Raspbian automatic forward porter [Fri, 2 Dec 2022 03:39:23 +0000 (03:39 +0000)]
Merge version 6.0.8-1+rpi1 and 6.0.10-1 to produce 6.0.10-1+rpi1
Salvatore Bonaccorso [Sat, 26 Nov 2022 15:06:48 +0000 (15:06 +0000)]
Merge linux (6.0.10-1) import into refs/heads/workingbranch
Ben Hutchings [Sat, 15 Jan 2022 21:59:11 +0000 (22:59 +0100)]
tools/perf: Fix missing LDFLAGS for some programs
Signed-off-by: Ben Hutchings <benh@debian.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-fix-missing-ldflags-for-some-programs.patch
Ben Hutchings [Sat, 15 Jan 2022 21:30:49 +0000 (22:30 +0100)]
libapi: Define _FORTIFY_SOURCE as 2, not empty
Signed-off-by: Ben Hutchings <benh@debian.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name libapi-define-_fortify_source-as-2-not-empty.patch
Ben Hutchings [Sun, 25 Aug 2019 12:49:41 +0000 (13:49 +0100)]
tools/perf: pmu-events: Fix reproducibility
Forwarded: https://lore.kernel.org/lkml/
20190825131329.naqzd5kwg7mw5d3f@decadent.org.uk/T/#u
jevents.py enumerates files and outputs the corresponding C structs in
the order they are found. This makes it sensitive to directory
ordering, so that the perf executable is not reproducible.
To avoid this, sort the entries returned by os.scandir() before
processing them.
References: https://tests.reproducible-builds.org/debian/dbdtxt/bullseye/i386/linux_4.19.37-6.diffoscope.txt.gz
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-pmu-events-fix-reproducibility.patch
Ben Hutchings [Thu, 3 Nov 2016 21:25:26 +0000 (15:25 -0600)]
cpupower: Fix checks for CPU existence
Forwarded: https://marc.info/?l=linux-pm&m=
149248268214265
Calls to cpufreq_cpu_exists(cpu) were converted to
cpupower_is_cpu_online(cpu) when libcpupower was introduced and the
former function was deleted. However, cpupower_is_cpu_online() does
not distinguish physically absent and offline CPUs, and does not set
errno.
cpufreq-set has already been fixed (commit
c25badc9ceb6).
In cpufreq-bench, which prints an error message for offline CPUs,
properly distinguish and report the zero and negative cases.
Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
Fixes: 53d1cd6b125f ("cpupowerutils: bench - Fix cpu online check")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[carnil: Update/Refresh patch for 4.14.17: The issue with the
incorrect check has been fixed with upstream commit
53d1cd6b125f.
Keep in the patch the distinction and report for the zero and
negative cases.]
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name cpupower-fix-checks-for-cpu-existence.patch
Ben Hutchings [Thu, 9 Jun 2016 22:35:08 +0000 (23:35 +0100)]
cpupower: Bump soname version
Forwarded: http://mid.gmane.org/
20160610005619.GQ7555@decadent.org.uk
Several functions in the libcpupower API are renamed or removed in
Linux 4.7. This is an backward-incompatible ABI change, so the
library soname should change from libcpupower.so.0 to
libcpupower.so.1.
Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name cpupower-bump-soname-version.patch
Ben Hutchings [Sun, 21 Feb 2016 15:33:15 +0000 (15:33 +0000)]
tools/build: Remove bpf() run-time check at build time
Forwarded: no
It is not correct to test that a syscall works on the build system's
kernel. We might be building on an earlier kernel version or with
security restrictions that block bpf().
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-build-remove-bpf-run-time-check-at-build-time.patch
Ben Hutchings [Fri, 25 Sep 2015 21:50:50 +0000 (22:50 +0100)]
Revert "perf build: Fix libunwind feature detection on 32-bit x86"
Forwarded: no
This reverts commit
05b41775e2edd69a83f592e3534930c934d4038e.
It broke feature detection that was working just fine for us.
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name revert-perf-build-fix-libunwind-feature-detection-on.patch
Ben Hutchings [Fri, 25 Sep 2015 19:09:23 +0000 (20:09 +0100)]
tools/perf: Remove shebang lines from perf scripts
Forwarded: no
perf scripts need to be invoked through perf, not directly through
perl (or other language interpreter). So including shebang lines in
them is useless and possibly misleading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-remove-shebangs.patch
Ben Hutchings [Mon, 13 Jul 2015 19:29:20 +0000 (20:29 +0100)]
perf tools: Use $KBUILD_BUILD_TIMESTAMP as man page date
Forwarded: http://mid.gmane.org/
20160517132809.GE7555@decadent.org.uk
This allows man pages to be built reproducibly.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-man-date.patch
Ben Hutchings [Mon, 8 Sep 2014 17:31:24 +0000 (18:31 +0100)]
kbuild: Fix recordmcount dependency for OOT modules
Forwarded: no
We never rebuild anything in-tree when building an out-of-tree
modules, so external modules should not depend on the recordmcount
sources.
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name kbuild-fix-recordmcount-dependency.patch
Ben Hutchings [Sun, 24 Jun 2012 01:51:39 +0000 (02:51 +0100)]
usbip: Document TCP wrappers
Forwarded: no
Add references to TCP wrappers configuration in the manual page.
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name usbip-document-tcp-wrappers.patch
Ben Hutchings [Fri, 2 Dec 2016 23:06:18 +0000 (23:06 +0000)]
module: Disable matching missing version CRC
Forwarded: not-needed
This partly reverts commit
cd3caefb4663e3811d37cc2afad3cce642d60061.
We want to fail closed if a symbol version CRC is missing, as the
alternative may allow subverting module signing.
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name module-disable-matching-missing-version-crc.patch
Ben Hutchings [Thu, 25 Apr 2019 14:31:33 +0000 (15:31 +0100)]
ntfs: mark it as broken
NTFS has unfixed issues CVE-2018-12929, CVE-2018-12930, and
CVE-2018-12931. ntfs-3g is a better supported alternative.
Make sure it can't be enabled even in custom kernels.
Gbp-Pq: Topic debian
Gbp-Pq: Name ntfs-mark-it-as-broken.patch
Ben Hutchings [Tue, 16 Feb 2016 02:45:42 +0000 (02:45 +0000)]
[i386/686-pae] PCI: Set pci=nobios by default
Forwarded: not-needed
CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped
W+X, which is undesirable for security reasons and will result in a
warning at boot now that we enable CONFIG_DEBUG_WX.
This can be overridden using the kernel parameter "pci=nobios", but we
want to disable W+X by default. Disable PCI BIOS probing by default;
it can still be enabled using "pci=bios".
Gbp-Pq: Topic debian
Gbp-Pq: Name i386-686-pae-pci-set-pci-nobios-by-default.patch
Robert Holmes [Tue, 23 Apr 2019 07:39:29 +0000 (07:39 +0000)]
[PATCH] KEYS: Make use of platform keyring for module signature verify
Bug-Debian: https://bugs.debian.org/935945
Origin: https://src.fedoraproject.org/rpms/kernel/raw/master/f/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
This patch completes commit
278311e417be ("kexec, KEYS: Make use of
platform keyring for signature verify") which, while adding the
platform keyring for bzImage verification, neglected to also add
this keyring for module verification.
As such, kernel modules signed with keys from the MokList variable
were not successfully verified.
Signed-off-by: Robert Holmes <robeholmes@gmail.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
[bwh: Forward-ported to 5.19: adjust filename]
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name KEYS-Make-use-of-platform-keyring-for-module-signature.patch
Ben Hutchings [Sun, 5 May 2019 12:45:06 +0000 (13:45 +0100)]
MODSIGN: Make shash allocation failure fatal
mod_is_hash_blacklisted() currently returns 0 (suceess) if
crypto_alloc_shash() fails. This should instead be a fatal error,
so unwrap and pass up the error code.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name modsign-make-shash-allocation-failure-fatal.patch
Lee, Chun-Yi [Tue, 13 Mar 2018 10:38:03 +0000 (18:38 +0800)]
[PATCH 4/4] MODSIGN: check the attributes of db and mok
Origin: https://lore.kernel.org/patchwork/patch/933176/
That's better for checking the attributes of db and mok variables
before loading certificates to kernel keyring.
For db and dbx, both of them are authenticated variables. Which
means that they can only be modified by manufacturer's key. So
the kernel should checks EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
attribute before we trust it.
For mok-rt and mokx-rt, both of them are created by shim boot loader
to forward the mok/mokx content to runtime. They must be runtime-volatile
variables. So kernel should checks that the attributes map did not set
EFI_VARIABLE_NON_VOLATILE bit before we trust it.
Cc: David Howells <dhowells@redhat.com>
Cc: Josh Boyer <jwboyer@fedoraproject.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
[Rebased by Luca Boccassi]
[bwh: Forward-ported to 5.5.9:
- get_cert_list() takes a pointer to status and returns the cert list
- Adjust filename, context]
[bwh: Forward-ported to 5.10: MokListRT and MokListXRT are now both
loaded through a single code path.]
[bwh: Forward-ported to 5.13: No they aren't]
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0004-MODSIGN-check-the-attributes-of-db-and-mok.patch
Lee, Chun-Yi [Tue, 13 Mar 2018 10:38:02 +0000 (18:38 +0800)]
[PATCH 3/4] MODSIGN: checking the blacklisted hash before loading a kernel module
Origin: https://lore.kernel.org/patchwork/patch/933175/
This patch adds the logic for checking the kernel module's hash
base on blacklist. The hash must be generated by sha256 and enrolled
to dbx/mokx.
For example:
sha256sum sample.ko
mokutil --mokx --import-hash $HASH_RESULT
Whether the signature on ko file is stripped or not, the hash can be
compared by kernel.
