From 074d4eb8467b9fe0ef8df99a0d08c63dedc25a58 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Fri, 25 Jun 2021 07:18:06 -0500 Subject: kernel-5.13.0-0.rc7.20210625git44db63d1ad8d.55 * Fri Jun 25 2021 Fedora Kernel Team [5.13.0-0.rc7.20210625git44db63d1ad8d.55] - redhat/configs: Enable needed drivers for BlueField SoC on aarch64 (Alaa Hleihel) [1858592 1858594 1858596] - redhat: Rename mod-blacklist.sh to mod-denylist.sh (Prarit Bhargava) Resolves: rhbz#1858592, rhbz#1858594, rhbz#1858596 Signed-off-by: Justin M. Forbes --- Makefile.rhelver | 2 +- kernel-aarch64-debug-fedora.config | 4 +- kernel-aarch64-debug-rhel.config | 12 +-- kernel-aarch64-fedora.config | 4 +- kernel-aarch64-rhel.config | 12 +-- kernel-armv7hl-debug-fedora.config | 1 + kernel-armv7hl-fedora.config | 1 + kernel-armv7hl-lpae-debug-fedora.config | 1 + kernel-armv7hl-lpae-fedora.config | 1 + kernel-i686-debug-fedora.config | 1 + kernel-i686-fedora.config | 1 + kernel-ppc64le-debug-fedora.config | 1 + kernel-ppc64le-fedora.config | 1 + kernel-s390x-debug-fedora.config | 1 + kernel-s390x-fedora.config | 1 + kernel-x86_64-debug-fedora.config | 1 + kernel-x86_64-fedora.config | 1 + kernel.spec | 18 ++-- mod-blacklist.sh | 164 -------------------------------- mod-denylist.sh | 164 ++++++++++++++++++++++++++++++++ sources | 6 +- 21 files changed, 207 insertions(+), 191 deletions(-) delete mode 100755 mod-blacklist.sh create mode 100755 mod-denylist.sh diff --git a/Makefile.rhelver b/Makefile.rhelver index 1bec7bd85..c9d0e0ad3 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 99 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 54 +RHEL_RELEASE = 55 # # Early y+1 numbering diff --git a/kernel-aarch64-debug-fedora.config b/kernel-aarch64-debug-fedora.config index bded6d538..1ea86b938 100644 --- a/kernel-aarch64-debug-fedora.config +++ b/kernel-aarch64-debug-fedora.config @@ -3075,7 +3075,7 @@ CONFIG_IPC_NS=y CONFIG_IPDDP_ENCAP=y CONFIG_IPDDP=m CONFIG_IP_FIB_TRIE_STATS=y -# CONFIG_IPMB_DEVICE_INTERFACE is not set +CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set @@ -3957,7 +3957,7 @@ CONFIG_MLX5_VDPA_NET=m CONFIG_MLX5_VDPA=y CONFIG_MLX90614=m CONFIG_MLX90632=m -# CONFIG_MLXBF_BOOTCTL is not set +CONFIG_MLXBF_BOOTCTL=m # CONFIG_MLXBF_PMC is not set CONFIG_MLXBF_TMFIFO=m CONFIG_MLXFW=m diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index 3cbade65b..c7aeb3e48 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -1545,9 +1545,9 @@ CONFIG_EDAC_XGENE=m CONFIG_EDAC=y CONFIG_EEPROM_93CX6=m # CONFIG_EEPROM_93XX46 is not set -# CONFIG_EEPROM_AT24 is not set +CONFIG_EEPROM_AT24=m # CONFIG_EEPROM_AT25 is not set -# CONFIG_EEPROM_EE1004 is not set +CONFIG_EEPROM_EE1004=m # CONFIG_EEPROM_IDT_89HPESX is not set CONFIG_EEPROM_LEGACY=m CONFIG_EEPROM_MAX6875=m @@ -2465,7 +2465,7 @@ CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set CONFIG_IP_FIB_TRIE_STATS=y -# CONFIG_IPMB_DEVICE_INTERFACE is not set +CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set @@ -3217,9 +3217,9 @@ CONFIG_MLX5_TLS=y CONFIG_MLX5_VDPA_NET=m # CONFIG_MLX90614 is not set # CONFIG_MLX90632 is not set -# CONFIG_MLXBF_BOOTCTL is not set +CONFIG_MLXBF_BOOTCTL=m # CONFIG_MLXBF_PMC is not set -# CONFIG_MLXBF_TMFIFO is not set +CONFIG_MLXBF_TMFIFO=m CONFIG_MLXFW=m CONFIG_MLX_PLATFORM=m CONFIG_MLXREG_HOTPLUG=m @@ -4957,7 +4957,7 @@ CONFIG_SENSORS_G762=m # CONFIG_SENSORS_ISL29028 is not set # CONFIG_SENSORS_ISL68137 is not set # CONFIG_SENSORS_IT87 is not set -# CONFIG_SENSORS_JC42 is not set +CONFIG_SENSORS_JC42=m CONFIG_SENSORS_K10TEMP=m CONFIG_SENSORS_K8TEMP=m # CONFIG_SENSORS_LINEAGE is not set diff --git a/kernel-aarch64-fedora.config b/kernel-aarch64-fedora.config index 51c844217..64b5744c2 100644 --- a/kernel-aarch64-fedora.config +++ b/kernel-aarch64-fedora.config @@ -3059,7 +3059,7 @@ CONFIG_IPC_NS=y CONFIG_IPDDP_ENCAP=y CONFIG_IPDDP=m CONFIG_IP_FIB_TRIE_STATS=y -# CONFIG_IPMB_DEVICE_INTERFACE is not set +CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set @@ -3934,7 +3934,7 @@ CONFIG_MLX5_VDPA_NET=m CONFIG_MLX5_VDPA=y CONFIG_MLX90614=m CONFIG_MLX90632=m -# CONFIG_MLXBF_BOOTCTL is not set +CONFIG_MLXBF_BOOTCTL=m # CONFIG_MLXBF_PMC is not set CONFIG_MLXBF_TMFIFO=m CONFIG_MLXFW=m diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 36f678107..3a7b63c6c 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -1537,9 +1537,9 @@ CONFIG_EDAC_XGENE=m CONFIG_EDAC=y CONFIG_EEPROM_93CX6=m # CONFIG_EEPROM_93XX46 is not set -# CONFIG_EEPROM_AT24 is not set +CONFIG_EEPROM_AT24=m # CONFIG_EEPROM_AT25 is not set -# CONFIG_EEPROM_EE1004 is not set +CONFIG_EEPROM_EE1004=m # CONFIG_EEPROM_IDT_89HPESX is not set CONFIG_EEPROM_LEGACY=m CONFIG_EEPROM_MAX6875=m @@ -2449,7 +2449,7 @@ CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set CONFIG_IP_FIB_TRIE_STATS=y -# CONFIG_IPMB_DEVICE_INTERFACE is not set +CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set @@ -3197,9 +3197,9 @@ CONFIG_MLX5_TLS=y CONFIG_MLX5_VDPA_NET=m # CONFIG_MLX90614 is not set # CONFIG_MLX90632 is not set -# CONFIG_MLXBF_BOOTCTL is not set +CONFIG_MLXBF_BOOTCTL=m # CONFIG_MLXBF_PMC is not set -# CONFIG_MLXBF_TMFIFO is not set +CONFIG_MLXBF_TMFIFO=m CONFIG_MLXFW=m CONFIG_MLX_PLATFORM=m CONFIG_MLXREG_HOTPLUG=m @@ -4936,7 +4936,7 @@ CONFIG_SENSORS_G762=m # CONFIG_SENSORS_ISL29028 is not set # CONFIG_SENSORS_ISL68137 is not set # CONFIG_SENSORS_IT87 is not set -# CONFIG_SENSORS_JC42 is not set +CONFIG_SENSORS_JC42=m CONFIG_SENSORS_K10TEMP=m CONFIG_SENSORS_K8TEMP=m # CONFIG_SENSORS_LINEAGE is not set diff --git a/kernel-armv7hl-debug-fedora.config b/kernel-armv7hl-debug-fedora.config index f83a593b0..c3486121c 100644 --- a/kernel-armv7hl-debug-fedora.config +++ b/kernel-armv7hl-debug-fedora.config @@ -4026,6 +4026,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLXREG_HOTPLUG=m CONFIG_MLXREG_IO=m diff --git a/kernel-armv7hl-fedora.config b/kernel-armv7hl-fedora.config index a1e0675fa..e80b262b8 100644 --- a/kernel-armv7hl-fedora.config +++ b/kernel-armv7hl-fedora.config @@ -4004,6 +4004,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLXREG_HOTPLUG=m CONFIG_MLXREG_IO=m diff --git a/kernel-armv7hl-lpae-debug-fedora.config b/kernel-armv7hl-lpae-debug-fedora.config index 5e9495e73..facc1b6f0 100644 --- a/kernel-armv7hl-lpae-debug-fedora.config +++ b/kernel-armv7hl-lpae-debug-fedora.config @@ -3940,6 +3940,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLXREG_HOTPLUG=m CONFIG_MLXREG_IO=m diff --git a/kernel-armv7hl-lpae-fedora.config b/kernel-armv7hl-lpae-fedora.config index 1e74923b0..72ba1b1f1 100644 --- a/kernel-armv7hl-lpae-fedora.config +++ b/kernel-armv7hl-lpae-fedora.config @@ -3918,6 +3918,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLXREG_HOTPLUG=m CONFIG_MLXREG_IO=m diff --git a/kernel-i686-debug-fedora.config b/kernel-i686-debug-fedora.config index 1e0178f01..183b4151a 100644 --- a/kernel-i686-debug-fedora.config +++ b/kernel-i686-debug-fedora.config @@ -3606,6 +3606,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLX_PLATFORM=m CONFIG_MLXREG_HOTPLUG=m diff --git a/kernel-i686-fedora.config b/kernel-i686-fedora.config index 31c2eab25..1455f1676 100644 --- a/kernel-i686-fedora.config +++ b/kernel-i686-fedora.config @@ -3584,6 +3584,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLX_PLATFORM=m CONFIG_MLXREG_HOTPLUG=m diff --git a/kernel-ppc64le-debug-fedora.config b/kernel-ppc64le-debug-fedora.config index ea9e3aa05..dd397a097 100644 --- a/kernel-ppc64le-debug-fedora.config +++ b/kernel-ppc64le-debug-fedora.config @@ -3350,6 +3350,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLXREG_HOTPLUG=m CONFIG_MLXREG_IO=m diff --git a/kernel-ppc64le-fedora.config b/kernel-ppc64le-fedora.config index 9a0bbc7cf..7efb20fd4 100644 --- a/kernel-ppc64le-fedora.config +++ b/kernel-ppc64le-fedora.config @@ -3327,6 +3327,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLXREG_HOTPLUG=m CONFIG_MLXREG_IO=m diff --git a/kernel-s390x-debug-fedora.config b/kernel-s390x-debug-fedora.config index b36b2017c..8bcac89c8 100644 --- a/kernel-s390x-debug-fedora.config +++ b/kernel-s390x-debug-fedora.config @@ -3334,6 +3334,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLXREG_HOTPLUG=m CONFIG_MLXREG_IO=m diff --git a/kernel-s390x-fedora.config b/kernel-s390x-fedora.config index 1246e8e97..22c127d36 100644 --- a/kernel-s390x-fedora.config +++ b/kernel-s390x-fedora.config @@ -3311,6 +3311,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLXREG_HOTPLUG=m CONFIG_MLXREG_IO=m diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index 684e75b38..f6e6b5d09 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -3654,6 +3654,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLX_PLATFORM=m CONFIG_MLXREG_HOTPLUG=m diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index a7e325857..602001bec 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -3632,6 +3632,7 @@ CONFIG_MLX90614=m CONFIG_MLX90632=m # CONFIG_MLXBF_BOOTCTL is not set # CONFIG_MLXBF_PMC is not set +# CONFIG_MLXBF_TMFIFO is not set CONFIG_MLXFW=m CONFIG_MLX_PLATFORM=m CONFIG_MLXREG_HOTPLUG=m diff --git a/kernel.spec b/kernel.spec index a409a04af..7fcfe9c8f 100755 --- a/kernel.spec +++ b/kernel.spec @@ -73,7 +73,7 @@ Summary: The Linux kernel # the --with-release option overrides this setting.) %define debugbuildsenabled 0 -%global distro_build 0.rc7.20210624git7426cedc7dad.54 +%global distro_build 0.rc7.20210625git44db63d1ad8d.55 %if 0%{?fedora} %define secure_boot_arch x86_64 @@ -117,13 +117,13 @@ Summary: The Linux kernel %define kversion 5.13 %define rpmversion 5.13.0 -%define pkgrelease 0.rc7.20210624git7426cedc7dad.54 +%define pkgrelease 0.rc7.20210625git44db63d1ad8d.55 # This is needed to do merge window version magic %define patchlevel 13 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc7.20210624git7426cedc7dad.54%{?buildid}%{?dist} +%define specrelease 0.rc7.20210625git44db63d1ad8d.55%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -642,7 +642,7 @@ BuildRequires: clang # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-5.13-rc7-10-g7426cedc7dad.tar.xz +Source0: linux-5.13-rc7-43-g44db63d1ad8d.tar.xz Source1: Makefile.rhelver @@ -704,7 +704,7 @@ Source13: redhatsecureboot003.cer Source22: mod-extra.list.rhel Source16: mod-extra.list.fedora -Source17: mod-blacklist.sh +Source17: mod-denylist.sh Source18: mod-sign.sh Source79: parallel_xz.sh @@ -1311,8 +1311,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-5.13-rc7-10-g7426cedc7dad -c -mv linux-5.13-rc7-10-g7426cedc7dad linux-%{KVERREL} +%setup -q -n kernel-5.13-rc7-43-g44db63d1ad8d -c +mv linux-5.13-rc7-43-g44db63d1ad8d linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -2882,6 +2882,10 @@ fi # # %changelog +* Fri Jun 25 2021 Fedora Kernel Team [5.13.0-0.rc7.20210625git44db63d1ad8d.55] +- redhat/configs: Enable needed drivers for BlueField SoC on aarch64 (Alaa Hleihel) [1858592 1858594 1858596] +- redhat: Rename mod-blacklist.sh to mod-denylist.sh (Prarit Bhargava) + * Wed Jun 23 2021 Fedora Kernel Team [5.13.0-0.rc7.20210623git0c18f29aae7c.53] - redhat/configs: enable CONFIG_NET_ACT_MPLS (Marcelo Ricardo Leitner) diff --git a/mod-blacklist.sh b/mod-blacklist.sh deleted file mode 100755 index 6127d145f..000000000 --- a/mod-blacklist.sh +++ /dev/null @@ -1,164 +0,0 @@ -#! /bin/bash -# shellcheck disable=SC2164 - -RpmDir=$1 -ModDir=$2 -Dir="$1/$2" -# Note the list filename must have the format mod-[PACKAGE].list, for example, -# mod-internal.list or mod-extra.list. The PACKAGE is used to create a -# override directory for the modules. -List=$3 -Dest="$4" - -blacklist() -{ - cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__ - # This kernel module can be automatically loaded by non-root users. To - # enhance system security, the module is blacklisted by default to ensure - # system administrators make the module available for use as needed. - # See https://access.redhat.com/articles/3760101 for more details. - # - # Remove the blacklist by adding a comment # at the start of the line. - blacklist $1 -__EOF__ -} - -check_blacklist() -{ - mod=$(find "$RpmDir/$ModDir" -name "$1") - [ ! "$mod" ] && return 0 - if modinfo "$mod" | grep -q '^alias:\s\+net-'; then - mod="${1##*/}" - mod="${mod%.ko*}" - echo "$mod has an alias that allows auto-loading. Blacklisting." - blacklist "$mod" - fi -} - -find_depends() -{ - dep=$1 - depends=$(modinfo "$dep" | sed -n -e "/^depends/ s/^depends:[ \t]*//p") - [ -z "$depends" ] && exit - for mod in ${depends//,/ } - do - match=$(grep "^$mod.ko" "$ListName") - [ -z "$match" ] && continue - # check if the module we are looking at is in mod-* too. - # if so we do not need to mark the dep as required. - mod2=${dep##*/} # same as $(basename $dep), but faster - match2=$(grep "^$mod2" "$ListName") - if [ -n "$match2" ] - then - #echo $mod2 >> notreq.list - continue - fi - echo "$mod".ko >> req.list - done -} - -foreachp() -{ - P=$(nproc) - bgcount=0 - while read -r mod; do - $1 "$mod" & - - bgcount=$((bgcount + 1)) - if [ $bgcount -eq "$P" ]; then - wait -n - bgcount=$((bgcount - 1)) - fi - done - - wait -} - -# Destination was specified on the command line -test -n "$4" && echo "$0: Override Destination $Dest has been specified." - -pushd "$Dir" - -OverrideDir=$(basename "$List") -OverrideDir=${OverrideDir%.*} -OverrideDir=${OverrideDir#*-} -mkdir -p "$OverrideDir" - -rm -rf modnames -find . -name "*.ko" -type f > modnames -# Look through all of the modules, and throw any that have a dependency in -# our list into the list as well. -rm -rf dep.list dep2.list -rm -rf req.list req2.list -touch dep.list req.list -cp "$List" . - -# This variable needs to be exported because it is used in sub-script -# executed by xargs -ListName=$(basename "$List") -export ListName - -foreachp find_depends < modnames - -sort -u req.list > req2.list -sort -u "$ListName" > modules2.list -join -v 1 modules2.list req2.list > modules3.list - -while IFS= read -r mod -do - # get the path for the module - modpath=$(grep /"$mod" modnames) - [ -z "$modpath" ] && continue - echo "$modpath" >> dep.list -done < modules3.list - -sort -u dep.list > dep2.list - -if [ -n "$Dest" ]; then - # now move the modules into the $Dest directory - while IFS= read -r mod - do - newpath=$(dirname "$mod" | sed -e "s/kernel\\//$Dest\//") - mkdir -p "$newpath" - mv "$mod" "$newpath" - echo "$mod" | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> "$RpmDir"/"$ListName" - done < dep2.list -fi - -popd - -# If we're signing modules, we can't leave the .mod files for the .ko files -# we've moved in .tmp_versions/. Remove them so the Kbuild 'modules_sign' -# target doesn't try to sign a non-existent file. This is kinda ugly, but -# so are the modules-* packages. - -while IFS= read -r mod -do - modfile=$(basename "$mod" | sed -e 's/.ko/.mod/') - rm .tmp_versions/"$modfile" -done < "$Dir"/dep2.list - -if [ -z "$Dest" ]; then - sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName" - echo "./$RpmDir/$ListName created." - [ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/" - foreachp check_blacklist < "$List" -fi - -# Many BIOS-es export a PNP-id which causes the floppy driver to autoload -# even though most modern systems don't have a 3.5" floppy driver anymore -# this replaces the old die_floppy_die.patch which removed the PNP-id from -# the module - -floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*) -if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then - blacklist "floppy" -fi - -# avoid an empty kernel-extra package -echo "$ModDir/$OverrideDir" >> "$RpmDir/$ListName" - -pushd "$Dir" -rm modnames dep.list dep2.list req.list req2.list -rm "$ListName" modules2.list modules3.list -popd diff --git a/mod-denylist.sh b/mod-denylist.sh new file mode 100755 index 000000000..6127d145f --- /dev/null +++ b/mod-denylist.sh @@ -0,0 +1,164 @@ +#! /bin/bash +# shellcheck disable=SC2164 + +RpmDir=$1 +ModDir=$2 +Dir="$1/$2" +# Note the list filename must have the format mod-[PACKAGE].list, for example, +# mod-internal.list or mod-extra.list. The PACKAGE is used to create a +# override directory for the modules. +List=$3 +Dest="$4" + +blacklist() +{ + cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__ + # This kernel module can be automatically loaded by non-root users. To + # enhance system security, the module is blacklisted by default to ensure + # system administrators make the module available for use as needed. + # See https://access.redhat.com/articles/3760101 for more details. + # + # Remove the blacklist by adding a comment # at the start of the line. + blacklist $1 +__EOF__ +} + +check_blacklist() +{ + mod=$(find "$RpmDir/$ModDir" -name "$1") + [ ! "$mod" ] && return 0 + if modinfo "$mod" | grep -q '^alias:\s\+net-'; then + mod="${1##*/}" + mod="${mod%.ko*}" + echo "$mod has an alias that allows auto-loading. Blacklisting." + blacklist "$mod" + fi +} + +find_depends() +{ + dep=$1 + depends=$(modinfo "$dep" | sed -n -e "/^depends/ s/^depends:[ \t]*//p") + [ -z "$depends" ] && exit + for mod in ${depends//,/ } + do + match=$(grep "^$mod.ko" "$ListName") + [ -z "$match" ] && continue + # check if the module we are looking at is in mod-* too. + # if so we do not need to mark the dep as required. + mod2=${dep##*/} # same as $(basename $dep), but faster + match2=$(grep "^$mod2" "$ListName") + if [ -n "$match2" ] + then + #echo $mod2 >> notreq.list + continue + fi + echo "$mod".ko >> req.list + done +} + +foreachp() +{ + P=$(nproc) + bgcount=0 + while read -r mod; do + $1 "$mod" & + + bgcount=$((bgcount + 1)) + if [ $bgcount -eq "$P" ]; then + wait -n + bgcount=$((bgcount - 1)) + fi + done + + wait +} + +# Destination was specified on the command line +test -n "$4" && echo "$0: Override Destination $Dest has been specified." + +pushd "$Dir" + +OverrideDir=$(basename "$List") +OverrideDir=${OverrideDir%.