summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config-generic11
-rw-r--r--config-nodebug114
-rw-r--r--config-x86-generic3
-rw-r--r--kernel.spec14
-rw-r--r--modsign-uefi.patch58
-rw-r--r--perf-plugin-dir.patch24
-rw-r--r--secure-modules.patch122
-rw-r--r--sources1
8 files changed, 191 insertions, 156 deletions
diff --git a/config-generic b/config-generic
index 1fbffe352..ac5b7c620 100644
--- a/config-generic
+++ b/config-generic
@@ -72,7 +72,7 @@ CONFIG_PREEMPT_VOLUNTARY=y
CONFIG_SLUB=y
CONFIG_SLUB_CPU_PARTIAL=y
# CONFIG_SLUB_STATS is not set
-# CONFIG_SLUB_DEBUG_ON is not set
+CONFIG_SLUB_DEBUG_ON=y
# CONFIG_AD525X_DPOT is not set
# CONFIG_ATMEL_PWM is not set
@@ -1643,13 +1643,13 @@ CONFIG_B43_SDIO=y
CONFIG_B43_BCMA=y
# CONFIG_B43_BCMA_EXTRA is not set
CONFIG_B43_BCMA_PIO=y
-# CONFIG_B43_DEBUG is not set
+CONFIG_B43_DEBUG=y
CONFIG_B43_PHY_LP=y
CONFIG_B43_PHY_N=y
CONFIG_B43_PHY_HT=y
# CONFIG_B43_FORCE_PIO is not set
CONFIG_B43LEGACY=m
-# CONFIG_B43LEGACY_DEBUG is not set
+CONFIG_B43LEGACY_DEBUG=y
CONFIG_B43LEGACY_DMA=y
CONFIG_B43LEGACY_PIO=y
CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
@@ -3460,7 +3460,7 @@ CONFIG_USB_STORAGE_REALTEK=m
CONFIG_REALTEK_AUTOPM=y
CONFIG_USB_STORAGE_ENE_UB6250=m
# CONFIG_USB_LIBUSUAL is not set
-# CONFIG_USB_UAS is not set
+CONFIG_USB_UAS=m
#
@@ -4267,6 +4267,7 @@ CONFIG_LOCKUP_DETECTOR=y
# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set
# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set
# CONFIG_PANIC_ON_OOPS is not set
+CONFIG_PANIC_TIMEOUT=0
CONFIG_ATOMIC64_SELFTEST=y
CONFIG_MEMORY_FAILURE=y
CONFIG_HWPOISON_INJECT=m
@@ -4519,7 +4520,7 @@ CONFIG_PM_DEBUG=y
# CONFIG_DPM_WATCHDOG is not set # revisit this in debug
CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y
-# CONFIG_PM_TEST_SUSPEND is not set
+CONFIG_PM_TEST_SUSPEND=y
CONFIG_PM_RUNTIME=y
# CONFIG_PM_OPP is not set
# CONFIG_PM_AUTOSLEEP is not set
diff --git a/config-nodebug b/config-nodebug
index ee4842bfc..9d4b2e91f 100644
--- a/config-nodebug
+++ b/config-nodebug
@@ -2,98 +2,98 @@ CONFIG_SND_VERBOSE_PRINTK=y
CONFIG_SND_DEBUG=y
CONFIG_SND_PCM_XRUN_DEBUG=y
-# CONFIG_DEBUG_ATOMIC_SLEEP is not set
-
-# CONFIG_DEBUG_MUTEXES is not set
-# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
-# CONFIG_DEBUG_RT_MUTEXES is not set
-# CONFIG_DEBUG_LOCK_ALLOC is not set
-# CONFIG_PROVE_LOCKING is not set
-# CONFIG_DEBUG_SPINLOCK is not set
-# CONFIG_PROVE_RCU is not set
+CONFIG_DEBUG_ATOMIC_SLEEP=y
+
+CONFIG_DEBUG_MUTEXES=y
+CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y
+CONFIG_DEBUG_RT_MUTEXES=y
+CONFIG_DEBUG_LOCK_ALLOC=y
+CONFIG_PROVE_LOCKING=y
+CONFIG_DEBUG_SPINLOCK=y
+CONFIG_PROVE_RCU=y
# CONFIG_PROVE_RCU_REPEATEDLY is not set
-# CONFIG_DEBUG_PER_CPU_MAPS is not set
+CONFIG_DEBUG_PER_CPU_MAPS=y
CONFIG_CPUMASK_OFFSTACK=y
-# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set
+CONFIG_CPU_NOTIFIER_ERROR_INJECT=m
-# CONFIG_FAULT_INJECTION is not set
-# CONFIG_FAILSLAB is not set
-# CONFIG_FAIL_PAGE_ALLOC is not set
-# CONFIG_FAIL_MAKE_REQUEST is not set
-# CONFIG_FAULT_INJECTION_DEBUG_FS is not set
-# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set