Cc: David Howells <dhowells@redhat.com>
Cc: Josh Boyer <jwboyer@fedoraproject.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
[Rebased by Luca Boccassi]
[bwh: Forward-ported to 5.19:
- The type parameter to is_hash_blacklisted() is now an enumeration
rather than a string
- Adjust filename, context]
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch
Lee, Chun-Yi [Tue, 13 Mar 2018 10:37:59 +0000 (18:37 +0800)]
[PATCH 1/5] MODSIGN: do not load mok when secure boot disabled
Origin: https://lore.kernel.org/patchwork/patch/933173/
The mok can not be trusted when the secure boot is disabled. Which
means that the kernel embedded certificate is the only trusted key.
Due to db/dbx are authenticated variables, they needs manufacturer's
KEK for update. So db/dbx are secure when secureboot disabled.
Cc: David Howells <dhowells@redhat.com>
Cc: Josh Boyer <jwboyer@fedoraproject.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
[Rebased by Luca Boccassi]
[bwh: Forward-ported to 5.5.9:
- get_cert_list() takes a pointer to status and returns the cert list
- Adjust filename]
[Salvatore Bonaccorso: Forward-ported to 5.10: Refresh for changes in
38a1f03aa240 ("integrity: Move import of MokListRT certs to a separate
routine")]
[bwh: Forward-ported to 5.17: The upstream code now has this check but
ties it to IMA policy. Until we determine whether we want to do that,
revert to checking the EFI flag directly instead.]
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch
Linn Crosetto [Tue, 30 Aug 2016 17:54:38 +0000 (11:54 -0600)]
arm64: add kernel config option to lock down when in Secure Boot mode
Bug-Debian: https://bugs.debian.org/831827
Forwarded: no
Add a kernel configuration option to lock down the kernel, to restrict
userspace's ability to modify the running kernel when UEFI Secure Boot is
enabled. Based on the x86 patch by Matthew Garrett.
Determine the state of Secure Boot in the EFI stub and pass this to the
kernel using the FDT.
Signed-off-by: Linn Crosetto <linn@hpe.com>
[bwh: Forward-ported to 4.10: adjust context]
[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]
[bwh: Forward-ported to 4.15 and lockdown patch set:
- Pass result of efi_get_secureboot() in stub through to
efi_set_secure_boot() in main kernel
- Use lockdown API and naming]
[bwh: Forward-ported to 4.19.3: adjust context in update_fdt()]
[dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection]
[bwh: Drop call to init_lockdown(), as efi_set_secure_boot() now calls this]
[bwh: Forward-ported to 5.6: efi_get_secureboot() no longer takes a
sys_table parameter]
[bwh: Forward-ported to 5.7: EFI initialisation from FDT was rewritten, so:
- Add Secure Boot mode to the parameter enumeration in fdtparams.c
- Add a parameter to efi_get_fdt_params() to return the Secure Boot mode
- Since Xen does not have a property name defined for Secure Boot mode,
change efi_get_fdt_prop() to handle a missing property name by clearing
the output variable]
[Salvatore Bonaccorso: Forward-ported to 5.10:
f30f242fb131 ("efi: Rename
arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c]
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name arm64-add-kernel-config-option-to-lock-down-when.patch
Ben Hutchings [Fri, 30 Aug 2019 14:54:24 +0000 (15:54 +0100)]
mtd: phram,slram: Disable when the kernel is locked down
Forwarded: https://lore.kernel.org/linux-security-module/
20190830154720.eekfjt6c4jzvlbfz@decadent.org.uk/
These drivers allow mapping arbitrary memory ranges as MTD devices.
This should be disabled to preserve the kernel's integrity when it is
locked down.
* Add the HWPARAM flag to the module parameters
* When slram is built-in, it uses __setup() to read kernel parameters,
so add an explicit check security_locked_down() check
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Matthew Garrett <mjg59@google.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Joern Engel <joern@lazybastard.org>
Cc: linux-mtd@lists.infradead.org
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name mtd-disable-slram-and-phram-when-locked-down.patch
Ben Hutchings [Tue, 10 Sep 2019 10:54:28 +0000 (11:54 +0100)]
efi: Lock down the kernel if booted in secure boot mode
Based on an earlier patch by David Howells, who wrote the following
description:
> UEFI Secure Boot provides a mechanism for ensuring that the firmware will
> only load signed bootloaders and kernels. Certain use cases may also
> require that all kernel modules also be signed. Add a configuration option
> that to lock down the kernel - which includes requiring validly signed
> modules - if the kernel is secure-booted.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
David Howells [Mon, 18 Feb 2019 12:45:03 +0000 (12:45 +0000)]
[28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=
a5d70c55c603233c192b375f72116a395909da28
UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT
flag that can be passed to efi_enabled() to find out whether secure boot is
enabled.
Move the switch-statement in x86's setup_arch() that inteprets the
secure_boot boot parameter to generic code and set the bit there.
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
cc: linux-efi@vger.kernel.org
[rperier: Forward-ported to 5.5:
- Use pr_warn()
- Adjust context]
[bwh: Forward-ported to 5.6: adjust context]
[bwh: Forward-ported to 5.7:
- Use the next available bit in efi.flags
- Adjust context]
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
Santiago Ruano Rincón [Mon, 21 Nov 2022 20:53:05 +0000 (21:53 +0100)]
net/cdc_ncm: Fix multicast RX support for CDC NCM devices with ZLP
Origin: https://git.kernel.org/linus/
748064b54c99418f615aabff5755996cd9816969
Bug-Debian: https://bugs.debian.org/
1024328
ZLP for DisplayLink ethernet devices was enabled in 6.0:
266c0190aee3 ("net/cdc_ncm: Enable ZLP for DisplayLink ethernet devices").
The related driver_info should be the "same as cdc_ncm_info, but with
FLAG_SEND_ZLP". However, set_rx_mode that enables handling multicast
traffic was missing in the new cdc_ncm_zlp_info.
usbnet_cdc_update_filter rx mode was introduced in linux 5.9 with:
e10dcb1b6ba7 ("net: cdc_ncm: hook into set_rx_mode to admit multicast
traffic")
Without this hook, multicast, and then IPv6 SLAAC, is broken.
Fixes: 266c0190aee3 ("net/cdc_ncm: Enable ZLP for DisplayLink ethernet devices")
Signed-off-by: Santiago Ruano Rincón <santiago.ruano-rincon@imt-atlantique.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name net-cdc_ncm-Fix-multicast-RX-support-for-CDC-NCM-dev.patch
Thomas Zeitlhofer [Tue, 15 Nov 2022 22:09:41 +0000 (23:09 +0100)]
net: neigh: decrement the family specific qlen
Origin: https://git.kernel.org/linus/
8207f253a097fe15c93d85ac15ebb73c5e39e1e1
Bug-Debian: https://bugs.debian.org/
1024070
Commit
0ff4eb3d5ebb ("neighbour: make proxy_queue.qlen limit
per-device") introduced the length counter qlen in struct neigh_parms.
There are separate neigh_parms instances for IPv4/ARP and IPv6/ND, and
while the family specific qlen is incremented in pneigh_enqueue(), the
mentioned commit decrements always the IPv4/ARP specific qlen,
regardless of the currently processed family, in pneigh_queue_purge()
and neigh_proxy_process().
As a result, with IPv6/ND, the family specific qlen is only incremented
(and never decremented) until it exceeds PROXY_QLEN, and then, according
to the check in pneigh_enqueue(), neighbor solicitations are not
answered anymore. As an example, this is noted when using the
subnet-router anycast address to access a Linux router. After a certain
amount of time (in the observed case, qlen exceeded PROXY_QLEN after two
days), the Linux router stops answering neighbor solicitations for its
subnet-router anycast address and effectively becomes unreachable.
Another result with IPv6/ND is that the IPv4/ARP specific qlen is
decremented more often than incremented. This leads to negative qlen
values, as a signed integer has been used for the length counter qlen,
and potentially to an integer overflow.
Fix this by introducing the helper function neigh_parms_qlen_dec(),
which decrements the family specific qlen. Thereby, make use of the
existing helper function neigh_get_dev_parms_rcu(), whose definition
therefore needs to be placed earlier in neighbour.c. Take the family
member from struct neigh_table to determine the currently processed
family and appropriately call neigh_parms_qlen_dec() from
pneigh_queue_purge() and neigh_proxy_process().
Additionally, use an unsigned integer for the length counter qlen.
Fixes: 0ff4eb3d5ebb ("neighbour: make proxy_queue.qlen limit per-device")
Signed-off-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
Signed-off-by: David S. Miller <davem@davemloft.net>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name net-neigh-decrement-the-family-specific-qlen.patch
Ben Hutchings [Wed, 13 Apr 2016 20:48:06 +0000 (21:48 +0100)]
fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers
Bug-Debian: https://bugs.debian.org/819725
Forwarded: http://mid.gmane.org/
20160517133631.GF7555@decadent.org.uk
This helps initramfs builders and other tools to find the full
dependencies of a module.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name fs-add-module_softdep-declarations-for-hard-coded-cr.patch
Ian Campbell [Wed, 20 Nov 2013 08:30:14 +0000 (08:30 +0000)]
phy/marvell: disable 4-port phys
Bug-Debian: https://bugs.debian.org/723177
Forwarded: http://thread.gmane.org/gmane.linux.debian.devel.bugs.general/
1107774/
The Marvell PHY was originally disabled because it can cause networking
failures on some systems. According to Lennert Buytenhek this is because some
of the variants added did not share the same register layout. Since the known
cases are all 4-ports disable those variants (indicated by a 4 in the
penultimate position of the model name) until they can be audited for
correctness.
