From 4acc5bbea900934e5b4bc8835a62b5dcc5c57cab Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 12 Mar 2018 12:12:50 -0700 Subject: Disable IMA appraise (rhbz 1554474) A recent change to the EFI lockdown patch forces IMA policy to be loaded when secureboot is used. Unfortunately, we don't have all the pieces in place to have all components fully signed. Disable appraisal for now until that gets fixed. --- configs/fedora/generic/CONFIG_IMA_APPRAISE | 2 +- kernel-aarch64-debug.config | 2 +- kernel-aarch64.config | 2 +- kernel-armv7hl-debug.config | 2 +- kernel-armv7hl-lpae-debug.config | 2 +- kernel-armv7hl-lpae.config | 2 +- kernel-armv7hl.config | 2 +- kernel-i686-PAE.config | 2 +- kernel-i686-PAEdebug.config | 2 +- kernel-i686-debug.config | 2 +- kernel-i686.config | 2 +- kernel-ppc64-debug.config | 2 +- kernel-ppc64.config | 2 +- kernel-ppc64le-debug.config | 2 +- kernel-ppc64le.config | 2 +- kernel-s390x-debug.config | 2 +- kernel-s390x.config | 2 +- kernel-x86_64-debug.config | 2 +- kernel-x86_64.config | 2 +- 19 files changed, 19 insertions(+), 19 deletions(-) diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE index da04fd67d..acbe2fe3c 100644 --- a/configs/fedora/generic/CONFIG_IMA_APPRAISE +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE @@ -1 +1 @@ -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index e2c0ad429..9edb05112 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2206,7 +2206,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-aarch64.config b/kernel-aarch64.config index f241c8b02..572d9975b 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2188,7 +2188,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 06be2a125..88f319adf 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2330,7 +2330,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 62269a667..7e24f66e0 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2216,7 +2216,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index e3af01fce..c585c17e6 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2198,7 +2198,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 105731a57..ffa53449b 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2312,7 +2312,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index 7add60bd6..c513757d9 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -2053,7 +2053,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index 41689a39e..5e00edecd 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -2072,7 +2072,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index abfac8c54..35e3a899e 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2072,7 +2072,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-i686.config b/kernel-i686.config index e2b0ac96c..5a9f9a9dc 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2053,7 +2053,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index 3289affb3..70139d1ca 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -1961,7 +1961,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/kernel-ppc64.config b/kernel-ppc64.config index f211e4b89..e81bdb3a0 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -1942,7 +1942,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 59b3e81bc..8370a180c 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1906,7 +1906,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 93ed61ad6..517a9de86 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1887,7 +1887,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index c05b3c585..ac608ceb4 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1861,7 +1861,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-s390x.config b/kernel-s390x.config index 21eafc9b8..3d7914a5f 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1842,7 +1842,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 0b83aa306..685ec8eb7 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2119,7 +2119,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 2b62f36a1..38352e2fb 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2100,7 +2100,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set -- cgit From 7f43568b0fcc6324312fc4c900f63ea27c3f228a Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Tue, 13 Mar 2018 10:33:23 -0400 Subject: Linux