-# CONFIG_FAIL_IO_TIMEOUT is not set
-# CONFIG_FAIL_MMC_REQUEST is not set
+CONFIG_FAULT_INJECTION=y
+CONFIG_FAILSLAB=y
+CONFIG_FAIL_PAGE_ALLOC=y
+CONFIG_FAIL_MAKE_REQUEST=y
+CONFIG_FAULT_INJECTION_DEBUG_FS=y
+CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y
+CONFIG_FAIL_IO_TIMEOUT=y
+CONFIG_FAIL_MMC_REQUEST=y
-# CONFIG_LOCK_STAT is not set
+CONFIG_LOCK_STAT=y
-# CONFIG_DEBUG_STACK_USAGE is not set
+CONFIG_DEBUG_STACK_USAGE=y
-# CONFIG_ACPI_DEBUG is not set
+CONFIG_ACPI_DEBUG=y
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
-# CONFIG_DEBUG_SG is not set
+CONFIG_DEBUG_SG=y
# CONFIG_DEBUG_PAGEALLOC is not set
-# CONFIG_DEBUG_WRITECOUNT is not set
-# CONFIG_DEBUG_OBJECTS is not set
+CONFIG_DEBUG_WRITECOUNT=y
+CONFIG_DEBUG_OBJECTS=y
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set
-# CONFIG_DEBUG_OBJECTS_FREE is not set
-# CONFIG_DEBUG_OBJECTS_TIMERS is not set
-# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set
+CONFIG_DEBUG_OBJECTS_FREE=y
+CONFIG_DEBUG_OBJECTS_TIMERS=y
+CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
-# CONFIG_X86_PTDUMP is not set
+CONFIG_X86_PTDUMP=y
-# CONFIG_CAN_DEBUG_DEVICES is not set
+CONFIG_CAN_DEBUG_DEVICES=y
-# CONFIG_MODULE_FORCE_UNLOAD is not set
+CONFIG_MODULE_FORCE_UNLOAD=y
-# CONFIG_SYSCTL_SYSCALL_CHECK is not set
+CONFIG_SYSCTL_SYSCALL_CHECK=y
-# CONFIG_DEBUG_NOTIFIERS is not set
+CONFIG_DEBUG_NOTIFIERS=y
-# CONFIG_DMA_API_DEBUG is not set
+CONFIG_DMA_API_DEBUG=y
-# CONFIG_MMIOTRACE is not set
+CONFIG_MMIOTRACE=y
-# CONFIG_DEBUG_CREDENTIALS is not set
+CONFIG_DEBUG_CREDENTIALS=y
# off in both production debug and nodebug builds,
# on in rawhide nodebug builds
-# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
+CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
-# CONFIG_EXT4_DEBUG is not set
+CONFIG_EXT4_DEBUG=y
# CONFIG_XFS_WARN is not set
-# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
+CONFIG_DEBUG_PERF_USE_VMALLOC=y
-# CONFIG_JBD2_DEBUG is not set
+CONFIG_JBD2_DEBUG=y
-# CONFIG_NFSD_FAULT_INJECTION is not set
+CONFIG_NFSD_FAULT_INJECTION=y
-# CONFIG_DEBUG_BLK_CGROUP is not set
+CONFIG_DEBUG_BLK_CGROUP=y
-# CONFIG_DRBD_FAULT_INJECTION is not set
+CONFIG_DRBD_FAULT_INJECTION=y
-# CONFIG_ATH_DEBUG is not set
-# CONFIG_CARL9170_DEBUGFS is not set
-# CONFIG_IWLWIFI_DEVICE_TRACING is not set
+CONFIG_ATH_DEBUG=y
+CONFIG_CARL9170_DEBUGFS=y
+CONFIG_IWLWIFI_DEVICE_TRACING=y
# CONFIG_RTLWIFI_DEBUG is not set
-# CONFIG_DEBUG_OBJECTS_WORK is not set
+CONFIG_DEBUG_OBJECTS_WORK=y
-# CONFIG_DMADEVICES_DEBUG is not set
-# CONFIG_DMADEVICES_VDEBUG is not set
+CONFIG_DMADEVICES_DEBUG=y
+CONFIG_DMADEVICES_VDEBUG=y
CONFIG_PM_ADVANCED_DEBUG=y
-# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
-# CONFIG_QUOTA_DEBUG is not set
+CONFIG_CEPH_LIB_PRETTYDEBUG=y
+CONFIG_QUOTA_DEBUG=y
CONFIG_PCI_DEFAULT_USE_CRS=y
@@ -101,18 +101,18 @@ CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y
CONFIG_KDB_CONTINUE_CATASTROPHIC=0
-# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set
+CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y
# CONFIG_PERCPU_TEST is not set
-# CONFIG_TEST_LIST_SORT is not set
+CONFIG_TEST_LIST_SORT=y