[bwh: Also #if-out the init functions for these PHYs to avoid
compiler warnings]
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name disable-some-marvell-phys.patch
Ard Biesheuvel [Fri, 1 Jul 2022 13:53:22 +0000 (15:53 +0200)]
arm64: compat: Implement misalignment fixups for multiword loads
Origin: https://git.kernel.org/linus/
3fc24ef32d3b9368f4c103dcd21d6a3f959b4870
The 32-bit ARM kernel implements fixups on behalf of user space when
using LDM/STM or LDRD/STRD instructions on addresses that are not 32-bit
aligned. This is not something that is supported by the architecture,
but was done anyway to increase compatibility with user space software,
which mostly targeted x86 at the time and did not care about aligned
accesses.
This feature is one of the remaining impediments to being able to switch
to 64-bit kernels on 64-bit capable hardware running 32-bit user space,
so let's implement it for the arm64 compat layer as well.
Note that the intent is to implement the exact same handling of
misaligned multi-word loads and stores as the 32-bit kernel does,
including what appears to be missing support for user space programs
that rely on SETEND to switch to a different byte order and back. Also,
like the 32-bit ARM version, we rely on the faulting address reported by
the CPU to infer the memory address, instead of decoding the instruction
fully to obtain this information.
This implementation is taken from the 32-bit ARM tree, with all pieces
removed that deal with instructions other than LDRD/STRD and LDM/STM, or
that deal with alignment exceptions taken in kernel mode.
Cc: debian-arm@lists.debian.org
Cc: Vagrant Cascadian <vagrant@debian.org>
Cc: Riku Voipio <riku.voipio@iki.fi>
Cc: Steve McIntyre <steve@einval.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20220701135322.3025321-1-ardb@kernel.org
[catalin.marinas@arm.com: change the option to 'default n']
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Gbp-Pq: Topic features/arm64
Gbp-Pq: Name arm64-compat-Implement-misalignment-fixups-for-multi.patch
Ben Hutchings [Mon, 12 Feb 2018 23:59:26 +0000 (23:59 +0000)]
x86: Make x32 syscall support conditional on a kernel parameter
Bug-Debian: https://bugs.debian.org/708070
Forwarded: https://lore.kernel.org/lkml/
1415245982.3398.53.camel@decadent.org.uk/T/#u
Enabling x32 in the standard amd64 kernel would increase its attack
surface while provide no benefit to the vast majority of its users.
No-one seems interested in regularly checking for vulnerabilities
specific to x32 (at least no-one with a white hat).
Still, adding another flavour just to turn on x32 seems wasteful. And
the only differences on syscall entry are a few instructions that mask
out the x32 flag and compare the syscall number.
Use a static key to control whether x32 syscalls are really enabled, a
Kconfig parameter to set its default value and a kernel parameter
"syscall.x32" to change it at boot time.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-make-x32-syscall-support-conditional.patch
Ben Hutchings [Mon, 5 Dec 2011 04:00:58 +0000 (04:00 +0000)]
x86: memtest: WARN if bad RAM found
Bug-Debian: https://bugs.debian.org/613321
Forwarded: http://thread.gmane.org/gmane.linux.kernel/
1286471
Since this is not a particularly thorough test, if we find any bad
bits of RAM then there is a fair chance that there are other bad bits
we fail to detect.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-memtest-WARN-if-bad-RAM-found.patch
Geoff Levand [Wed, 13 Jun 2018 17:56:08 +0000 (10:56 -0700)]
arm64/acpi: Add fixup for HPE m400 quirks
Forwarded: https://patchwork.codeaurora.org/patch/547277/
Adds a new ACPI init routine acpi_fixup_m400_quirks that adds
a work-around for HPE ProLiant m400 APEI firmware problems.
The work-around disables APEI when CONFIG_ACPI_APEI is set and
m400 firmware is detected. Without this fixup m400 systems
experience errors like these on startup:
[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 2
[Hardware Error]: event severity: fatal
[Hardware Error]: Error 0, type: fatal
[Hardware Error]: section_type: memory error
[Hardware Error]: error_status: 0x0000000000001300
[Hardware Error]: error_type: 10, invalid address
Kernel panic - not syncing: Fatal hardware error!
Signed-off-by: Geoff Levand <geoff@infradead.org>
[bwh: Adjust context to apply to Linux 4.19]
Gbp-Pq: Topic bugfix/arm64
Gbp-Pq: Name arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch
Krzysztof Kozlowski [Wed, 29 Aug 2018 07:32:23 +0000 (09:32 +0200)]
powerpc/boot: Fix missing crc32poly.h when building with KERNEL_XZ
Origin: https://patchwork.ozlabs.org/patch/963258/
After commit
faa16bc404d7 ("lib: Use existing define with
polynomial") the lib/xz/xz_crc32.c includes a header from include/linux
directory thus any other user of this code should define proper include
path.
This fixes the build error on powerpc with CONFIG_KERNEL_XZ:
In file included from ../arch/powerpc/boot/../../../lib/decompress_unxz.c:233:0,
from ../arch/powerpc/boot/decompress.c:42:
../arch/powerpc/boot/../../../lib/xz/xz_crc32.c:18:29: fatal error: linux/crc32poly.h: No such file or directory
Reported-by: Michal Kubecek <mkubecek@suse.cz>
Fixes: faa16bc404d7 ("lib: Use existing define with polynomial")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Michal Kubecek <mkubecek@suse.cz>
Gbp-Pq: Topic bugfix/powerpc
Gbp-Pq: Name powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch
Ben Hutchings [Wed, 11 Jul 2018 22:40:55 +0000 (23:40 +0100)]
ARM: mm: Export __sync_icache_dcache() for xen-privcmd
Forwarded: https://marc.info/?l=linux-arm-kernel&m=
153134944429241
The xen-privcmd driver, which can be modular, calls set_pte_at()
which in turn may call __sync_icache_dcache().
The call to __sync_icache_dcache() may be optimised out because it is
conditional on !pte_special(), and xen-privcmd calls pte_mkspecial().
However, in a non-LPAE configuration there is no "special" bit and the
call is really unconditional.
Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/arm
Gbp-Pq: Name arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch
Ben Hutchings [Sun, 6 Feb 2022 23:00:26 +0000 (00:00 +0100)]
sh: Do not use hyphen in exported variable names
arch/sh/Makefile defines and exports ld-bfd to be used by
arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile. However
some shells, including dash, will not pass through environment
variables whose name includes a hyphen. Usually GNU make does not use
a shell to recurse, but if e.g. $(srctree) contains '~' it will use a
shell here.
Rename the variable to ld_bfd.
(Another instance of this problem was fixed upstream by commit
82977af93a0d "sh: rename suffix-y to suffix_y".)
References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=4.13%7Erc5-1%7Eexp1&stamp=
1502943967&raw=0
Fixes: ef9b542fce00 ("sh: bzip2/lzma uImage support.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/sh
Gbp-Pq: Name sh-boot-do-not-use-hyphen-in-exported-variable-name.patch
Ben Hutchings [Sat, 22 Jul 2017 16:37:33 +0000 (17:37 +0100)]
perf tools: Fix unwind build on i386
Forwarded: no
EINVAL may not be defined when building unwind-libunwind.c with
REMOTE_UNWIND_LIBUNWIND, resulting in a compiler error in
LIBUNWIND__ARCH_REG_ID(). Its only caller, access_reg(), only checks
for a negative return value and doesn't care what it is. So change
-EINVAL to -1.
Fixes: 52ffe0ff02fc ("Support x86(32-bit) cross platform callchain unwind.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name perf-tools-fix-unwind-build-on-i386.patch
Heinrich Schuchardt [Mon, 4 Jun 2018 17:15:23 +0000 (19:15 +0200)]
arm64: dts: rockchip: correct voltage selector on Firefly-RK3399
Bug-Debian: https://bugs.debian.org/900799
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git/patch/?id=
710e8c4a54be82ee8a97324e7b4330bf191e08bf
Without this patch the Firefly-RK3399 board boot process hangs after these
lines:
fan53555-regulator 0-0040: FAN53555 Option[8] Rev[1] Detected!
fan53555-reg: supplied by vcc_sys
vcc1v8_s3: supplied by vcc_1v8
Blacklisting driver fan53555 allows booting.
The device tree uses a value of fcs,suspend-voltage-selector different to
any other board.
Changing this setting to the usual value is sufficient to enable booting
and also matches the value used in the vendor kernel.
Fixes: 171582e00db1 ("arm64: dts: rockchip: add support for firefly-rk3399 board")
Cc: stable@vger.kernel.org
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Gbp-Pq: Topic bugfix/arm64
Gbp-Pq: Name dts-rockchip-correct-voltage-selector-firefly-RK3399.patch
Ben Hutchings [Fri, 17 Feb 2017 01:30:30 +0000 (01:30 +0000)]
ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419
Forwarded: https://www.spinics.net/lists/arm-kernel/msg563610.html
Bug-Debian: https://bugs.debian.org/855017
The old board code for the TS419 assigns MPP pins 15 and 16 as SATA
activity signals (and none as SATA presence signals). Currently the
device tree assigns the SoC's default pinmux groups for SATA, which
conflict with the second Ethernet port.
Reported-by: gmbh@gazeta.pl
Tested-by: gmbh@gazeta.pl
References: https://bugs.debian.org/855017
Cc: stable@vger.kernel.org # 3.15+
Fixes: 934b524b3f49 ("ARM: Kirkwood: Add DT description of QNAP 419")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/arm
Gbp-Pq: Name arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch
Adam Borowski [Tue, 28 Mar 2017 14:55:05 +0000 (16:55 +0200)]
btrfs: warn about RAID5/6 being experimental at mount time
Bug-Debian: https://bugs.debian.org/863290
Origin: https://bugs.debian.org/863290#5
Too many people come complaining about losing their data -- and indeed,
there's no warning outside a wiki and the mailing list tribal knowledge.
Message severity chosen for consistency with XFS -- "alert" makes dmesg
produce nice red background which should get the point across.
