware/efi/efi.c
+@@ -31,6 +31,7 @@
+ #include <linux/acpi.h>
+ #include <linux/ucs2_string.h>
+ #include <linux/memblock.h>
++#include <linux/bsearch.h>
+ 
+ #include <asm/early_ioremap.h>
+ 
+@@ -865,40 +866,101 @@ int efi_mem_type(unsigned long phys_addr)
+ }
+ #endif
+ 
++struct efi_error_code {
++	efi_status_t status;
++	int errno;
++	const char *description;
++};
++
++static const struct efi_error_code efi_error_codes[] = {
++	{ EFI_SUCCESS, 0, "Success"},
++#if 0
++	{ EFI_LOAD_ERROR, -EPICK_AN_ERRNO, "Load Error"},
++#endif
++	{ EFI_INVALID_PARAMETER, -EINVAL, "Invalid Parameter"},
++	{ EFI_UNSUPPORTED, -ENOSYS, "Unsupported"},
++	{ EFI_BAD_BUFFER_SIZE, -ENOSPC, "Bad Buffer Size"},
++	{ EFI_BUFFER_TOO_SMALL, -ENOSPC, "Buffer Too Small"},
++	{ EFI_NOT_READY, -EAGAIN, "Not Ready"},
++	{ EFI_DEVICE_ERROR, -EIO, "Device Error"},
++	{ EFI_WRITE_PROTECTED, -EROFS, "Write Protected"},
++	{ EFI_OUT_OF_RESOURCES, -ENOMEM, "Out of Resources"},
++#if 0
++	{ EFI_VOLUME_CORRUPTED, -EPICK_AN_ERRNO, "Volume Corrupt"},
++	{ EFI_VOLUME_FULL, -EPICK_AN_ERRNO, "Volume Full"},
++	{ EFI_NO_MEDIA, -EPICK_AN_ERRNO, "No Media"},
++	{ EFI_MEDIA_CHANGED, -EPICK_AN_ERRNO, "Media changed"},
++#endif
++	{ EFI_NOT_FOUND, -ENOENT, "Not Found"},
++#if 0
++	{ EFI_ACCESS_DENIED, -EPICK_AN_ERRNO, "Access Denied"},
++	{ EFI_NO_RESPONSE, -EPICK_AN_ERRNO, "No Response"},
++	{ EFI_NO_MAPPING, -EPICK_AN_ERRNO, "No mapping"},
++	{ EFI_TIMEOUT, -EPICK_AN_ERRNO, "Time out"},
++	{ EFI_NOT_STARTED, -EPICK_AN_ERRNO, "Not started"},
++	{ EFI_ALREADY_STARTED, -EPICK_AN_ERRNO, "Already started"},
++#endif
++	{ EFI_ABORTED, -EINTR, "Aborted"},
++#if 0
++	{ EFI_ICMP_ERROR, -EPICK_AN_ERRNO, "ICMP Error"},
++	{ EFI_TFTP_ERROR, -EPICK_AN_ERRNO, "TFTP Error"},
++	{ EFI_PROTOCOL_ERROR, -EPICK_AN_ERRNO, "Protocol Error"},
++	{ EFI_INCOMPATIBLE_VERSION, -EPICK_AN_ERRNO, "Incompatible Version"},
++#endif
++	{ EFI_SECURITY_VIOLATION, -EACCES, "Security Policy Violation"},
++#if 0
++	{ EFI_CRC_ERROR, -EPICK_AN_ERRNO, "CRC Error"},
++	{ EFI_END_OF_MEDIA, -EPICK_AN_ERRNO, "End of Media"},
++	{ EFI_END_OF_FILE, -EPICK_AN_ERRNO, "End of File"},
++	{ EFI_INVALID_LANGUAGE, -EPICK_AN_ERRNO, "Invalid Languages"},
++	{ EFI_COMPROMISED_DATA, -EPICK_AN_ERRNO, "Compromised Data"},
++
++	// warnings
++	{ EFI_WARN_UNKOWN_GLYPH, -EPICK_AN_ERRNO, "Warning Unknown Glyph"},
++	{ EFI_WARN_DELETE_FAILURE, -EPICK_AN_ERRNO, "Warning Delete Failure"},
++	{ EFI_WARN_WRITE_FAILURE, -EPICK_AN_ERRNO, "Warning Write Failure"},
++	{ EFI_WARN_BUFFER_TOO_SMALL, -EPICK_AN_ERRNO, "Warning Buffer Too Small"},
++#endif
++};
++
++static int
++efi_status_cmp_bsearch(const void *key, const void *item)
++{
++	u64 status = (u64)(uintptr_t)key;
++	struct efi_error_code *code = (struct efi_error_code *)item;
++
++	if (status < code->status)
++		return -1;
++	if (status > code->status)
++		return 1;
++	return 0;
++}
++
+ int efi_status_to_err(efi_status_t status)
+ {
+-	int err;
++	struct efi_error_code *found;
++	size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
+ 
+-	switch (status) {
+-	case EFI_SUCCESS:
+-		err = 0;
+-		break;
+-	case EFI_INVALID_PARAMETER:
+-		err = -EINVAL;
+-		break;
+-	case EFI_OUT_OF_RESOURCES:
+-		err = -ENOSPC;
+-		break;
+-	case EFI_DEVICE_ERROR:
+-		err = -EIO;
+-		break;
+-	case EFI_WRITE_PROTECTED:
+-		err = -EROFS;
+-		break;
+-	case EFI_SECURITY_VIOLATION:
+-		err = -EACCES;
+-		break;
+-	case EFI_NOT_FOUND:
+-		err = -ENOENT;
+-		break;
+-	case EFI_ABORTED:
+-		err = -EINTR;
+-		break;
+-	default:
+-		err = -EINVAL;
+-	}
++	found = bsearch((void *)(uintptr_t)status, efi_error_codes,
++			sizeof(struct efi_error_code), num,
++			efi_status_cmp_bsearch);
++	if (!found)
++		return -EINVAL;
++	return found->errno;
++}
+ 
+-	return err;
++const char *
++efi_status_to_str(efi_status_t status)
++{
++	struct efi_error_code *found;
++	size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
++
++	found = bsearch((void *)(uintptr_t)status, efi_error_codes,
++			sizeof(struct efi_error_code), num,
++			efi_status_cmp_bsearch);
++	if (!found)
++		return "Unknown error code";
++	return found->description;
+ }
+ 
+ bool efi_is_table_address(unsigned long phys_addr)
+-- 
+2.15.0
+
diff --git a/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch b/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch
new file mode 100644
index 000000000..abb313a29
--- /dev/null
+++ b/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch
@@ -0,0 +1,38 @@
+From 520e902d864930e2d4f329983d9ae9781a24231f Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 2 Oct 2017 18:18:30 -0400
+Subject: [PATCH 3/3] Make get_cert_list() use efi_status_to_str() to print