# CONFIG_TEST_STRING_HELPERS is not set
-# CONFIG_DETECT_HUNG_TASK is not set
+CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
-# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set
+CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
-# CONFIG_DEBUG_KMEMLEAK is not set
+CONFIG_DEBUG_KMEMLEAK=y
CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024
# CONFIG_DEBUG_KMEMLEAK_TEST is not set
CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
@@ -123,7 +123,7 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
# CONFIG_SPI_DEBUG is not set
-# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
+CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
# CONFIG_SCHEDSTATS is not set
# CONFIG_LATENCYTOP is not set
diff --git a/config-x86-generic b/config-x86-generic
index 3d42bbcb2..5136feb10 100644
--- a/config-x86-generic
+++ b/config-x86-generic
@@ -41,6 +41,7 @@ CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y
CONFIG_EFI_PCDP=y
CONFIG_FB_EFI=y
CONFIG_EARLY_PRINTK_EFI=y
+CONFIG_EFI_RUNTIME_MAP=y
# needs FB_SIMPLE to work correctly
# CONFIG_X86_SYSFB is not set
@@ -328,7 +329,7 @@ CONFIG_SP5100_TCO=m
# CONFIG_MEMTEST is not set
# CONFIG_DEBUG_TLBFLUSH is not set
-# CONFIG_MAXSMP is not set
+CONFIG_MAXSMP=y
CONFIG_HP_ILO=m
diff --git a/kernel.spec b/kernel.spec
index d45554c2a..1b5c4cc0f 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -6,7 +6,7 @@ Summary: The Linux kernel
# For a stable, released kernel, released_kernel should be 1. For rawhide
# and/or a kernel built from an rc or git snapshot, released_kernel should
# be 0.
-%global released_kernel 1
+%global released_kernel 0
# Sign modules on x86. Make sure the config files match this setting if more
# architectures are added.
@@ -61,7 +61,7 @@ Summary: The Linux kernel
# The rc snapshot level
%define rcrev 0
# The git snapshot level
-%define gitrev 0
+%define gitrev 1
# Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0
%endif
@@ -122,7 +122,7 @@ Summary: The Linux kernel
# Set debugbuildsenabled to 1 for production (build separate debug kernels)
# and 0 for rawhide (all kernels are debug kernels).
# See also 'make debug' and 'make release'.
-%define debugbuildsenabled 1
+%define debugbuildsenabled 0
# Want to build a vanilla kernel build without any non-upstream patches?
%define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0}
@@ -646,6 +646,8 @@ Patch25183: 0003-Input-wacom-add-reporting-of-SW_MUTE_DEVICE-events.patch
#rhbz 953211
Patch25184: Input-ALPS-add-support-for-Dolphin-devices.patch
+Patch25185: perf-plugin-dir.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1314,6 +1316,8 @@ ApplyPatch 0003-Input-wacom-add-reporting-of-SW_MUTE_DEVICE-events.patch
#rhbz 953211
ApplyPatch Input-ALPS-add-support-for-Dolphin-devices.patch
+ApplyPatch perf-plugin-dir.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2092,6 +2096,10 @@ fi
# ||----w |
# || ||
%changelog
+* Tue Jan 21 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.14.0-0.rc0.git1.1
+- Linux v3.13-737-g7fe67a1
+- Reenable debugging options. Enable SLUB_DEBUG
+
* Mon Jan 20 2014 Kyle McMartin <kyle@fedoraproject.org>
- Enable CONFIG_KVM on AArch64.