Signed-off-by: Adam Borowski <kilobyte@angband.pl>
[bwh: Also add_taint() so this is flagged in bug reports]
Gbp-Pq: Topic debian
Gbp-Pq: Name btrfs-warn-about-raid5-6-being-experimental-at-mount.patch
Ben Hutchings [Wed, 13 Jul 2016 00:37:22 +0000 (01:37 +0100)]
fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS
Forwarded: not-needed
Various free and proprietary AV products use this feature and users
apparently want it. But punting access checks to userland seems like
an easy way to deadlock the system, and there will be nothing we can
do about that. So warn and taint the kernel if this feature is
actually used.
Gbp-Pq: Topic debian
Gbp-Pq: Name fanotify-taint-on-use-of-fanotify_access_permissions.patch
Ben Hutchings [Sat, 18 Mar 2017 20:47:58 +0000 (20:47 +0000)]
fjes: Disable auto-loading
Bug-Debian: https://bugs.debian.org/853976
Forwarded: no
fjes matches a generic ACPI device ID, and relies on its probe
function to distinguish whether that really corresponds to a supported
device. Very few system will need the driver and it wastes memory on
all the other systems where the same device ID appears, so disable
auto-loading.
Gbp-Pq: Topic debian
Gbp-Pq: Name fjes-disable-autoload.patch
Ben Hutchings [Sat, 20 Apr 2013 14:52:02 +0000 (15:52 +0100)]
viafb: Autoload on OLPC XO 1.5 only
Bug-Debian: https://bugs.debian.org/705788
Forwarded: no
It appears that viafb won't work automatically on all the boards for
which it has a PCI device ID match. Currently, it is blacklisted by
udev along with most other framebuffer drivers, so this doesn't matter
much.
However, this driver is required for console support on the XO 1.5.
We need to allow it to be autoloaded on this model only, and then
un-blacklist it in udev.
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name viafb-autoload-on-olpc-xo1.5-only.patch
Ben Hutchings [Wed, 5 Feb 2014 23:01:30 +0000 (23:01 +0000)]
snd-pcsp: Disable autoload
Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/697709
There are two drivers claiming the platform:pcspkr device:
- pcspkr creates an input(!) device that can only beep
- snd-pcsp creates an equivalent input device plus a PCM device that can
play barely recognisable renditions of sampled sound
snd-pcsp is blacklisted by the alsa-base package, but not everyone
installs that. On PCs where no sound is wanted at all, both drivers
will still be loaded and one or other will complain that it couldn't
claim the relevant I/O range.
In case anyone finds snd-pcsp useful, we continue to build it. But
remove the alias, to ensure it's not loaded where it's not wanted.
Gbp-Pq: Topic debian
Gbp-Pq: Name snd-pcsp-disable-autoload.patch
Ben Hutchings [Sun, 31 Mar 2013 02:58:04 +0000 (03:58 +0100)]
cdc_ncm,cdc_mbim: Use NCM by default
Forwarded: not-needed
Devices that support both NCM and MBIM modes should be kept in NCM
mode unless there is userland support for MBIM.
Set the default value of cdc_ncm.prefer_mbim to false and leave it to
userland (modem-manager) to override this with a modprobe.conf file
once it's ready to speak MBIM.
Gbp-Pq: Topic debian
Gbp-Pq: Name cdc_ncm-cdc_mbim-use-ncm-by-default.patch
Ben Hutchings [Tue, 20 Aug 2019 23:32:16 +0000 (00:32 +0100)]
intel-iommu: Add Kconfig option to exclude iGPU by default
Bug-Debian: https://bugs.debian.org/935270
Bug-Kali: https://bugs.kali.org/view.php?id=5644
There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage.
Replace CONFIG_INTEL_IOMMU_DEFAULT_ON with a 3-way choice
corresponding to "on", "off", and "on,intgpu_off".
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch
Ben Hutchings [Tue, 20 Aug 2019 23:05:30 +0000 (00:05 +0100)]
intel-iommu: Add option to exclude integrated GPU only
Bug-Debian: https://bugs.debian.org/935270
Bug-Kali: https://bugs.kali.org/view.php?id=5644
There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage, but turning it off
for all graphics devices seems like a major weakness.
Add an option, intel_iommu=intgpu_off, to exclude only integrated GPUs
from remapping. This is a narrower exclusion than igfx_off: it only
affects Intel devices on the root bus. Devices attached through an
external port (Thunderbolt or ExpressCard) won't be on the root bus.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name intel-iommu-add-option-to-exclude-integrated-gpu-only.patch
Ben Hutchings [Mon, 11 Jan 2016 15:23:55 +0000 (15:23 +0000)]
security,perf: Allow further restriction of perf_event_open
Forwarded: https://lkml.org/lkml/2016/1/11/587
When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.
This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch
Serge Hallyn [Fri, 31 May 2013 18:12:12 +0000 (19:12 +0100)]
add sysctl to disallow unprivileged CLONE_NEWUSER by default
Origin: http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=
5c847404dcb2e3195ad0057877e1422ae90892b8
add sysctl to disallow unprivileged CLONE_NEWUSER by default
This is a short-term patch. Unprivileged use of CLONE_NEWUSER
is certainly an intended feature of user namespaces. However
for at least saucy we want to make sure that, if any security
issues are found, we have a fail-safe.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
[bwh: Keep this sysctl, but change the default to enabled]
Gbp-Pq: Topic debian
Gbp-Pq: Name add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
Ben Hutchings [Wed, 19 Jun 2013 03:35:28 +0000 (04:35 +0100)]
yama: Disable by default
Bug-Debian: https://bugs.debian.org/712740
Forwarded: not-needed
Gbp-Pq: Topic debian
Gbp-Pq: Name yama-disable-by-default.patch
Ben Hutchings [Wed, 16 Mar 2011 03:17:06 +0000 (03:17 +0000)]
sched: Do not enable autogrouping by default
Forwarded: not-needed
We want to provide the option of autogrouping but without enabling
it by default yet.
Gbp-Pq: Topic debian
Gbp-Pq: Name sched-autogroup-disabled.patch
Ben Hutchings [Fri, 2 Nov 2012 05:32:06 +0000 (05:32 +0000)]
fs: Enable link security restrictions by default
Bug-Debian: https://bugs.debian.org/609455
Forwarded: not-needed
This reverts commit
561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').
Gbp-Pq: Topic debian
Gbp-Pq: Name fs-enable-link-security-restrictions-by-default.patch
Ben Hutchings [Sun, 4 Aug 2019 23:29:11 +0000 (00:29 +0100)]
hamradio: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.
The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
Ben Hutchings [Thu, 16 Feb 2017 19:09:17 +0000 (19:09 +0000)]
dccp: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.
The 'dccp' protocol is not actively maintained or widely used.
Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch
Ben Hutchings [Sat, 20 Nov 2010 02:24:55 +0000 (02:24 +0000)]
[PATCH] decnet: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'decnet' protocol is unmaintained and of mostly historical
interest, and the user-space support package 'dnet-common' loads the
module explicitly. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name decnet-Disable-auto-loading-as-mitigation-against-lo.patch
Ben Hutchings [Fri, 19 Nov 2010 02:12:48 +0000 (02:12 +0000)]
[PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name rds-Disable-auto-loading-as-mitigation-against-local.patch
Ben Hutchings [Fri, 19 Nov 2010 02:12:48 +0000 (02:12 +0000)]
[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Ben Hutchings [Mon, 12 Mar 2018 01:14:03 +0000 (01:14 +0000)]
firmware_class: Refer to Debian wiki page when logging missing firmware
Bug-Debian: https://bugs.debian.org/888405
Forwarded: not-needed
If firmware loading fails due to a missing file, log a second error
message referring to our wiki page about firmware. This will explain
why some firmware is in non-free, or can't be packaged at all. Only
do this once per boot.
Do something similar in the radeon and amdgpu drivers, where we have
an early check to avoid failing at a point where we cannot display
anything.
Gbp-Pq: Topic debian
Gbp-Pq: Name firmware_class-refer-to-debian-wiki-firmware-page.patch
Ben Hutchings [Tue, 8 Jan 2013 03:25:52 +0000 (03:25 +0000)]
radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward
Bug-Debian: https://bugs.debian.org/607194
Bug-Debian: https://bugs.debian.org/607471
Bug-Debian: https://bugs.debian.org/610851
Bug-Debian: https://bugs.debian.org/627497
Bug-Debian: https://bugs.debian.org/632212
Bug-Debian: https://bugs.debian.org/637943
Bug-Debian: https://bugs.debian.org/649448
Bug-Debian: https://bugs.debian.org/697229
Forwarded: no
radeon requires firmware/microcode for the GPU in all chips, but for
newer chips (apparently R600 'Evergreen' onward) it also expects
firmware for the memory controller and other sub-blocks.
radeon attempts to gracefully fall back and disable some features if
the firmware is not available, but becomes unstable - the framebuffer
and/or system memory may be corrupted, or the display may stay black.
Therefore, perform a basic check for the existence of
/lib/firmware/{radeon,amdgpu} when a device is probed, and abort if it
is missing, except for the pre-R600 case.
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch
Ben Hutchings [Sun, 9 Dec 2012 16:40:31 +0000 (16:40 +0000)]
firmware: Remove redundant log messages from drivers
Forwarded: no
Now that firmware_class logs every success and failure consistently,
many other log messages can be removed from drivers.
This will probably need to be split up into multiple patches prior to
upstream submission.
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware-remove-redundant-log-messages-from-drivers.patch
Ben Hutchings [Sun, 9 Dec 2012 16:02:00 +0000 (16:02 +0000)]
firmware_class: Log every success and failure against given device
Forwarded: no
The hundreds of users of request_firmware() have nearly as many
different log formats for reporting failures. They also have only the
vaguest hint as to what went wrong; only firmware_class really knows
that. Therefore, add specific log messages for the failure modes that
aren't currently logged.
In case of a driver that tries multiple names, this may result in the
impression that it failed to initialise. Therefore, also log successes.