+ error messages.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ certs/load_uefi.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
+index 9ef34c44fd1..13a2826715d 100644
+--- a/certs/load_uefi.c
++++ b/certs/load_uefi.c
+@@ -51,7 +51,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ 	}
+ 
+ 	if (status != EFI_BUFFER_TOO_SMALL) {
+-		pr_err("Couldn't get size: 0x%lx\n", status);
++		pr_err("Couldn't get size: %s (0x%lx)\n",
++		       efi_status_to_str(status), status);
+ 		return efi_status_to_err(status);
+ 	}
+ 
+@@ -64,7 +65,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ 	status = efi.get_variable(name, guid, NULL, &lsize, db);
+ 	if (status != EFI_SUCCESS) {
+ 		kfree(db);
+-		pr_err("Error reading db var: 0x%lx\n", status);
++		pr_err("Error reading db var: %s (0x%lx)\n",
++		       efi_status_to_str(status), status);
+ 		return efi_status_to_err(status);
+ 	}
+ 
+-- 
+2.15.0
+
diff --git a/e1000e-Fix-e1000_check_for_copper_link_ich8lan-return-value..patch b/e1000e-Fix-e1000_check_for_copper_link_ich8lan-return-value..patch
deleted file mode 100644
index a31d5d2c5..000000000
--- a/e1000e-Fix-e1000_check_for_copper_link_ich8lan-return-value..patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From patchwork Mon Dec 11 07:26:40 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
-From: Benjamin Poirier <bpoirier@suse.com>
-X-Patchwork-Id: 10104349
-Message-Id: <20171211072640.7935-1-bpoirier@suse.com>
-To: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>,
- Christian Hesse <list@eworm.de>, Gabriel C <nix.or.die@gmail.com>,
- intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org,
- linux-kernel@vger.kernel.org, stable@vger.kernel.org
-Date: Mon, 11 Dec 2017 16:26:40 +0900
-
-e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan()
-are the two functions that may be assigned to mac.ops.check_for_link when
-phy.media_type == e1000_media_type_copper. Commit 19110cfbb34d ("e1000e:
-Separate signaling for link check/link up") changed the meaning of the
-return value of check_for_link for copper media but only adjusted the first
-function. This patch adjusts the second function likewise.
-
-Reported-by: Christian Hesse <list@eworm.de>
-Reported-by: Gabriel C <nix.or.die@gmail.com>
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=198047
-Fixes: 19110cfbb34d ("e1000e: Separate signaling for link check/link up")
-Tested-by: Christian Hesse <list@eworm.de>
-Signed-off-by: Benjamin Poirier <bpoirier@suse.com>
----
- drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c
-index d6d4ed7acf03..31277d3bb7dc 100644
---- a/drivers/net/ethernet/intel/e1000e/ich8lan.c
-+++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c
-@@ -1367,6 +1367,9 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force)
-  *  Checks to see of the link status of the hardware has changed.  If a
-  *  change in link status has been detected, then we read the PHY registers
-  *  to get the current speed/duplex if link exists.
-+ *
-+ *  Returns a negative error code (-E1000_ERR_*) or 0 (link down) or 1 (link
-+ *  up).
-  **/
- static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw)
- {
-@@ -1382,7 +1385,7 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw)
- 	 * Change or Rx Sequence Error interrupt.
- 	 */
- 	if (!mac->get_link_status)
--		return 0;
-+		return 1;
- 
- 	/* First we want to see if the MII Status Register reports
- 	 * link.  If so, then we want to get the current speed/duplex
-@@ -1613,10 +1616,12 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw)
- 	 * different link partner.
- 	 */
- 	ret_val = e1000e_config_fc_after_link_up(hw);
--	if (ret_val)
-+	if (ret_val) {
- 		e_dbg("Error configuring flow control\n");
-+		return ret_val;
-+	}
- 
--	return ret_val;
-+	return 1;
- }
- 
- static s32 e1000_get_variants_ich8lan(struct e1000_adapter *adapter)
diff --git a/gitrev b/gitrev
index cc4968868..8f811c40e 100644
--- a/gitrev
+++ b/gitrev
@@ -1 +1 @@
-e1915c8195b38393005be9b74bfa6a3a367c83b3
+ef7f8cec80a0ba7bd00ece46844c8994117dc910
diff --git a/kernel.spec b/kernel.spec
index 85e7e4fc5..36be5fb3f 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -77,7 +77,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %global rcrev 7
 # The git snapshot level
-%define gitrev 0
+%define gitrev 1
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@@ -129,7 +129,7 @@ Summary: The Linux kernel
 # Set debugbuildsenabled to 1 for production (build separate debug kernels)
 #  and 0 for rawhide (all kernels are debug kernels).
 # See also 'make debug' and 'make release'.
-%define debugbuildsenabled 1
+%define debugbuildsenabled 0
 
