diff options
-rw-r--r-- | config-generic | 2 | ||||
-rw-r--r-- | config-powerpc-generic | 2 | ||||
-rw-r--r-- | config-s390x | 1 | ||||
-rw-r--r-- | config-sparc64-generic | 1 | ||||
-rw-r--r-- | config-x86-generic | 2 | ||||
-rw-r--r-- | kernel.spec | 7 | ||||
-rw-r--r-- | modsign-20120510.patch | 284 | ||||
-rw-r--r-- | sources | 2 |
8 files changed, 14 insertions, 287 deletions
diff --git a/config-generic b/config-generic index bec997d93..22e4c0015 100644 --- a/config-generic +++ b/config-generic @@ -164,6 +164,7 @@ CONFIG_MLX4_INFINIBAND=m CONFIG_INFINIBAND_NES=m # CONFIG_INFINIBAND_NES_DEBUG is not set CONFIG_INFINIBAND_QIB=m +# CONFIG_INFINIBAND_OCRDMA is not set # # Executable file formats @@ -326,6 +327,7 @@ CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_PCI=y CONFIG_VIRTIO_BALLOON=m CONFIG_VIRTIO_MMIO=m +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set CONFIG_VIRTIO_NET=m CONFIG_VMXNET3=m CONFIG_HW_RANDOM_VIRTIO=m diff --git a/config-powerpc-generic b/config-powerpc-generic index 960b7b342..bd838d374 100644 --- a/config-powerpc-generic +++ b/config-powerpc-generic @@ -359,6 +359,8 @@ CONFIG_RFKILL_GPIO=m # CONFIG_INPUT_GPIO_TILT_POLLED is not set CONFIG_STRICT_DEVMEM=y +CONFIG_RCU_FANOUT_LEAF=16 + # CONFIG_IRQ_DOMAIN_DEBUG is not set # CONFIG_MPIC_MSGR is not set # CONFIG_FA_DUMP is not set diff --git a/config-s390x b/config-s390x index 848709dfb..451512e9a 100644 --- a/config-s390x +++ b/config-s390x @@ -211,6 +211,7 @@ CONFIG_CHSC_SCH=m CONFIG_HVC_IUCV=y CONFIG_RCU_FANOUT=64 +CONFIG_RCU_FANOUT_LEAF=16 CONFIG_SECCOMP=y diff --git a/config-sparc64-generic b/config-sparc64-generic index 5deab1fdd..44e5699df 100644 --- a/config-sparc64-generic +++ b/config-sparc64-generic @@ -173,6 +173,7 @@ CONFIG_LEDS_SUNFIRE=m CONFIG_TADPOLE_TS102_UCTRL=m CONFIG_RCU_FANOUT=64 +CONFIG_RCU_FANOUT_LEAF=16 CONFIG_LIRC_ENE0100=m # CONFIG_BATTERY_DS2782 is not set diff --git a/config-x86-generic b/config-x86-generic index 3b5f51b56..22a35daab 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -411,6 +411,8 @@ CONFIG_DRM_GMA500=m # CONFIG_DRM_GMA600 is not set CONFIG_DRM_GMA3600=y +CONFIG_RCU_FANOUT_LEAF=16 + # Maybe enable in debug kernels? # CONFIG_DEBUG_NMI_SELFTEST is not set diff --git a/kernel.spec b/kernel.spec index 7978aab1d..631711f3d 100644 --- a/kernel.spec +++ b/kernel.spec @@ -95,7 +95,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 0 # The git snapshot level -%define gitrev 2 +%define gitrev 3 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -2297,7 +2297,10 @@ fi # ||----w | # || || %changelog -* Tue May 22 2012 Josh Boyer <jwboyer@gmail.com> - 3.5.0-0.rc0.git2.1 +* Tue May 22 2012 Josh Boyer <jwboyer@redhat.com> - 3.5.0-0.rc0.git3.1 +- Linux v3.4-2580-g72c04af + +* Tue May 22 2012 Josh Boyer <jwboyer@redhat.com> - 3.5.0-0.rc0.git2.1 - Linux v3.4-2285-g2e32180 * Mon May 21 2012 Josh Boyer <jwboyer@redhat.com> diff --git a/modsign-20120510.patch b/modsign-20120510.patch index d9aabf83a..ee67a2a62 100644 --- a/modsign-20120510.patch +++ b/modsign-20120510.patch @@ -74,290 +74,6 @@ index 1f3219e..3d514b9 100644 1.7.10.2 -From 335abcad2d9fa26198c8e99bae2bb9b3185dce22 Mon Sep 17 00:00:00 2001 -From: David Howells <dhowells@redhat.com> -Date: Fri, 4 May 2012 15:55:50 +0100 -Subject: [PATCH 02/36] KEYS: Move the key config into security/keys/Kconfig - -Move the key config into security/keys/Kconfig as there are going to be a lot -of key-related options. - -Signed-off-by: David Howells <dhowells@redhat.com> ---- - security/Kconfig | 68 +--------------------------------------------- - security/keys/Kconfig | 71 +++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 72 insertions(+), 67 deletions(-) - create mode 100644 security/keys/Kconfig - -diff --git a/security/Kconfig b/security/Kconfig -index ccc61f8..e9c6ac7 100644 ---- a/security/Kconfig -+++ b/security/Kconfig -@@ -4,73 +4,7 @@ - - menu "Security options" - --config KEYS -- bool "Enable access key retention support" -- help -- This option provides support for retaining authentication tokens and -- access keys in the kernel. -- -- It also includes provision of methods by which such keys might be -- associated with a process so that network filesystems, encryption -- support and the like can find them. -- -- Furthermore, a special type of key is available that acts as keyring: -- a searchable sequence of keys. Each process is equipped with access -- to five standard keyrings: UID-specific, GID-specific, session, -- process and thread. -- -- If you are unsure as to whether this is required, answer N. -- --config TRUSTED_KEYS -- tristate "TRUSTED KEYS" -- depends on KEYS && TCG_TPM -- select CRYPTO -- select CRYPTO_HMAC -- select CRYPTO_SHA1 -- help -- This option provides support for creating, sealing, and unsealing -- keys in the kernel. Trusted keys are random number symmetric keys, -- generated and RSA-sealed by the TPM. The TPM only unseals the keys, -- if the boot PCRs and other criteria match. Userspace will only ever -- see encrypted blobs. -- -- If you are unsure as to whether this is required, answer N. -- --config ENCRYPTED_KEYS -- tristate "ENCRYPTED KEYS" -- depends on KEYS -- select CRYPTO -- select CRYPTO_HMAC -- select CRYPTO_AES -- select CRYPTO_CBC -- select CRYPTO_SHA256 -- select CRYPTO_RNG -- help -- This option provides support for create/encrypting/decrypting keys -- in the kernel. Encrypted keys are kernel generated random numbers, -- which are encrypted/decrypted with a 'master' symmetric key. The -- 'master' key can be either a trusted-key or user-key type. -- Userspace only ever sees/stores encrypted blobs. -- -- If you are unsure as to whether this is required, answer N. -- --config KEYS_DEBUG_PROC_KEYS -- bool "Enable the /proc/keys file by which keys may be viewed" -- depends on KEYS -- help -- This option turns on support for the /proc/keys file - through which -- can be listed all the keys on the system that are viewable by the -- reading process. -- -- The only keys included in the list are those that grant View -- permission to the reading process whether or not it possesses them. -- Note that LSM security checks are still performed, and may further -- filter out keys that the current process is not authorised to view. -- -- Only key attributes are listed here; key payloads are not included in -- the resulting table. -- -- If you are unsure as to whether this is required, answer N. -+source security/keys/Kconfig - - config SECURITY_DMESG_RESTRICT - bool "Restrict unprivileged access to the kernel syslog" -diff --git a/security/keys/Kconfig b/security/keys/Kconfig -new file mode 100644 -index 0000000..a90d6d3 ---- /dev/null -+++ b/security/keys/Kconfig -@@ -0,0 +1,71 @@ -+# -+# Key management configuration -+# -+ -+config KEYS -+ bool "Enable access key retention support" -+ help -+ This option provides support for retaining authentication tokens and -+ access keys in the kernel. -+ -+ It also includes provision of methods by which such keys might be -+ associated with a process so that network filesystems, encryption -+ support and the like can find them. -+ -+ Furthermore, a special type of key is available that acts as keyring: -+ a searchable sequence of keys. Each process is equipped with access -+ to five standard keyrings: UID-specific, GID-specific, session, -+ process and thread. -+ -+ If you are unsure as to whether this is required, answer N. -+ -+config TRUSTED_KEYS -+ tristate "TRUSTED KEYS" -+ depends on KEYS && TCG_TPM -+ select CRYPTO -+ select CRYPTO_HMAC -+ select CRYPTO_SHA1 -+ help -+ This option provides support for creating, sealing, and unsealing -+ keys in the kernel. Trusted keys are random number symmetric keys, -+ generated and RSA-sealed by the TPM. The TPM only unseals the keys, -+ if the boot PCRs and other criteria match. Userspace will only ever -+ see encrypted blobs. -+ -+ If you are unsure as to whether this is required, answer N. -+ -+config ENCRYPTED_KEYS -+ tristate "ENCRYPTED KEYS" -+ depends on KEYS -+ select CRYPTO -+ select CRYPTO_HMAC -+ select CRYPTO_AES -+ select CRYPTO_CBC -+ select CRYPTO_SHA256 -+ select CRYPTO_RNG -+ help -+ This option provides support for create/encrypting/decrypting keys -+ in the kernel. Encrypted keys are kernel generated random numbers, -+ which are encrypted/decrypted with a 'master' symmetric key. The -+ 'master' key can be either a trusted-key or user-key type. -+ Userspace only ever