This makes many error messages in drivers redundant, which will be
removed in later patches.
This does not cover the case where we fall back to a user-mode helper
(which is no longer enabled in Debian).
NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n"
format to detect missing firmware.
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware_class-log-every-success-and-failure.patch
Ben Hutchings [Sat, 26 Nov 2022 15:06:48 +0000 (15:06 +0000)]
iwlwifi: Do not request unreleased firmware for IWL6000
Bug-Debian: https://bugs.debian.org/689416
Forwarded: not-needed
The iwlwifi driver currently supports firmware API versions 4-6 for
these devices. It will request the file for the latest supported
version and then fall back to earlier versions. However, the latest
version that has actually been released is 4, so we expect the
requests for versions 6 and then 5 to fail.
The installer appears to report any failed request, and it is probably
not easy to detect that this particular failure is harmless. So stop
requesting the unreleased firmware.
Gbp-Pq: Topic debian
Gbp-Pq: Name iwlwifi-do-not-request-unreleased-firmware.patch
Ben Hutchings [Mon, 24 Aug 2009 22:19:58 +0000 (23:19 +0100)]
af9005: Use request_firmware() to load register init script
Forwarded: no
Read the register init script from the Windows driver. This is sick
but should avoid the potential copyright infringement in distributing
a version of the script which is directly derived from the driver.
Gbp-Pq: Topic features/all
Gbp-Pq: Name drivers-media-dvb-usb-af9005-request_firmware.patch
Ben Hutchings [Thu, 15 Sep 2022 00:14:03 +0000 (02:14 +0200)]
Makefile: Make compiler version comparison optional
Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/
1019749
The top-level Makefile warns if the compiler version string changes at
all between the kernel build and an out-of-tree module build.
We expect that major compiler version changes could introduce ABI
changes, and override the CC variable in out-of-tree module builds to
ensure that the same major compiler version is used. But minor
version changes should not make a difference, so this exact version
comparison produces false warnings.
Since custom kernel packages don't have that, don't remove the version
comparison. Instead, skip it if $(DEBIAN_KERNEL_NO_CC_VERSION_CHECK)
is non-empty.
Gbp-Pq: Topic debian
Gbp-Pq: Name makefile-make-compiler-version-comparison-optional.patch
Ben Hutchings [Fri, 13 May 2022 19:08:08 +0000 (21:08 +0200)]
module: Avoid ABI changes when debug info is disabled
Forwarded: not-needed
CI builds are done with debug info disabled, but this removes some
members from struct module. This causes builds to fail if there is an
ABI reference for the current ABI.
Define these members unconditionally, so that there is no ABI change.
Gbp-Pq: Topic debian
Gbp-Pq: Name module-avoid-abi-changes-when-debug-info-is-disabled.patch
Ben Hutchings [Mon, 26 Apr 2021 16:27:16 +0000 (18:27 +0200)]
kbuild: Abort build if SUBDIRS used
Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/987575
DKMS and module-assistant both build OOT modules as root. If they
build an old OOT module that still use SUBDIRS this causes Kbuild
to try building a full kernel, which obviously fails but not before
deleting files from the installed headers package.
To avoid such mishaps, detect this situation and abort the build.
The error message is based on that used in commit
0126be38d988
"kbuild: announce removal of SUBDIRS if used".
Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-abort-build-if-subdirs-used.patch
Ben Hutchings [Thu, 10 Dec 2020 16:31:39 +0000 (17:31 +0100)]
kbuild: Look for module.lds under arch directory too
Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/975571
The module.lds linker script is now built under the scripts directory,
where previously it was under arch/$(SRCARCH).
However, we package the scripts directory as linux-kbuild, which is
meant to be able to do support native and cross-builds. That means it
shouldn't contain files for a specific target architecture without a
wrapper to select between them, and it doesn't appear that linker
scripts are powerful enough to implement such a wrapper.
Building module.lds in a different location would require relatively
large changes. Moving it in the package build rules can work, but we
need to support custom kernel builds from the same source so we can't
assume it's moved.
Therefore, we move module.lds under the arch build directory in
rules.real and change Makefile.modfinal to look for it in both places.
Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-look-for-module.lds-under-arch-directory-too.patch
Bastian Blank [Tue, 4 Aug 2020 09:44:37 +0000 (09:44 +0000)]
[PATCH 2/2] perf/traceevent: Support asciidoctor for documentation
From
cd02fc78859ef9aefd7c92406f9523622da0b472 Mon Sep 17 00:00:00 2001
Forwarded: not-needed
Gbp-Pq: Topic debian
Gbp-Pq: Name perf-traceevent-support-asciidoctor-for-documentatio.patch
Bastian Blank [Tue, 4 Aug 2020 09:44:19 +0000 (09:44 +0000)]
[PATCH 1/2] Documentation: Drop sphinx version check
From
252aa79fdbd4ac2da09d9b98f81bf11f5e3e1870 Mon Sep 17 00:00:00 2001
Forwarded: not-needed
Gbp-Pq: Topic debian
Gbp-Pq: Name documentation-drop-sphinx-version-check.patch
Ben Hutchings [Fri, 22 Jun 2018 16:27:00 +0000 (17:27 +0100)]
android: Enable building ashmem and binder as modules
Bug-Debian: https://bugs.debian.org/901492
We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.
- Add a MODULE_LICENSE declaration to ashmem
- Change the Makefiles to build each driver as an object with the
"_linux" suffix (which is what Anbox expects)
- Change config symbol types to tristate
Update:
In upstream commit
721412ed3d titled "staging: remove ashmem" the ashmem
driver was removed entirely. Secondary commit message:
"The mainline replacement for ashmem is memfd, so remove the legacy
code from drivers/staging/"
Consequently, the ashmem part of this patch has been removed.
Gbp-Pq: Topic debian
Gbp-Pq: Name android-enable-building-ashmem-and-binder-as-modules.patch
Ben Hutchings [Mon, 7 Sep 2020 01:51:53 +0000 (02:51 +0100)]
Export symbols needed by Android drivers
Bug-Debian: https://bugs.debian.org/901492
We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.
Export the currently un-exported symbols they depend on.
Gbp-Pq: Topic debian
Gbp-Pq: Name export-symbols-needed-by-android-drivers.patch
Ben Hutchings [Fri, 13 Apr 2018 19:10:28 +0000 (20:10 +0100)]
wireless: Add Debian wireless-regdb certificates
Forwarded: not-needed
This hex dump is generated using:
{
for cert in debian/certs/wireless-regdb-*.pem; do
openssl x509 -in $cert -outform der;
done
} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex
Gbp-Pq: Topic debian
Gbp-Pq: Name wireless-add-debian-wireless-regdb-certificates.patch
Adriaan Schmidt [Mon, 4 Apr 2022 11:38:33 +0000 (13:38 +0200)]
tools: install perf python bindings
Bug-Debian: http://bugs.debian.org/860957
Forwarded: not-needed
Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-install-python-bindings.patch
Ben Hutchings [Mon, 11 May 2015 02:51:07 +0000 (02:51 +0000)]
linux-tools: Install perf-read-vdso{,x}32 in directory under /usr/lib
Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-perf-read-vdso-in-libexec.patch
Nobuhiro Iwamatsu [Sat, 26 Nov 2022 15:06:48 +0000 (15:06 +0000)]
[sh4] Fix uImage build
Bug-Debian: https://bugs.debian.org/569034
Forwarded: not-needed
[bwh: This was added without a description, but I think it is done
only to avoid a build-dependency on u-boot-tools.]
Gbp-Pq: Topic debian
Gbp-Pq: Name arch-sh4-fix-uimage-build.patch
YunQiang Su [Mon, 16 Nov 2020 01:11:00 +0000 (09:11 +0800)]
Use RELAXED ieee754 mode for Loongson-3 as 3A 4000 is 2008-only
Forwarded: not-needed
There are 2 mode of value of IEEE NaN hardcoded by CPU.
Currently, our mipsel/mips64el port is in so-called lagacy mode.
Loongson 3A 4000 is set as the so-called 2008 mode.
To make Debian workable on Loongson 3A 4000, we need set the kerenl in
RELAXED mode.
https://web.archive.org/web/
20180830093617/https://dmz-portal.mips.com/wiki/MIPS_ABI_-_NaN_Interlinking
Gbp-Pq: Topic debian
Gbp-Pq: Name mips-ieee754-relaxed.patch
YunQiang Su [Mon, 14 May 2018 08:16:18 +0000 (16:16 +0800)]
Disable uImage generation for mips generic
Forwarded: not-needed
MIPS generic trys to generate uImage when build, which then ask for
u-boot-tools.
[bwh: Updated for 5.17:
- zload-y is no longer assigned here and appears to default to empty
- Adjust context]
Gbp-Pq: Topic debian
Gbp-Pq: Name mips-boston-disable-its.patch
Ben Hutchings [Mon, 13 Sep 2010 01:16:18 +0000 (02:16 +0100)]
[PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild"
Forwarded: not-needed
This reverts commits
66f9ba101f54bda63ab1db97f9e9e94763d0651b and
5373633cc9253ba82547473e899cab141c54133e.
We really don't want to add -Werror anywhere.
Gbp-Pq: Topic debian
Gbp-Pq: Name mips-disable-werror.patch
dann frazier [Mon, 26 Mar 2007 22:30:51 +0000 (16:30 -0600)]
Hardcode arch script output
Bug-Debian: https://bugs.debian.org/392592
Forwarded: not-needed
Here's a patch that simply uses hardcoded definitions instead of
doing the dynamic tests that require architecture-specific scripts.
I don't particularly like this approach because it restricts
portability and diverts from upstream. But, it is simpler, and this
really needs to be fixed somehow before etch (along with a rebuild of
linux-modules-extra-2.6), so I'm willing to live with it if my other
patch is deemed unacceptable.