 # Want to build a vanilla kernel build without any non-upstream patches?
 %define with_vanilla %{?_without_vanilla: 0} %{?!_without_vanilla: 1}
@@ -565,6 +565,11 @@ Patch205: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
 
 Patch206: MODSIGN-Support-not-importing-certs-from-db.patch
 
+# bz 1497559 - Make kernel MODSIGN code not error on missing variables
+Patch207: 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
+Patch208: 0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch
+Patch209: 0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch
+
 Patch210: disable-i8042-check-on-apple-mac.patch
 
 Patch211: drm-i915-hush-check-crtc-state.patch
@@ -603,10 +608,6 @@ Patch332: arm64-socionext-96b-enablement.patch
 
 # 500 - Temp fixes/CVEs etc
 
-# rhbz 1525523
-# https://patchwork.kernel.org/patch/10104349/
-Patch500: e1000e-Fix-e1000_check_for_copper_link_ich8lan-return-value..patch
-
 # 600 - Patches for improved Bay and Cherry Trail device support
 # Below patches are submitted upstream, awaiting review / merging
 Patch610: 0010-Input-silead-Add-support-for-capactive-home-button-f.patch
@@ -1911,6 +1912,12 @@ fi
 #
 #
 %changelog
+* Tue Jan 09 2018 Laura Abbott <labbott@redhat.com> - 4.15.0-0.rc7.git1.1
+- Linux v4.15-rc7-79-gef7f8cec80a0
+
+* Tue Jan 09 2018 Laura Abbott <labbott@redhat.com>
+- Reenable debugging options.
+
 * Mon Jan 08 2018 Laura Abbott <labbott@redhat.com>
 - Disable CONFIG_RESET_ATTACK_MITIGATION (rhbz 1532058)
 
diff --git a/sources b/sources
index d8661af1a..5aad3124f 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,4 @@
 SHA512 (linux-4.14.tar.xz) = 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8
 SHA512 (perf-man-4.14.tar.gz) = 76a9d8adc284cdffd4b3fbb060e7f9a14109267707ce1d03f4c3239cd70d8d164f697da3a0f90a363fbcac42a61d3c378afbcc2a86f112c501b9cb5ce74ef9f8
 SHA512 (patch-4.15-rc7.xz) = 1c9c74917f5bc5e259d4b918d429d606419f4564ae15f754ef01404234f53d02c8782db0bcce75bf8103510231e723df2fa4a8c8cca8ea4db458b585c0e01570
+SHA512 (patch-4.15-rc7-git1.xz) = 71637b07bac963bd4f34b3dea9e9b3cc33b918c297592c6e229d09ca1649ca232991a6caedbd97847d2a4d1b10bbf82e1f202986d94b878d452df5d5e1c4d10f