diff --git a/modsign-uefi.patch b/modsign-uefi.patch
index 658af25dc..d8e762cb7 100644
--- a/modsign-uefi.patch
+++ b/modsign-uefi.patch
@@ -1,7 +1,7 @@
Bugzilla: N/A
Upstream-status: Fedora mustard for now
-From 0a5e59dd7a921f20d77b13aa4e01392086ddbd12 Mon Sep 17 00:00:00 2001
+From 2b668e069365b608e855cf1f5edcf8caed0aaa4d Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH 1/5] Add EFI signature data types
@@ -15,10 +15,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
1 file changed, 20 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
-index eed2202..1da1b3c 100644
+index 0c1d367..de1faea 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
-@@ -389,6 +389,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
+@@ -394,6 +394,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
#define EFI_FILE_SYSTEM_GUID \
EFI_GUID( 0x964e5b22, 0x6459, 0x11d2, 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b )
@@ -31,7 +31,7 @@ index eed2202..1da1b3c 100644
typedef struct {
efi_guid_t guid;
u64 table;
-@@ -524,6 +530,20 @@ typedef struct {
+@@ -541,6 +547,20 @@ typedef struct _efi_file_io_interface {
#define EFI_INVALID_TABLE_ADDR (~0UL)
@@ -53,10 +53,10 @@ index eed2202..1da1b3c 100644
* All runtime access to EFI goes through this structure:
*/
--
-1.8.3.1
+1.8.4.2
-From 8b75428a7e1813cd3bc225a959e63d67898e4808 Mon Sep 17 00:00:00 2001
+From 42d75e3e3fe134cc274f765525031b764540a587 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH 2/5] Add an EFI signature blob parser and key loader.
@@ -74,10 +74,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
create mode 100644 crypto/asymmetric_keys/efi_parser.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
-index 6d2c2ea..ace9c30 100644
+index 03a6eb9..6306ffc 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
-@@ -35,4 +35,12 @@ config X509_CERTIFICATE_PARSER
+@@ -37,4 +37,12 @@ config X509_CERTIFICATE_PARSER
data and provides the ability to instantiate a crypto key from a
public key packet found inside the certificate.
@@ -218,10 +218,10 @@ index 0000000..424896a
+ return 0;
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 1da1b3c..42a1d25 100644
+index de1faea..13e1425 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
-@@ -619,6 +619,10 @@ extern int efi_set_rtc_mmss(const struct timespec *now);
+@@ -641,6 +641,10 @@ extern int efi_set_rtc_mmss(const struct timespec *now);
extern void efi_reserve_boot_services(void);
extern struct efi_memory_map memmap;
@@ -233,10 +233,10 @@ index 1da1b3c..42a1d25 100644
* efi_range_is_wc - check the WC bit on an address range
* @start: starting kvirt address
--
-1.8.3.1
+1.8.4.2
-From 920108c0f9cc5854dd329a5dfc904e91d40a4b26 Mon Sep 17 00:00:00 2001
+From d750dbcdcb3a712a2ea4ec57b9c9729c6a26b41d Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH 3/5] KEYS: Add a system blacklist keyring
@@ -270,10 +270,10 @@ index 8dabc39..e466de1 100644
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
-index 0ff5407..ba76e57 100644
+index 5236dc5..f59e6fe 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -1680,6 +1680,15 @@ config SYSTEM_TRUSTED_KEYRING
+@@ -1673,6 +1673,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking.