My primary concern is that, in the future, the output of these scripts
will change and we (or our successors) will either not notice or
forget to update the hardcoded values.
Including the scripts in linux-kbuild will avoid this manual step
altogether, and allow for the possibility of other archs to provide
their own scripts in the future.
Gbp-Pq: Topic debian
Gbp-Pq: Name ia64-hardcode-arch-script-output.patch
Bastian Blank [Sun, 22 Feb 2009 14:39:35 +0000 (15:39 +0100)]
kbuild: Make the toolchain variables easily overwritable
Forwarded: not-needed
Allow make variables to be overridden for each flavour by a file in
the build tree, .kernelvariables.
We currently use this for ARCH, KERNELRELEASE, CC, and in some cases
also CROSS_COMPILE, KCFLAGS.
This file can only be read after we establish the build tree, and all
use of $(ARCH) needs to be moved after this.
[bwh: Updated for 5.3: include .kernelvariables from current directory
rather than using undefined $(obj).]
Gbp-Pq: Topic debian
Gbp-Pq: Name kernelvariables.patch
Ben Hutchings [Tue, 12 May 2015 18:29:22 +0000 (19:29 +0100)]
Make mkcompile_h accept an alternate timestamp string
Forwarded: not-needed
We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.
Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.
Gbp-Pq: Topic debian
Gbp-Pq: Name uname-version-timestamp.patch
Ben Hutchings [Tue, 24 Jul 2012 02:13:10 +0000 (03:13 +0100)]
Include package version along with kernel release in stack traces
Forwarded: not-needed
For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.
Gbp-Pq: Topic debian
Gbp-Pq: Name version.patch
Ben Hutchings [Sat, 24 Aug 2019 18:00:41 +0000 (19:00 +0100)]
Documentation: Fix broken link to CIPSO draft
Forwarded: not-needed
We exclude the CIPSO draft text as its licence is not DFSG compliant.
Link to the IETF's online version instead.
Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name documentation-fix-broken-link-to-cipso-draft.patch
Ben Hutchings [Sat, 2 Jun 2012 18:53:38 +0000 (19:53 +0100)]
video: Remove nvidiafb and rivafb
Bug-Debian: https://bugs.debian.org/383481
Forwarded: no
These drivers contain register programming code provided by the
hardware vendor that appears to have been deliberately obfuscated.
This is arguably not the preferred form for modification.
These drivers are also largely redundant with nouveau. The RIVA 128
(NV3) is not supported by nouveau but is about 15 years old and
probably discontinued 10 years ago.
Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name video-remove-nvidiafb-and-rivafb.patch
Frederik Schüler [Fri, 5 Jan 2007 15:55:24 +0000 (15:55 +0000)]
Add removal patches for: 3c359, smctr, keyspan, cops
Forwarded: not-needed
Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-net-appletalk-cops.patch
Ben Hutchings [Sun, 27 May 2012 00:56:58 +0000 (01:56 +0100)]
vs6624: mark as broken
Forwarded: not-needed
Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name vs6624-disable.patch
Ben Hutchings [Mon, 17 Aug 2009 01:45:41 +0000 (02:45 +0100)]
dvb-usb-af9005: mark as broken
Forwarded: not-needed
Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-media-dvb-dvb-usb-af9005-disable.patch
Ben Hutchings [Mon, 13 Apr 2009 16:34:00 +0000 (17:34 +0100)]
Remove microcode patches for mgsuvd (not enabled in Debian configs)
Forwarded: not-needed
Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name arch-powerpc-platforms-8xx-ucode-disable.patch
Ian Campbell [Thu, 17 Jan 2013 08:55:21 +0000 (08:55 +0000)]
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
Salvatore Bonaccorso [Sat, 26 Nov 2022 15:06:48 +0000 (15:06 +0000)]
linux (6.0.10-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.9
- [x86] thunderbolt: Add DP OUT resource when DP tunnel is discovered
- [x86] drm/i915/gvt: Add missing vfio_unregister_group_dev() call
- KVM: debugfs: Return retval of simple_attr_open() if it fails
- [x86] drm/i915: Allow more varied alternate fixed modes for panels
- [x86] drm/i915: Simplify intel_panel_add_edid_alt_fixed_modes()
- [x86] drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid
WARNs
- drm/amd/display: Acquire FCLK DPM levels on DCN32
- drm/amd/display: Limit dcn32 to 1950Mhz display clock
- drm/amd/display: Set memclk levels to be at least 1 for dcn32
- HID: wacom: Fix logic used for 3rd barrel switch emulation
- [armhf] phy: stm32: fix an error code in probe
- wifi: cfg80211: silence a sparse RCU warning
- wifi: cfg80211: fix memory leak in query_regdb_file()
- soundwire: qcom: reinit broadcast completion
- soundwire: qcom: check for outanding writes before doing a read
- bpf, verifier: Fix memory leak in array reallocation for stack state
- bpf, sockmap: Fix the sk->sk_forward_alloc warning of
sk_stream_kill_queues
- wifi: mac80211: fix general-protection-fault in
ieee80211_subif_start_xmit()
- wifi: mac80211: Set TWT Information Frame Disabled bit as 1
- bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without
FILE
- [x86,arm64] HID: hyperv: fix possible memory leak in mousevsc_probe()
- [arm*] drm/vc4: hdmi: Fix HSM clock too low on Pi4
- bpf, sock_map: Move cancel_work_sync() out of sock lock
- [amd64,arm64] PCI: hv: Fix the definition of vector in
hv_compose_msi_msg()
- bpf: Add helper macro bpf_for_each_reg_in_vstate
- bpf: Fix wrong reg type conversion in release_reference()
- net: gso: fix panic on frag_list with mixed head alloc types
- macsec: delete new rxsc when offload fails
- macsec: fix secy->n_rx_sc accounting
- macsec: fix detection of RXSCs when toggling offloading
- macsec: clear encryption keys from the stack after setting up offload
- net: tun: Fix memory leaks of napi_get_frags
- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
- [s390x] KVM: s390: pv: don't allow userspace to set the clock under PV
- [s390x] KVM: s390: pci: Fix allocation size of aift kzdev elements
- hamradio: fix issue of dev reference count leakage in bpq_device_event()
- [amd64] net: wwan: iosm: fix memory leak in ipc_wwan_dellink
- net: wwan: mhi: fix memory leak in mhi_mbim_dellink
- [arm*] drm/vc4: Fix missing platform_unregister_drivers() call in
vc4_drm_register()
- tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
- [x86] platform/x86: p2sb: Don't fail if unknown CPU is found
- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
- can: af_can: fix NULL pointer dereference in can_rx_register()
- [x86] drm/i915/psr: Send update also on invalidate
- [x86] drm/i915: Do not set cache_dirty for DGFX
- [arm64,armhf] net: stmmac: dwmac-meson8b: fix
meson8b_devm_clk_prepare_enable()
- tipc: fix the msg->req tlv len check in
tipc_nl_compat_name_table_dump_header
- [amd64] dmanegine: idxd: reformat opcap output to match bitmap_parse()
input
- [amd64] dmaengine: idxd: Fix max batch size for Intel IAA
- [amd64] dmaengine: idxd: fix RO device state error after been
disabled/reset
- [arm64] dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
- [armhf] dmaengine: stm32-dma: fix potential race between pause and resume
- [arm64] drivers: net: xgene: disable napi when register irq failed in
xgene_enet_open()
- netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
- netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
- net: tun: call napi_schedule_prep() to ensure we own a napi
- [amd64] net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg
- [amd64] net: wwan: iosm: fix invalid mux header type
- net/mlx5: Bridge, verify LAG state when adding bond to bridge
- net/mlx5: Allow async trigger completion execution on single CPU systems
- net/mlx5: E-switch, Set to legacy mode if failed to change switchdev mode
- net/mlx5: fw_reset: Don't try to load device in case PCI isn't working
- net/mlx5e: Add missing sanity checks for max TX WQE size
- net/mlx5e: Fix tc acts array not to be dependent on enum order
- net/mlx5e: TC, Fix wrong rejection of packet-per-second policing
- net/mlx5e: E-Switch, Fix comparing termination table instance
- ice: Fix spurious interrupt during removal of trusted VF
- iavf: Fix VF driver counting VLAN 0 filters
- [armhf] net: cpsw: disable napi in cpsw_ndo_open()
- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
- [x86] stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz
- mctp: Fix an error handling path in mctp_init()
- cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in
cxgb4vf_open()
- net: phy: mscc: macsec: clear encryption keys when freeing a flow
- net: atlantic: macsec: clear encryption keys from the stack
- ethernet: s2io: disable napi when start nic failed in s2io_card_up()
- [armel,armhf] net: mv643xx_eth: disable napi when init rxq or txq failed
in mv643xx_eth_open()
- ALSA: memalloc: Don't fall back for SG-buffer with IOMMU
- net: macvlan: fix memory leaks of macvlan_common_newlink
- [riscv64] process: fix kernel info leakage
- [riscv64] vdso: fix build with llvm
- [riscv64] fix reserved memory setup
- [arm64] efi: Fix handling of misaligned runtime regions and drop warning
- [mips*] jump_label: Fix compat branch range check
- drm/amdgpu: Fix the lpfn checking condition in drm buddy
- [arm64] mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
- [arm64,armhf] mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
- [arm64,armhf] mmc: sdhci-esdhc-imx: use the correct host caps for
MMC_CAP_8_BIT_DATA
- ALSA: hda/hdmi - enable runtime pm for more AMD display audio
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
- ALSA: hda: fix potential memleak in 'add_widget_node'
- ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41
- ALSA: hda/realtek: Add Positivo C6300 model quirk
- ALSA: usb-audio: Yet more regression for for the delayed card registration
- ALSA: usb-audio: Add quirk entry for M-Audio Micro
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60
- vmlinux.lds.h: Fix placement of '.data..decrypted' section
- ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
- nilfs2: fix deadlock in nilfs_count_free_blocks()
- nilfs2: fix use-after-free bug of ns_writer on remount
- [x86] drm/i915/dmabuf: fix sg_table handling in map_dma_buf
- drm/amd/display: Fix reg timeout in enc314_enable_fifo
- drm/amd/pm: update SMU IP v13.0.4 msg interface header
- drm/amd/display: Update SR watermarks for DCN314
- drm/amdgpu: workaround for TLB seq race
- drm/amdgpu: disable BACO on special BEIGE_GOBY card
- [x86] platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
- btrfs: fix match incorrectly in dev_args_match_device
- btrfs: zoned: clone zoned device info when cloning a device
- btrfs: zoned: initialize device's zone info for seeding
- io_uring: check for rollover of buffer ID when providing buffers
- [arm64] phy: qcom-qmp-combo: fix NULL-deref on runtime resume
- [arm64,armhf] mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
