mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-22 15:01:00 +02:00
Merge pull request #2706 from coreosbot/master-4.12.6
Upgrade Linux in master to 4.12.6
This commit is contained in:
Benjamin Gilbert
GitHub
commit
3fd6aa7ed1
@ -2,7 +2,7 @@
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=5
|
||||
COREOS_SOURCE_REVISION="-r1"
|
||||
COREOS_SOURCE_REVISION=""
|
||||
inherit coreos-kernel
|
||||
|
||||
DESCRIPTION="CoreOS Linux kernel"
|
||||
@ -2,7 +2,7 @@
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=5
|
||||
COREOS_SOURCE_REVISION="-r1"
|
||||
COREOS_SOURCE_REVISION=""
|
||||
inherit coreos-kernel savedconfig
|
||||
|
||||
DESCRIPTION="CoreOS Linux kernel modules"
|
||||
@ -1,2 +1,2 @@
|
||||
DIST linux-4.12.tar.xz 99186576 SHA256 a45c3becd4d08ce411c14628a949d08e2433d8cdeca92036c7013980e93858ab SHA512 8e81b41b253e63233e92948941f44c6482acb52aa3a3fd172f03a38a86f2c35b2ad4fd407acd1bc3964673eba344fe104d3a03e3ff4bf9cd1f22bd44263bd728 WHIRLPOOL 3b97da251c2ba4ace4a27b708f2b1dcf94cb1b59aaeded6acb74bd98f0d3e33f1df83670665e4186d99a55daa84c88d539d93e20f0ff18a6d46ef326c48dd375
|
||||
DIST patch-4.12.5.xz 106572 SHA256 8eb42889cd1f41a4350a0227e0dae544acdfa0ddf5a5ec671dd9c64ca917c132 SHA512 b9e74f148a0bd76df8c52e6384933b9eddd8477c713b14389a34655538abab70ffa70e99b504a60d0adf1937c771d9bb3879511e6c3666c345d490848eb4f113 WHIRLPOOL bb7737918932ff23d6c1cd98a2c9c5952b57e72870de2df1e89bab16aed25c17f9fd36ed2194b1fb3f1d7593e86dd624ed723f076b244a5aa2192387039e8003
|
||||
DIST patch-4.12.6.xz 139284 SHA256 60938af0f95ae794f879294f2393c48077c01bdba851e80b085fdc0418eeca44 SHA512 78d480b3ad51028c129b1e3d63e3179f754bc8ab9987aa8e5815b105c8cb270c88673babee4124431861f769bc6f42c848391b065f7a3e02bec9b6a5290e2836 WHIRLPOOL 7fc728e35dbb5f64fa4328abb99d55e3c449e3e09ba9963475595914f2f575e153e29451364935569bf7a2109b66da0f54976b0853c828941dbd293fa392299e
|
||||
|
||||
@ -44,8 +44,6 @@ UNIPATCH_LIST="
|
||||
${PATCH_DIR}/z0022-Lock-down-TIOCSSERIAL.patch \
|
||||
${PATCH_DIR}/z0023-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
|
||||
${PATCH_DIR}/z0024-Add-arm64-coreos-verity-hash.patch \
|
||||
${PATCH_DIR}/z0025-bonding-commit-link-status-change-after-propose.patch \
|
||||
${PATCH_DIR}/z0026-virtio_net-fix-truesize-for-mergeable-buffers.patch \
|
||||
${PATCH_DIR}/z0027-udp-consistently-apply-ufo-or-fragmentation.patch \
|
||||
${PATCH_DIR}/z0028-net-packet-fix-race-in-packet_set_ring-on-PACKET_RES.patch \
|
||||
${PATCH_DIR}/z0025-udp-consistently-apply-ufo-or-fragmentation.patch \
|
||||
${PATCH_DIR}/z0026-net-packet-fix-race-in-packet_set_ring-on-PACKET_RES.patch \
|
||||
"
|
||||
@ -1,7 +1,7 @@
|
||||
From ce3175a0cc48f722fa2cd41722e29059b71bb9a9 Mon Sep 17 00:00:00 2001
|
||||
From c151f946444d3dcfb7f8cfdc4870df3a15f42df5 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Mon, 21 Nov 2016 23:55:55 +0000
|
||||
Subject: [PATCH 01/28] efi: Add EFI_SECURE_BOOT bit
|
||||
Subject: [PATCH 01/26] efi: Add EFI_SECURE_BOOT bit
|
||||
|
||||
UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
|
||||
that can be passed to efi_enabled() to find out whether secure boot is
|
||||
@ -18,7 +18,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
2 files changed, 2 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 36646f19d40b..87ef54e64842 100644
|
||||
index 36646f1..87ef54e 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1190,6 +1190,7 @@ void __init setup_arch(char **cmdline_p)
|
||||
@ -30,7 +30,7 @@ index 36646f19d40b..87ef54e64842 100644
|
||||
break;
|
||||
default:
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index ec36f42a2add..381b3f6670d3 100644
|
||||
index ec36f42..381b3f6 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -1069,6 +1069,7 @@ extern int __init efi_setup_pcdp_console(char *);
|
||||