@@ -290,7 +290,7 @@ index 0ff5407..ba76e57 100644
bool "Enable loadable module support"
option modules
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
-index 0b6b870..0a29b40 100644
+index be5b8fa..fed815f 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
@@ -313,7 +313,7 @@ index 0b6b870..0a29b40 100644
&key_type_asymmetric, id);
if (IS_ERR(key))
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
-index 564dd93..389b50d 100644
+index 52ebc70..478c4f8 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -20,6 +20,9 @@
@@ -325,7 +325,7 @@ index 564dd93..389b50d 100644
+#endif
extern __initconst const u8 system_certificate_list[];
- extern __initconst const u8 system_certificate_list_end[];
+ extern __initconst const unsigned long system_certificate_list_size;
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
panic("Can't allocate system trusted keyring\n");
@@ -348,10 +348,10 @@ index 564dd93..389b50d 100644
}
--
-1.8.3.1
+1.8.4.2
-From 69dca9998380c1931227a01205cdf23c34509753 Mon Sep 17 00:00:00 2001
+From c32beadd0d75fddcd75b700e4a75884d7a82e9bb Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH 4/5] MODSIGN: Import certificates from UEFI Secure Boot
@@ -379,10 +379,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
create mode 100644 kernel/modsign_uefi.c
diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 42a1d25..d3e6036 100644
+index 13e1425..a7175eb 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
-@@ -395,6 +395,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
+@@ -400,6 +400,12 @@ typedef efi_status_t efi_query_variable_store_t(u32 attributes, unsigned long si
#define EFI_CERT_X509_GUID \
EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
@@ -396,10 +396,10 @@ index 42a1d25..d3e6036 100644
efi_guid_t guid;
u64 table;
diff --git a/init/Kconfig b/init/Kconfig
-index ba76e57..b09cd98 100644
+index f59e6fe..90fa75f 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -1799,6 +1799,15 @@ config MODULE_SIG_ALL
+@@ -1792,6 +1792,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
@@ -416,10 +416,10 @@ index ba76e57..b09cd98 100644
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
-index 6313698..cb35a89 100644
+index bc010ee..bee938f 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
-@@ -57,6 +57,7 @@ obj-$(CONFIG_UID16) += uid16.o
+@@ -44,6 +44,7 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
@@ -427,7 +427,7 @@ index 6313698..cb35a89 100644
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
-@@ -115,6 +116,8 @@ obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o
+@@ -96,6 +97,8 @@ obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o
$(obj)/configs.o: $(obj)/config_data.h
@@ -535,10 +535,10 @@ index 0000000..94b0eb3
+}
+late_initcall(load_uefi_certs);
--
-1.8.3.1
+1.8.4.2
-From c8e6d256ddfa2182d5b011a4ab70f8c5c9b2b590 Mon Sep 17 00:00:00 2001
+From 5c86fc6c7e4d51286d75ee6d8ceedf983ae434fb Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 3 Oct 2013 10:14:23 -0400
Subject: [PATCH 5/5] MODSIGN: Support not importing certs from db
@@ -620,5 +620,5 @@ index 94b0eb3..ae28b97 100644
mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
--
-1.8.3.1
+1.8.4.2
diff --git a/perf-plugin-dir.patch b/perf-plugin-dir.patch
new file mode 100644
index 000000000..d4a972eb8
--- /dev/null
+++ b/perf-plugin-dir.patch
@@ -0,0 +1,24 @@
+diff --git a/tools/lib/traceevent/Makefile b/tools/lib/traceevent/Makefile
+index 56d52a3..005c9cc 100644
+--- a/tools/lib/traceevent/Makefile
++++ b/tools/lib/traceevent/Makefile
+@@ -63,7 +63,7 @@ endif
+ endif
+
+ ifeq ($(set_plugin_dir),1)
+-PLUGIN_DIR = -DPLUGIN_DIR="$(DESTDIR)/$(plugin_dir)"
++PLUGIN_DIR = -DPLUGIN_DIR="$(plugin_dir)"
+ PLUGIN_DIR_SQ = '$(subst ','\'',$(PLUGIN_DIR))'
+ endif
+
+diff --git a/tools/perf/config/Makefile b/tools/perf/config/Makefile
+index d604e50..c48d449 100644
+--- a/tools/perf/config/Makefile
++++ b/tools/perf/config/Makefile
+@@ -600,5 +600,5 @@ perfexec_instdir_SQ = $(subst ','\'',$(perfexec_instdir))
+ # Otherwise we install plugins into the global $(libdir).