sees/stores encrypted blobs. -+ -+ If you are unsure as to whether this is required, answer N. -+ -+config KEYS_DEBUG_PROC_KEYS -+ bool "Enable the /proc/keys file by which keys may be viewed" -+ depends on KEYS -+ help -+ This option turns on support for the /proc/keys file - through which -+ can be listed all the keys on the system that are viewable by the -+ reading process. -+ -+ The only keys included in the list are those that grant View -+ permission to the reading process whether or not it possesses them. -+ Note that LSM security checks are still performed, and may further -+ filter out keys that the current process is not authorised to view. -+ -+ Only key attributes are listed here; key payloads are not included in -+ the resulting table. -+ -+ If you are unsure as to whether this is required, answer N. --- -1.7.10.2 - - -From 6569015cb5801f36324c76dee156a3e880fcf9be Mon Sep 17 00:00:00 2001 -From: David Howells <dhowells@redhat.com> -Date: Fri, 4 May 2012 15:55:50 +0100 -Subject: [PATCH 03/36] KEYS: Announce key type (un)registration - -Announce the (un)registration of a key type in the core key code rather than -in the callers. - -Signed-off-by: David Howells <dhowells@redhat.com> ---- - net/dns_resolver/dns_key.c | 5 ----- - security/keys/key.c | 3 +++ - 2 files changed, 3 insertions(+), 5 deletions(-) - -diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c -index c73bba3..14b2c3d 100644 ---- a/net/dns_resolver/dns_key.c -+++ b/net/dns_resolver/dns_key.c -@@ -249,9 +249,6 @@ static int __init init_dns_resolver(void) - struct key *keyring; - int ret; - -- printk(KERN_NOTICE "Registering the %s key type\n", -- key_type_dns_resolver.name); -- - /* create an override credential set with a special thread keyring in - * which DNS requests are cached - * -@@ -301,8 +298,6 @@ static void __exit exit_dns_resolver(void) - key_revoke(dns_resolver_cache->thread_keyring); - unregister_key_type(&key_type_dns_resolver); - put_cred(dns_resolver_cache); -- printk(KERN_NOTICE "Unregistered %s key type\n", -- key_type_dns_resolver.name); - } - - module_init(init_dns_resolver) -diff --git a/security/keys/key.c b/security/keys/key.c -index 06783cf..dc62894 100644 ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -980,6 +980,8 @@ int register_key_type(struct key_type *ktype) - - /* store the type */ - list_add(&ktype->link, &key_types_list); -+ -+ pr_notice("Key type %s registered\n", ktype->name); - ret = 0; - - out: -@@ -1002,6 +1004,7 @@ void unregister_key_type(struct key_type *ktype) - list_del_init(&ktype->link); - downgrade_write(&key_types_sem); - key_gc_keytype(ktype); -+ pr_notice("Key type %s unregistered\n", ktype->name); - up_read(&key_types_sem); - } - EXPORT_SYMBOL(unregister_key_type); --- -1.7.10.2 - - -From 13628af46a92a030fdb7dc33976b46cfcc4b3f31 Mon Sep 17 00:00:00 2001 -From: David Howells <dhowells@redhat.com> -Date: Fri, 4 May 2012 15:55:51 +0100 -Subject: [PATCH 04/36] KEYS: Reorganise keys Makefile - -Reorganise the keys directory Makefile to put all the core bits together and -the type-specific bits after. - -Signed-off-by: David Howells <dhowells@redhat.com> ---- - security/keys/Makefile | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/security/keys/Makefile b/security/keys/Makefile -index a56f1ff..504aaa0 100644 ---- a/security/keys/Makefile -+++ b/security/keys/Makefile -@@ -2,6 +2,9 @@ - # Makefile for key management - # - -+# -+# Core -+# - obj-y := \ - gc.o \ - key.o \ -@@ -12,9 +15,12 @@ obj-y := \ - request_key.o \ - request_key_auth.o \ - user_defined.o -- --obj-$(CONFIG_TRUSTED_KEYS) += trusted.o --obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/ - obj-$(CONFIG_KEYS_COMPAT) += compat.o - obj-$(CONFIG_PROC_FS) += proc.o - obj-$(CONFIG_SYSCTL) += sysctl.o -+ -+# -+# Key types -+# -+obj-$(CONFIG_TRUSTED_KEYS) += trusted.o -+obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/ --- -1.7.10.2 - - From 8c5366bc5c1c9ecaa1104d769f60c7b83ed342a9 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Fri, 4 May 2012 16:15:09 +0100 @@ -1,2 +1,2 @@ 967f72983655e2479f951195953e8480 linux-3.4.tar.xz -9f7571cb02859a083e60aba67083f827 patch-3.4-git2.xz +3e062ae5dd4d742e7ce210fc100a10a4 patch-3.4-git3.xz |