*} +OverrideDir=${OverrideDir#*-} +mkdir -p "$OverrideDir" + +rm -rf modnames +find . -name "*.ko" -type f > modnames +# Look through all of the modules, and throw any that have a dependency in +# our list into the list as well. +rm -rf dep.list dep2.list +rm -rf req.list req2.list +touch dep.list req.list +cp "$List" . + +# This variable needs to be exported because it is used in sub-script +# executed by xargs +ListName=$(basename "$List") +export ListName + +foreachp find_depends < modnames + +sort -u req.list > req2.list +sort -u "$ListName" > modules2.list +join -v 1 modules2.list req2.list > modules3.list + +while IFS= read -r mod +do + # get the path for the module + modpath=$(grep /"$mod" modnames) + [ -z "$modpath" ] && continue + echo "$modpath" >> dep.list +done < modules3.list + +sort -u dep.list > dep2.list + +if [ -n "$Dest" ]; then + # now move the modules into the $Dest directory + while IFS= read -r mod + do + newpath=$(dirname "$mod" | sed -e "s/kernel\\//$Dest\//") + mkdir -p "$newpath" + mv "$mod" "$newpath" + echo "$mod" | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> "$RpmDir"/"$ListName" + done < dep2.list +fi + +popd + +# If we're signing modules, we can't leave the .mod files for the .ko files +# we've moved in .tmp_versions/. Remove them so the Kbuild 'modules_sign' +# target doesn't try to sign a non-existent file. This is kinda ugly, but +# so are the modules-* packages. + +while IFS= read -r mod +do + modfile=$(basename "$mod" | sed -e 's/.ko/.mod/') + rm .tmp_versions/"$modfile" +done < "$Dir"/dep2.list + +if [ -z "$Dest" ]; then + sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName" + echo "./$RpmDir/$ListName created." + [ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/" + foreachp check_blacklist < "$List" +fi + +# Many BIOS-es export a PNP-id which causes the floppy driver to autoload +# even though most modern systems don't have a 3.5" floppy driver anymore +# this replaces the old die_floppy_die.patch which removed the PNP-id from +# the module + +floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*) +if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then + blacklist "floppy" +fi + +# avoid an empty kernel-extra package +echo "$ModDir/$OverrideDir" >> "$RpmDir/$ListName" + +pushd "$Dir" +rm modnames dep.list dep2.list req.list req2.list +rm "$ListName" modules2.list modules3.list +popd diff --git a/sources b/sources index aceebdca7..1eedb9896 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.13-rc7-10-g7426cedc7dad.tar.xz) = b9f559ee87999867bea98c9a6c0269947181958c8a5f8b1ffdadf67ce367305da3391ff8ae5f68980f445d4fa14564730f55bcb3c08d78d615a2610eaf3f4bd5 -SHA512 (kernel-abi-whitelists-5.13.0-0.rc7.20210624git7426cedc7dad.54.tar.bz2) = 9c9e30f991cb1399c9f89c0a3e9df55a2f786b9fc1b4767a89753a069c5e2b176d46b2cfde646434425a5507942c07fe58de53e1b32a2f25b93c78c6270de609 -SHA512 (kernel-kabi-dw-5.13.0-0.rc7.20210624git7426cedc7dad.54.tar.bz2) = c8c0f12a41c67db59f367560a3010f41fee949e4a1c02ac6e5fc841e6f0b3ad26aead25abaa614d14bf1b4d5b910826a6e921da91c674e5a838e66606cbc11c1 +SHA512 (linux-5.13-rc7-43-g44db63d1ad8d.tar.xz) = e19c120431b57369f68aed49fb907c4e98e92252c9473a201a97fe91bcf238e6549d6c216706d25fca8a41f8efac95b4bf7fbf48406bd00733cb43274a63f085 +SHA512 (kernel-abi-whitelists-5.13.0-0.rc7.20210625git44db63d1ad8d.55.tar.bz2) = f7c216049197a58fa8009f2e082f9809f24d380ad942b0fd0e898dbd61eb4230815dc8a7cf8349f35a7fa91c4168a1fbb6ad93d46327218faf33a3233e853ecc +SHA512 (kernel-kabi-dw-5.13.0-0.rc7.20210625git44db63d1ad8d.55.tar.bz2) = 5521e8885fdda6c6f4f0340a1c524ef5a729fad44c705d190d02328d998eaf831676a923542855ccc210619e789e8a6353816f209a2739d062f09304686b02bb -- cgit