- [x86] arch/x86/mm/hugetlbpage.c: pud_huge() returns 0 when using 2-level
paging (Closes: #
1023025)
- [amd64,arm64] mm: hugetlb_vmemmap: include missing linux/moduleparam.h
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual
Addressing
- [amd64] mm/memremap.c: map FS_DAX device memory as decrypted
- mm/shmem: use page_mapping() to detect page cache for uffd continue
- can: j1939: j1939_send_one(): fix missing CAN header initialization
- can: isotp: fix tx state handling for echo tx processing
- [x86] KVM: x86/mmu: Block all page faults during kvm_zap_gfn_range()
- [x86] KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't
exist yet
- [x86] KVM: x86: use a separate asm-offsets.c file
- [x86] KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm
- [x86] KVM: SVM: adjust register allocation for __svm_vcpu_run()
- [x86] KVM: SVM: Only dump VMSA to klog at KERN_DEBUG level
- [x86] KVM: SVM: retrieve VMCB from assembly
- [x86] KVM: SVM: move guest vmsave/vmload back to assembly
- can: dev: fix skb drop check
- ALSA: memalloc: Try dma_alloc_noncontiguous() at first
- [x86] cpu: Restore AMD's DE_CFG MSR after resume
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.10
- [arm64] drm/msm/gpu: Fix crash during system suspend after unbind
- [x86] ASoC: rt5682s: Fix the TDM Tx settings
- [x86] ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15
- [x86] ASoC: Intel: sof_rt5682: Add quirk for Rex board
- [x86] ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo
ThinkBook 16 Gen 4+ ARA to the Quirks List
- [x86] ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table
- drm/amdgpu: Adjust MES polling timeout for sriov
- [x86] platform/x86: thinkpad_acpi: Fix reporting a non present second fan
on some models
- [x86] platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core
driver
- drm/amd/display: Remove wrong pipe control lock
- drm/amd/display: Don't return false if no stream
- drm/scheduler: fix fence ref counting
- ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[]
- btrfs: raid56: properly handle the error when unable to find the missing
stripe
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
- SUNRPC: Fix crasher in gss_unwrap_resp_integ()
- [x86] ACPI: x86: Add another system to quirk list for forcing
StorageD3Enable
- block: blk_add_rq_to_plug(): clear stale 'last' after flush
- [arm64,armhf] i2c: tegra: Allocate DMA memory for DMA engine
- [x86] i2c: i801: add lis3lv02d's I2C address for Vostro 5568
- btrfs: remove pointless and double ulist frees in error paths of qgroup
tests
- drm/amd/display: Ignore Cable ID Feature
- drm/amd/display: Enable timing sync on DCN32
- drm/amdgpu: set fb_modifiers_not_supported in vkms
- drm/amd: Fail the suspend if resources can't be evicted
- drm/amd/display: Fix DCN32 DSC delay calculation
- drm/amd/display: Use forced DSC bpp in DML
- drm/amd/display: Round up DST_after_scaler to nearest int
- drm/amd/display: Investigate tool reported FCLK P-state deviations
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
- [x86] cpu: Add several Intel server CPU model numbers
- cifs: always iterate smb sessions using primary channel
- [arm64] mm: fold check for KFENCE into can_set_direct_map()
- [arm64] fix rodata=full again
- hugetlb: rename remove_huge_page to hugetlb_delete_from_page_cache
- hugetlbfs: don't delete error page from pagecache
- [x86] KVM: SVM: remove dead field from struct svm_cpu_data
- [x86] KVM: SVM: do not allocate struct svm_cpu_data dynamically
- [x86] KVM: SVM: restore host save area from assembly
- [x86] KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly
- [arm64] dts: qcom: sa8155p-adp: Specify which LDO modes are allowed
- [arm64] dts: qcom: sa8295p-adp: Specify which LDO modes are allowed
- [arm64] dts: qcom: sc8280xp-crd: Specify which LDO modes are allowed
- [arm64] dts: qcom: sm8350-hdk: Specify which LDO modes are allowed
- [armhf] spi: stm32: Print summary 'callbacks suppressed' message
- ASoC: core: Fix use-after-free in snd_soc_exit()
- [arm64] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
- [arm64] tty: serial: fsl_lpuart: don't break the on-going transfer when
global reset
- [arm64,armhf] serial: imx: Add missing .thaw_noirq hook
- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
- ASoC: rt5514: fix legacy dai naming
- ASoC: rt5677: fix legacy dai naming
- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
- bnxt_en: refactor bnxt_cancel_reservations()
- bnxt_en: fix the handling of PCIE-AER
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
- [arm64,armhf] pinctrl: rockchip: list all pins in a possible mux route for
PX30
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
- sctp: remove the unnecessary sinfo_stream check in
sctp_prsctp_prune_unsent
- sctp: clear out_curr if all frag chunks of current msg are pruned
- erofs: clean up .read_folio() and .readahead() in fscache mode
- erofs: get correct count for unmapped range in fscache mode
- block: sed-opal: kmalloc the cmd/resp buffers
- nfsd: put the export reference in nfsd4_verify_deleg_dentry
- bpf: Fix memory leaks in __check_func_call
- io_uring: calculate CQEs from the user visible value
- nvmet: fix a memory leak
- parport_pc: Avoid FIFO port location truncation
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
- [arm*] drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms
- [arm64,armhf] drm/panel: simple: set bpc field for logic technologies
displays
- drm/drv: Fix potential memory leak in drm_dev_init()
- [arm64] dts: imx8mm-tqma8mqml-mba8mx: Fix USB DR
- erofs: put metabuf in error path in fscache mode
- ata: libata-transport: fix double ata_host_put() in ata_tport_add()
- ata: libata-transport: fix error handling in ata_tport_add()
- ata: libata-transport: fix error handling in ata_tlink_add()
- ata: libata-transport: fix error handling in ata_tdev_add()
- nfp: change eeprom length to max length enumerators
- [mips*] fix duplicate definitions for exported symbols
- io_uring/poll: fix double poll req->flags races
- cifs: Fix connections leak when tlink setup failed
- bpf: Initialize same number of free nodes for each pcpu_freelist
- ata: libata-core: do not issue non-internal commands once EH is pending
- mISDN: fix possible memory leak in mISDN_dsp_element_register()
- net: hinic: Fix error handling in hinic_module_init()
- net: phy: dp83867: Fix SGMII FIFO depth for non OF devices
- net: stmmac: ensure tx function is not running in stmmac_xdp_release()
- [arm64] soc: imx8m: Enable OCOTP clock before reading the register
- net: liquidio: release resources when liquidio driver open failed
- mISDN: fix misuse of put_device() in mISDN_register_device()
- net: macvlan: Use built-in RCU list checking
- bnxt_en: Remove debugfs when pci_register_driver failed
- [arm64,armhf] drm/lima: Fix opp clkname setting in case of missing
regulator
- net: mhi: Fix memory leak in mhi_net_dellink()
- [arm64,armhf] net: dsa: make dsa_master_ioctl() see through
port_hwtstamp_get() shims
- xen/pcpu: fix possible memory leak in register_pcpu()
- erofs: fix missing xas_retry() in fscache mode
- mlxsw: Avoid warnings when not offloaded FDB entry with IPv6 is removed
- net: ena: Fix error handling in ena_init()
- [arm64] net: hns3: fix incorrect hw rss hash type of rx packet
- [arm64] net: hns3: fix return value check bug of rx copybreak
- [arm64] net: hns3: fix setting incorrect phy link ksettings for firmware
in resetting process
- bridge: switchdev: Fix memory leaks when changing VLAN protocol
- drbd: use after free in drbd_create_device()
- [x86] platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when
virtualized
- [x86] platform/surface: aggregator: Do not check for repeated unsequenced
packets
- netfs: Fix missing xas_retry() calls in xarray iteration
- netfs: Fix dodgy maths
- cifs: add check for returning value of SMB2_close_init
- [arm64,armhf] net: dsa: don't leak tagger-owned storage on switch driver
unbind
- cifs: Fix wrong return value checking when GETFLAGS
- [x86] net: thunderbolt: Fix error handling in tbnet_init()
- cifs: add check for returning value of SMB2_set_info_init
- block: make dma_alignment a stacking queue_limit
- dm-crypt: provide dma_alignment limit in io_hints
- ftrace: Fix the possible incorrect kernel message
- ftrace: Optimize the allocation for mcount entries
- ftrace: Fix null pointer dereference in ftrace_add_mod()
- ring_buffer: Do not deactivate non-existant pages
- tracing: Fix memory leak in tracing_read_pipe()
- tracing/ring-buffer: Have polling block on watermark
- tracing: Fix memory leak in test_gen_synth_cmd() and
test_empty_synth_event()
- tracing: Fix wild-memory-access in register_synth_event()
- tracing: Fix race where eprobes can be called before the event
- tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in
kprobe_event_gen_test_exit()
- tracing: kprobe: Fix potential null-ptr-deref on trace_array in
kprobe_event_gen_test_exit()
- [x86] rethook: fix a potential memleak in rethook_alloc()
- [amd64] platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks
- [amd64] platform/x86/amd: pmc: Add new ACPI ID AMDI0009
- drm/amd/pm: enable runpm support over BACO for SMU13.0.7
- drm/amd/pm: enable runpm support over BACO for SMU13.0.0
- drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround
- drm/display: Don't assume dual mode adaptors support i2c sub-addressing
- drm/amd/display: Fix invalid DPIA AUX reply causing system hang
- drm/amd/display: Add HUBP surface flip interrupt handler
- drm/amd/display: Fix access timeout to DPIA AUX at boot time
- drm/amd/display: Support parsing VRAM info v3.0 from VBIOS
- drm/amd/display: Fix optc2_configure warning on dcn314
- drm/amd/display: don't enable DRM CRTC degamma property for DCE
- drm/amd/display: Fix prefetch calculations for dcn32
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
- ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
- [arm64,armhf] Revert "usb: dwc3: disable USB core PHY management"
- [arm64,armhf] usb: dwc3: Do not get extcon device when usb-role-switch is
used
- io_uring: update res mask in io_poll_check_events
- nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
- nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
- slimbus: stream: correct presence rate frequencies
- speakup: fix a segfault caused by switching consoles
- USB: serial: option: add Sierra Wireless EM9191
- USB: serial: option: remove old LARA-R6 PID
- USB: serial: option: add u-blox LARA-R6 00B modem
- USB: serial: option: add u-blox LARA-L6 modem
- USB: serial: option: add Fibocom FM160 0x0111 composition
- usb: add NO_LPM quirk for Realforce 87U Keyboard
- [x86] usb: typec: tipd: Prevent uninitialized event{1,2} in IRQ handler
- iio: accel: bma400: Ensure VDDIO is enable defore reading the chip ID.