+ ifdef DESTDIR
+ plugindir=$(libdir)/traceevent/plugins
+-plugindir_SQ= $(subst ','\'',$(prefix)/$(plugindir))
++plugindir_SQ= $(subst ','\'',$(plugindir))
+ endif
diff --git a/secure-modules.patch b/secure-modules.patch
index 21157c933..86bf9dc6f 100644
--- a/secure-modules.patch
+++ b/secure-modules.patch
@@ -1,7 +1,7 @@
Bugzilla: N/A
Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd
-From 0fc411ee00c81b8a18b1417d31f2736fad155d89 Mon Sep 17 00:00:00 2001
+From f212a4d8b8638a3e15e4cd76874d4fab60726752 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH 01/14] Add secure_modules() call
@@ -17,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2 files changed, 17 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
-index 05f2447..de97e77 100644
+index 15cd6b1..30702eb 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
-@@ -515,6 +515,8 @@ int unregister_module_notifier(struct notifier_block * nb);
+@@ -512,6 +512,8 @@ int unregister_module_notifier(struct notifier_block * nb);
extern void print_modules(void);
@@ -29,7 +29,7 @@ index 05f2447..de97e77 100644
#else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */
-@@ -625,6 +627,11 @@ static inline int unregister_module_notifier(struct notifier_block * nb)
+@@ -622,6 +624,11 @@ static inline int unregister_module_notifier(struct notifier_block * nb)
static inline void print_modules(void)
{
}
@@ -42,10 +42,10 @@ index 05f2447..de97e77 100644
#ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c
-index dc58274..81206c1 100644
+index f5a3b1e..644c33e 100644
--- a/kernel/module.c
+++ b/kernel/module.c
-@@ -3860,3 +3860,13 @@ void module_layout(struct module *mod,
+@@ -3831,3 +3831,13 @@ void module_layout(struct module *mod,
}
EXPORT_SYMBOL(module_layout);
#endif
@@ -60,10 +60,10 @@ index dc58274..81206c1 100644
+}
+EXPORT_SYMBOL(secure_modules);
--
-1.8.3.1
+1.8.4.2
-From b94942e55b519e70366e970cea3665c464d1b7da Mon Sep 17 00:00:00 2001
+From 394a8259d0b457495dddda8704821ec9e56ea44a Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:10:38 -0500
Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is
@@ -83,7 +83,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index d8eb880..a851ad6 100644
+index c91e6c1..447742e 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -29,6 +29,7 @@
@@ -94,7 +94,7 @@ index d8eb880..a851ad6 100644
#include "pci.h"
static int sysfs_initialized; /* = 0 */
-@@ -644,6 +645,9 @@ pci_write_config(struct file* filp, struct kobject *kobj,
+@@ -668,6 +669,9 @@ pci_write_config(struct file* filp, struct kobject *kobj,
loff_t init_off = off;
u8 *data = (u8*) buf;
@@ -104,7 +104,7 @@ index d8eb880..a851ad6 100644
if (off > dev->cfg_size)
return 0;
if (off + count > dev->cfg_size) {
-@@ -950,6 +954,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
+@@ -974,6 +978,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
resource_size_t start, end;
int i;
@@ -114,7 +114,7 @@ index d8eb880..a851ad6 100644
for (i = 0; i < PCI_ROM_RESOURCE; i++)
if (res == &pdev->resource[i])
break;
-@@ -1057,6 +1064,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj,
+@@ -1081,6 +1088,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj,
struct bin_attribute *attr, char *buf,
loff_t off, size_t count)
{
@@ -125,7 +125,7 @@ index d8eb880..a851ad6 100644
}
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
-index cdc7836..e3d498b 100644
+index 46d1378..294fe7b 100644
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
@@ -117,6 +117,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof
@@ -158,7 +158,7 @@ index cdc7836..e3d498b 100644
/* Make sure the caller is mapping a real resource for this device */
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
-index e1c1ec5..bffbf71 100644
+index 24750a1..fa57896 100644
--- a/drivers/pci/syscall.c
+++ b/drivers/pci/syscall.c
@@ -10,6 +10,7 @@
@@ -179,10 +179,10 @@ index e1c1ec5..bffbf71 100644
dev = pci_get_bus_and_slot(bus, dfn);
--
-1.8.3.1
+1.8.4.2
-From 36f34509fe52cc49e1b1f6815a3f235040f64a03 Mon Sep 17 00:00:00 2001
+From 69532e626cece8a43c2528246e0421488b468102 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 8 Mar 2012 10:35:59 -0500
Subject: [PATCH 03/14] x86: Lock down IO port access when module security is
@@ -252,10 +252,10 @@ index f895a8c..1af8664 100644
return -EFAULT;
while (count-- > 0 && i < 65536) {
--
-1.8.3.1
+1.8.4.2