@ -42,5 +42,5 @@ index ec36f42a2add..381b3f6670d3 100644
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 9f4e6a47c74ed8a659e0f7498d0c10482c2cfbaf Mon Sep 17 00:00:00 2001
|
||||
From ea6016c096ff9456eb6091fc576ec9e9231f4178 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 21 Nov 2016 23:36:17 +0000
|
||||
Subject: [PATCH 02/28] Add the ability to lock down access to the running
|
||||
Subject: [PATCH 02/26] Add the ability to lock down access to the running
|
||||
kernel image
|
||||
|
||||
Provide a single call to allow kernel code to determine whether the system
|
||||
@ -21,7 +21,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
create mode 100644 security/lock_down.c
|
||||
|
||||
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
|
||||
index 13bc08aba704..282a1684d6e8 100644
|
||||
index 13bc08a..282a168 100644
|
||||
--- a/include/linux/kernel.h
|
||||
+++ b/include/linux/kernel.h
|
||||
@@ -276,6 +276,15 @@ extern int oops_may_print(void);
|
||||
@ -41,7 +41,7 @@ index 13bc08aba704..282a1684d6e8 100644
|
||||
int __must_check _kstrtoul(const char *s, unsigned int base, unsigned long *res);
|
||||
int __must_check _kstrtol(const char *s, unsigned int base, long *res);
|
||||
diff --git a/include/linux/security.h b/include/linux/security.h
|
||||
index af675b576645..68bab18ddd57 100644
|
||||
index af675b5..68bab18 100644
|
||||
--- a/include/linux/security.h
|
||||
+++ b/include/linux/security.h
|
||||
@@ -1698,5 +1698,16 @@ static inline void free_secdata(void *secdata)
|
||||
@ -62,7 +62,7 @@ index af675b576645..68bab18ddd57 100644
|
||||
#endif /* ! __LINUX_SECURITY_H */
|
||||
|
||||
diff --git a/security/Kconfig b/security/Kconfig
|
||||
index 93027fdf47d1..4baac4aab277 100644
|
||||
index 93027fd..4baac4a 100644
|
||||
--- a/security/Kconfig
|
||||
+++ b/security/Kconfig
|
||||
@@ -189,6 +189,21 @@ config STATIC_USERMODEHELPER_PATH
|
||||
@ -88,7 +88,7 @@ index 93027fdf47d1..4baac4aab277 100644
|
||||
source security/smack/Kconfig
|
||||
source security/tomoyo/Kconfig
|
||||
diff --git a/security/Makefile b/security/Makefile
|
||||
index f2d71cdb8e19..8c4a43e3d4e0 100644
|
||||
index f2d71cd..8c4a43e 100644
|
||||
--- a/security/Makefile
|
||||
+++ b/security/Makefile
|
||||
@@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
|
||||
@ -100,7 +100,7 @@ index f2d71cdb8e19..8c4a43e3d4e0 100644
|
||||
+obj-$(CONFIG_LOCK_DOWN_KERNEL) += lock_down.o
|
||||
diff --git a/security/lock_down.c b/security/lock_down.c
|
||||
new file mode 100644
|
||||
index 000000000000..5788c60ff4e1
|
||||
index 0000000..5788c60
|
||||
--- /dev/null
|
||||
+++ b/security/lock_down.c
|
||||
@@ -0,0 +1,40 @@
|
||||
@ -145,5 +145,5 @@ index 000000000000..5788c60ff4e1
|
||||
+}
|
||||
+EXPORT_SYMBOL(kernel_is_locked_down);
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From fe6eb63a38a0e5f99d73e4b4cb2f4bbd8f127723 Mon Sep 17 00:00:00 2001
|
||||
From e67684f7e503057ad9009e97598e6676306d010e Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 21 Nov 2016 23:55:55 +0000
|
||||
Subject: [PATCH 03/28] efi: Lock down the kernel if booted in secure boot mode
|
||||
Subject: [PATCH 03/26] efi: Lock down the kernel if booted in secure boot mode
|
||||
|
||||
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
|
||||
only load signed bootloaders and kernels. Certain use cases may also
|
||||
@ -16,7 +16,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
2 files changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 0efb4c9497bc..4d1c53bb8411 100644
|
||||
index 0efb4c9..4d1c53b 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1827,6 +1827,18 @@ config EFI_MIXED
|
||||
@ -39,7 +39,7 @@ index 0efb4c9497bc..4d1c53bb8411 100644
|
||||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 87ef54e64842..4c4d758d4be1 100644
|