- iio: pressure: ms5611: fixed value compensation bug
- iio: pressure: ms5611: changed hardcoded SPI speed to value limited
- dm bufio: Fix missing decrement of no_sleep_enabled if
dm_bufio_client_create failed
- dm ioctl: fix misbehavior if list_versions races with module loading
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
- serial: 8250: Flush DMA Rx on RLSI
- [x86] serial: 8250_lpss: Configure DMA also w/o DMA filter
- [x86] serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake
- io_uring: fix tw losing poll events
- io_uring: fix multishot accept request leaks
- io_uring: fix multishot recv request leaks
- io_uring: disallow self-propelled ring polling
- ceph: avoid putting the realm twice when decoding snaps fails
- Input: iforce - invert valid length check when fetching device IDs
- maccess: Fix writing offset in case of fault in
strncpy_from_kernel_nofault()
- net: phy: marvell: add sleep time after enabling the loopback bit
- [s390x] scsi: zfcp: Fix double free of FSF request when qdio send fails
- [amd64] iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging
entries
- [amd64] iommu/vt-d: Set SRE bit only when hardware has SRS cap
- firmware: coreboot: Register bus in module init
- mmc: core: properly select voltage range without power cycle
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce
timeout
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
- docs: update mediator contact information in CoC doc
- [s390x] dcssblk: fix deadlock when adding a DCSS
- [x86] misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
- blk-cgroup: properly pin the parent in blkcg_css_online
- [amd64] x86/sgx: Add overflow check in sgx_validate_offset_length()
- [x86] fpu: Drop fpregs lock before inheriting FPU permissions
- [x86] perf/x86/amd/uncore: Fix memory leak for events array
- [x86] perf/x86/intel/pt: Fix sampling using single range output
- nvme: restrict management ioctls to admin
- nvme: ensure subsystem reset is single threaded (CVE-2022-3169)
- [x86] ASoC: SOF: topology: No need to assign core ID if token parsing
failed
- perf: Improve missing SIGTRAP checking
- vfio: Rename vfio_ioctl_check_extension()
- vfio: Split the register_device ops call into functions
- [x86] perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf
NMI and throttling
- ring-buffer: Include dropped pages in counting dirty patches
- tracing: Fix warning on variable 'struct trace_array'
- net: usb: smsc95xx: fix external PHY reset
- net: use struct_group to copy ip/ipv6 header addresses
- scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
- tracing: Fix potential null-pointer-access of entry in list 'tr->err_log'
- [arm64] mm: fix incorrect file_map_count for non-leaf pmd/pud
- Input: i8042 - fix leaking of platform device on module removal
- macvlan: enforce a consistent minimal mtu
- tcp: cdg: allow tcp_cdg_release() to be called multiple times
- kcm: avoid potential race in kcm_tx_work (CVE-2022-3521)
- [x86] KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()
- 9p: trans_fd/p9_conn_cancel: drop client lock earlier
- gfs2: Check sb_bsize_shift after reading superblock
- gfs2: Switch from strlcpy to strscpy
- 9p/trans_fd: always use O_NONBLOCK read/write
- netlink: Bounds-check struct nlmsgerr creation
- wifi: wext: use flex array destination for memcpy()
- rseq: Use pr_warn_once() when deprecated/unknown ABI flags are encountered
- mm: fs: initialize fsdata passed to write_begin/write_end interface
- net/9p: use a dedicated spinlock for trans_fd
- bpf: Prevent bpf program recursion for raw tracepoint probes
- ntfs: fix use-after-free in ntfs_attr_find()
- ntfs: fix out-of-bounds read in ntfs_attr_find()
- ntfs: check overflow when iterating ATTR_RECORDs
[ Santiago Ruano Rincón ]
* net/cdc_ncm: Fix multicast RX support for CDC NCM devices with ZLP
(Closes: #
1024328)
[ Salvatore Bonaccorso ]
* Bump ABI to 5
* net: neigh: decrement the family specific qlen (Closes: #
1024070)
[dgit import unpatched linux 6.0.10-1]
Salvatore Bonaccorso [Sat, 26 Nov 2022 15:06:48 +0000 (15:06 +0000)]
Import linux_6.0.10.orig.tar.xz
[dgit import orig linux_6.0.10.orig.tar.xz]
Salvatore Bonaccorso [Sat, 26 Nov 2022 15:06:48 +0000 (15:06 +0000)]
Import linux_6.0.10-1.debian.tar.xz
[dgit import tarball linux 6.0.10-1 linux_6.0.10-1.debian.tar.xz]
Peter Michael Green [Sun, 20 Nov 2022 16:42:19 +0000 (16:42 +0000)]
Manual merge of version 5.19.6-1+rpi1 and 6.0.8-1 to produce 6.0.8-1+rpi1
Salvatore Bonaccorso [Fri, 11 Nov 2022 08:36:29 +0000 (08:36 +0000)]
Merge linux (6.0.8-1) import into refs/heads/workingbranch
Ben Hutchings [Sat, 15 Jan 2022 21:59:11 +0000 (22:59 +0100)]
tools/perf: Fix missing LDFLAGS for some programs
Signed-off-by: Ben Hutchings <benh@debian.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-fix-missing-ldflags-for-some-programs.patch
Ben Hutchings [Sat, 15 Jan 2022 21:30:49 +0000 (22:30 +0100)]
libapi: Define _FORTIFY_SOURCE as 2, not empty
Signed-off-by: Ben Hutchings <benh@debian.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name libapi-define-_fortify_source-as-2-not-empty.patch
Ben Hutchings [Sun, 25 Aug 2019 12:49:41 +0000 (13:49 +0100)]
tools/perf: pmu-events: Fix reproducibility
Forwarded: https://lore.kernel.org/lkml/
20190825131329.naqzd5kwg7mw5d3f@decadent.org.uk/T/#u
jevents.py enumerates files and outputs the corresponding C structs in
the order they are found. This makes it sensitive to directory
ordering, so that the perf executable is not reproducible.
To avoid this, sort the entries returned by os.scandir() before
processing them.
References: https://tests.reproducible-builds.org/debian/dbdtxt/bullseye/i386/linux_4.19.37-6.diffoscope.txt.gz
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-pmu-events-fix-reproducibility.patch
Ben Hutchings [Thu, 3 Nov 2016 21:25:26 +0000 (15:25 -0600)]
cpupower: Fix checks for CPU existence
Forwarded: https://marc.info/?l=linux-pm&m=
149248268214265
Calls to cpufreq_cpu_exists(cpu) were converted to
cpupower_is_cpu_online(cpu) when libcpupower was introduced and the
former function was deleted. However, cpupower_is_cpu_online() does
not distinguish physically absent and offline CPUs, and does not set
errno.
cpufreq-set has already been fixed (commit
c25badc9ceb6).
In cpufreq-bench, which prints an error message for offline CPUs,
properly distinguish and report the zero and negative cases.
Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
Fixes: 53d1cd6b125f ("cpupowerutils: bench - Fix cpu online check")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[carnil: Update/Refresh patch for 4.14.17: The issue with the
incorrect check has been fixed with upstream commit
53d1cd6b125f.
Keep in the patch the distinction and report for the zero and
negative cases.]
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name cpupower-fix-checks-for-cpu-existence.patch
Ben Hutchings [Thu, 9 Jun 2016 22:35:08 +0000 (23:35 +0100)]
cpupower: Bump soname version
Forwarded: http://mid.gmane.org/
20160610005619.GQ7555@decadent.org.uk
Several functions in the libcpupower API are renamed or removed in
Linux 4.7. This is an backward-incompatible ABI change, so the
library soname should change from libcpupower.so.0 to
libcpupower.so.1.
Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name cpupower-bump-soname-version.patch
Ben Hutchings [Sun, 21 Feb 2016 15:33:15 +0000 (15:33 +0000)]
tools/build: Remove bpf() run-time check at build time
Forwarded: no
It is not correct to test that a syscall works on the build system's
kernel. We might be building on an earlier kernel version or with
security restrictions that block bpf().
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-build-remove-bpf-run-time-check-at-build-time.patch
projects / linux.git / log