-From 67d9800dcf60467e076587b0aac67bcdc516cfe2 Mon Sep 17 00:00:00 2001
+From 8771ff55273e964d707b174dd0dbe433783c0254 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:39:37 -0500
Subject: [PATCH 04/14] ACPI: Limit access to custom_method
@@ -284,10 +284,10 @@ index 12b62f2..50647b3 100644
/* parse the table header to get the table length */
if (count <= sizeof(struct acpi_table_header))
--
-1.8.3.1
+1.8.4.2
-From bdf3761573167c20c72b151c1088b24fd24869ac Mon Sep 17 00:00:00 2001
+From 7d3e3db90e1b4cf33ba4a46624ae4a68f787e5fc Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 08:46:50 -0500
Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module
@@ -339,10 +339,10 @@ index 19c313b..db18ef66 100644
1, asus->debug.method_id,
&input, &output);
--
-1.8.3.1
+1.8.4.2
-From 65d88af5a2c6bb6d01da17819d8ba782bd208837 Mon Sep 17 00:00:00 2001
+From 98ebe083d75333e269730fe374cca42ac7f08a07 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Mar 2012 09:28:15 -0500
Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is
@@ -382,10 +382,10 @@ index 1af8664..61406c8 100644
unsigned long to_write = min_t(unsigned long, count,
(unsigned long)high_memory - p);
--
-1.8.3.1
+1.8.4.2
-From 4aa42b7fa5d7f79eb1d179e728ffa561fd9cf354 Mon Sep 17 00:00:00 2001
+From 71353d491c70b303a07b4e79c896e729a4f74978 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 25 Jun 2012 19:57:30 -0400
Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module
@@ -401,7 +401,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index e5f416c..9311c00 100644
+index 54a20ff..d21d269 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -45,6 +45,7 @@
@@ -412,7 +412,7 @@ index e5f416c..9311c00 100644
#include <asm/io.h>
#include <asm/uaccess.h>
-@@ -249,7 +250,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
+@@ -248,7 +249,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
acpi_physical_address __init acpi_os_get_root_pointer(void)
{
#ifdef CONFIG_KEXEC
@@ -422,10 +422,10 @@ index e5f416c..9311c00 100644
#endif
--
-1.8.3.1
+1.8.4.2
-From c9e62c2ce588d98a774a3853e56d95e48b9df98c Mon Sep 17 00:00:00 2001
+From e0a6b0dd91460123d71784d531b9df26449940ae Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module
@@ -441,7 +441,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 2a74f30..13601e3 100644
+index 9c97016..8ad0d38 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -32,6 +32,7 @@
@@ -452,7 +452,7 @@ index 2a74f30..13601e3 100644
#include <asm/page.h>
#include <asm/uaccess.h>
-@@ -943,6 +944,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+@@ -946,6 +947,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
return -EPERM;
/*
@@ -467,10 +467,10 @@ index 2a74f30..13601e3 100644
* This leaves us room for future extensions.
*/
--
-1.8.3.1
+1.8.4.2
-From d0e3cb2c13dc9634849ddacf75b6f0d94147516a Mon Sep 17 00:00:00 2001
+From c340630e68e5ed4d731d60d05ef9e2ae27080b66 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Tue, 3 Sep 2013 11:23:29 -0400
Subject: [PATCH 09/14] uswsusp: Disable when module loading is restricted
@@ -485,7 +485,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
1 file changed, 4 insertions(+)
diff --git a/kernel/power/user.c b/kernel/power/user.c
-index 957f061..e570609d 100644
+index 98d3575..efe99de 100644
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -24,6 +24,7 @@
@@ -507,10 +507,10 @@ index 957f061..e570609d 100644
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
--
-1.8.3.1
+1.8.4.2
-From b238417ed3c5a0b21bbfcac84f6c70011b8977c0 Mon Sep 17 00:00:00 2001
+From 273deda4ddec360ce67ac256b8cbdabdc5e8c51d Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH 10/14] x86: Restrict MSR access when module loading is
@@ -552,10 +552,10 @@ index 05266b5..e2bd647 100644
err = -EFAULT;
break;
--
-1.8.3.1
+1.8.4.2
-From c3a9afb3b580b4f721d245fc5d13e378b99b9cd8 Mon Sep 17 00:00:00 2001
+From 089166c0d42f1b82988aad4f23607deb6ee531e7 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400
Subject: [PATCH 11/14] Add option to automatically enforce module signatures
@@ -591,10 +591,10 @@ index 199f453..ec38acf 100644
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 725e157..fe212ef 100644
+index 5216e28..2a147a3 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -1604,6 +1604,16 @@ config EFI_STUB
+@@ -1582,6 +1582,16 @@ config EFI_STUB
See Documentation/efi-stub.txt for more information.