v4.16-rc5-4-gfc6eabbbf8ef Signed-off-by: Jeremy Cline --- gitrev | 2 +- kernel.spec | 5 ++++- sources | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/gitrev b/gitrev index 9902b93d5..ee3fb4797 100644 --- a/gitrev +++ b/gitrev @@ -1 +1 @@ -1b88accf6a659c46d5c8e68912896f112bf882bb +fc6eabbbf8ef99efed778dd5afabc83c21dba585 diff --git a/kernel.spec b/kernel.spec index 3f6695476..41c124601 100644 --- a/kernel.spec +++ b/kernel.spec @@ -69,7 +69,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 5 # The git snapshot level -%define gitrev 0 +%define gitrev 1 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -1871,6 +1871,9 @@ fi # # %changelog +* Tue Mar 13 2018 Jeremy Cline - 4.16.0-0.rc5.git1.1 +- Linux v4.16-rc5-4-gfc6eabbbf8ef + * Mon Mar 12 2018 Jeremy Cline - 4.16.0-0.rc5.git0.1 - Linux v4.16-rc5 diff --git a/sources b/sources index 3dc7df0d4..1c92162d2 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ SHA512 (linux-4.15.tar.xz) = c00d92659df815a53dcac7dde145b742b1f20867d380c07cb09ddb3295d6ff10f8931b21ef0b09d7156923a3957b39d74d87c883300173b2e20690d2b4ec35ea SHA512 (patch-4.16-rc5.xz) = 0645901bf7e1fc9a2bff2b196fda356acf6a52d0f548bd14f478fea7f9110d6e20e609af659f49688fef72602b45cdf3f105ed13a79dcd547740a450d8ce8fff +SHA512 (patch-4.16-rc5-git1.xz) = 96d4fbe107142267b6f4ada225d70097aaf8897bb0393a514a98ddb8650a2d312e12e7c71e5f96a28c6c78847bebc1743f485de81cc60a684ef394e3e08e8e94 -- cgit From 41eee5319f475b568536caa3e769861f6cfd0b7e Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Tue, 13 Mar 2018 20:46:11 -0700 Subject: Fix for boot hang on arm64 (rhbz 1554954) --- kernel.spec | 3 ++ ...e_alloc-fix-boot-hang-in-memmap_init_zone.patch | 58 ++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 mm-page_alloc-fix-boot-hang-in-memmap_init_zone.patch diff --git a/kernel.spec b/kernel.spec index 41c124601..9a6144ede 100644 --- a/kernel.spec +++ b/kernel.spec @@ -622,6 +622,9 @@ Patch502: input-rmi4-remove-the-need-for-artifical-IRQ.patch # rhbz 1509461 Patch503: v3-2-2-Input-synaptics---Lenovo-X1-Carbon-5-should-use-SMBUS-RMI.patch +# rhbz 1554954 +Patch504: mm-page_alloc-fix-boot-hang-in-memmap_init_zone.patch + # END OF PATCH DEFINITIONS %endif diff --git a/mm-page_alloc-fix-boot-hang-in-memmap_init_zone.patch b/mm-page_alloc-fix-boot-hang-in-memmap_init_zone.patch new file mode 100644 index 000000000..466493db3 --- /dev/null +++ b/mm-page_alloc-fix-boot-hang-in-memmap_init_zone.patch @@ -0,0 +1,58 @@ +From patchwork Tue Mar 13 22:42:40 2018 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Subject: mm/page_alloc: fix boot hang in memmap_init_zone +From: Daniel Vacek +X-Patchwork-Id: 10281093 +Message-Id: <20180313224240.25295-1-neelx@redhat.com> +To: linux-kernel@vger.kernel.org, linux-mm@kvack.org +Cc: Sudeep Holla , + Naresh Kamboju , + Daniel Vacek , Andrew Morton , + Mel Gorman , Michal Hocko , + Paul Burton , + Pavel Tatashin , + Vlastimil Babka , stable@vger.kernel.org +Date: Tue, 13 Mar 2018 23:42:40 +0100 + +On some architectures (reported on arm64) commit 864b75f9d6b01 ("mm/page_alloc: fix memmap_init_zone pageblock alignment") +causes a boot hang. This patch fixes the hang making sure the alignment +never steps back. + +Link: http://lkml.kernel.org/r/0485727b2e82da7efbce5f6ba42524b429d0391a.1520011945.git.neelx@redhat.com +Fixes: 864b75f9d6b01 ("mm/page_alloc: fix memmap_init_zone pageblock alignment") +Signed-off-by: Daniel Vacek +Tested-by: Sudeep Holla +Tested-by: Naresh Kamboju +Cc: Andrew Morton +Cc: Mel Gorman +Cc: Michal Hocko +Cc: Paul Burton +Cc: Pavel Tatashin +Cc: Vlastimil Babka +Cc: +--- + mm/page_alloc.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index 3d974cb2a1a1..e033a6895c6f 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -5364,9 +5364,14 @@ void __meminit memmap_init_zone(unsigned long size, int nid, unsigned long zone, + * is not. move_freepages_block() can shift ahead of + * the valid region but still depends on correct page + * metadata. ++ * Also make sure we never step back. + */ +- pfn = (memblock_next_valid_pfn(pfn, end_pfn) & ++ unsigned long next_pfn; ++ ++ next_pfn = (memblock_next_valid_pfn(pfn, end_pfn) & + ~(pageblock_nr_pages-1)) - 1; ++ if (next_pfn > pfn) ++ pfn = next_pfn; + #endif + continue; + } -- cgit