@@ -673,10 +673,10 @@ index a7677ba..4e172e9 100644
setup_efi_pci(boot_params);
diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
-index 9c3733c..a7ba210 100644
+index 225b098..90dbfb7 100644
--- a/arch/x86/include/uapi/asm/bootparam.h
+++ b/arch/x86/include/uapi/asm/bootparam.h
-@@ -131,7 +131,8 @@ struct boot_params {
+@@ -133,7 +133,8 @@ struct boot_params {
__u8 eddbuf_entries; /* 0x1e9 */
__u8 edd_mbr_sig_buf_entries; /* 0x1ea */
__u8 kbd_status; /* 0x1eb */
@@ -687,10 +687,10 @@ index 9c3733c..a7ba210 100644
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 918d489..fe429c1 100644
+index 182b3f9..ab6cc9e 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -1127,6 +1127,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1129,6 +1129,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
@@ -704,7 +704,7 @@ index 918d489..fe429c1 100644
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
-index de97e77..d69fe19 100644
+index 30702eb..3eb0f52 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -190,6 +190,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
@@ -721,10 +721,10 @@ index de97e77..d69fe19 100644
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
-index 81206c1..e1428f0 100644
+index 644c33e..92b73b1 100644
--- a/kernel/module.c
+++ b/kernel/module.c
-@@ -3861,6 +3861,13 @@ void module_layout(struct module *mod,
+@@ -3832,6 +3832,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif
@@ -739,10 +739,10 @@ index 81206c1..e1428f0 100644
{
#ifdef CONFIG_MODULE_SIG
--
-1.8.3.1
+1.8.4.2
-From 27a1aa77c7fbaaae8c6a776190a38dcbf3c3d6d2 Mon Sep 17 00:00:00 2001
+From e9ad6bd405fa01b7dd52d8c75b9dc91ae52e131d Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH 12/14] efi: Disable secure boot if shim is in insecure mode
@@ -798,10 +798,10 @@ index 4e172e9..4905f4d 100644
}
--
-1.8.3.1
+1.8.4.2
-From 2a445ca2c187da4497ef5f68f111574fd2b0d419 Mon Sep 17 00:00:00 2001
+From f9f355d5e58c1503bb7c03d92c9e89267e0f46ad Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:28:43 -0400
Subject: [PATCH 13/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
@@ -815,10 +815,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index fe212ef..bf83fd3 100644
+index 2a147a3..9e644d5 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -1605,7 +1605,8 @@ config EFI_STUB
+@@ -1583,7 +1583,8 @@ config EFI_STUB
See Documentation/efi-stub.txt for more information.
config EFI_SECURE_BOOT_SIG_ENFORCE
@@ -829,10 +829,10 @@ index fe212ef..bf83fd3 100644
---help---
UEFI Secure Boot provides a mechanism for ensuring that the
--
-1.8.3.1
+1.8.4.2
-From b1c533cc1d1ca7a03497cc4f2e1b029bde95633c Mon Sep 17 00:00:00 2001
+From a30576a9db583213474b74360c5869e8882e6ed7 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH 14/14] efi: Add EFI_SECURE_BOOT bit
@@ -847,10 +847,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
2 files changed, 3 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index fe429c1..469fbf0 100644
+index ab6cc9e..99933cd 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -1129,7 +1129,9 @@ void __init setup_arch(char **cmdline_p)
+@@ -1131,7 +1131,9 @@ void __init setup_arch(char **cmdline_p)
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot) {
@@ -861,17 +861,17 @@ index fe429c1..469fbf0 100644
#endif
diff --git a/include/linux/efi.h b/include/linux/efi.h
-index bc5687d..b010a2e 100644
+index 0a819e7..0c1d367 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
-@@ -653,6 +653,7 @@ extern int __init efi_setup_pcdp_console(char *);
- #define EFI_RUNTIME_SERVICES 3 /* Can we use runtime services? */
+@@ -657,6 +657,7 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_MEMMAP 4 /* Can we use EFI memory map? */
#define EFI_64BIT 5 /* Is the firmware 64-bit? */
-+#define EFI_SECURE_BOOT 6 /* Are we in Secure Boot mode? */
+ #define EFI_ARCH_1 6 /* First arch-specific bit */
++#define EFI_SECURE_BOOT 7 /* Are we in Secure Boot mode? */
#ifdef CONFIG_EFI
# ifdef CONFIG_X86
--
-1.8.3.1
+1.8.4.2
diff --git a/sources b/sources
index bf6d706e4..ee41703ab 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,3 @@
0ecbaf65c00374eb4a826c2f9f37606f linux-3.13.tar.xz
732d1952898b28d5ccc264cad77b0619 perf-man-3.13.tar.gz
+eedf25215e15e77a96c6e1f7d0987294 patch-3.13-git1.xz