||||
index 87ef54e..4c4d758 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -69,6 +69,7 @@
|
||||
@ -65,5 +65,5 @@ index 87ef54e64842..4c4d758d4be1 100644
|
||||
default:
|
||||
pr_info("Secure boot could not be determined\n");
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From d7e6ff962e25a9a4c7900dcae3c325d68b0b01ad Mon Sep 17 00:00:00 2001
|
||||
From be50c7445109a745324a5cceb1da9af2c19a311e Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Wed, 23 Nov 2016 13:22:22 +0000
|
||||
Subject: [PATCH 04/28] Enforce module signatures if the kernel is locked down
|
||||
Subject: [PATCH 04/26] Enforce module signatures if the kernel is locked down
|
||||
|
||||
If the kernel is locked down, require that all modules have valid
|
||||
signatures that we can verify.
|
||||
@ -12,7 +12,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 4a3665f8f837..3f1de34c6d10 100644
|
||||
index 4a3665f..3f1de34 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -2777,7 +2777,7 @@ static int module_sig_check(struct load_info *info, int flags)
|
||||
@ -25,5 +25,5 @@ index 4a3665f8f837..3f1de34c6d10 100644
|
||||
|
||||
return err;
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 4c9d9cc8455fc46e6a5171df2367cc89171894e8 Mon Sep 17 00:00:00 2001
|
||||
From 102327107d69a66d415f2b87a1ec381659209e1c Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 05/28] Restrict /dev/mem and /dev/kmem when the kernel is
|
||||
Subject: [PATCH 05/26] Restrict /dev/mem and /dev/kmem when the kernel is
|
||||
locked down
|
||||
|
||||
Allowing users to write to address space makes it possible for the kernel to
|
||||
@ -15,7 +15,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index 593a8818aca9..ba68add9677f 100644
|
||||
index 593a881..ba68add 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -179,6 +179,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||
@ -39,5 +39,5 @@ index 593a8818aca9..ba68add9677f 100644
|
||||
unsigned long to_write = min_t(unsigned long, count,
|
||||
(unsigned long)high_memory - p);
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From eebae3db37325d6ca57d1b006f904437a59580f6 Mon Sep 17 00:00:00 2001
|
||||
From 3f2e52c7b93e8d5b3edfa6439e4519d66602f247 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 06/28] kexec: Disable at runtime if the kernel is locked down
|
||||
Subject: [PATCH 06/26] kexec: Disable at runtime if the kernel is locked down
|
||||
|
||||
kexec permits the loading and execution of arbitrary code in ring 0, which
|
||||
is something that lock-down is meant to prevent. It makes sense to disable
|
||||
@ -17,7 +17,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index 980936a90ee6..46de8e6b42f4 100644
|
||||
index 980936a..46de8e6 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -194,6 +194,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
@ -35,5 +35,5 @@ index 980936a90ee6..46de8e6b42f4 100644
|
||||
* This leaves us room for future extensions.
|
||||
*/
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From cc3ff81651b05bfeeeda80928837019d67a7b1cc Mon Sep 17 00:00:00 2001
|
||||
From 572dfe80789fccbe8b94461bfceabacb40852e07 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Young <dyoung@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 07/28] Copy secure_boot flag in boot params across kexec
|
||||
Subject: [PATCH 07/26] Copy secure_boot flag in boot params across kexec
|
||||
reboot
|
||||
|
||||
Kexec reboot in case secure boot being enabled does not keep the secure
|
||||
@ -22,7 +22,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
|
||||
index 9d7fd5e6689a..7e6f00ae8322 100644
|
||||
index 9d7fd5e..7e6f00a 100644
|
||||
--- a/arch/x86/kernel/kexec-bzimage64.c
|
||||
+++ b/arch/x86/kernel/kexec-bzimage64.c
|
||||
@@ -179,6 +179,7 @@ setup_efi_state(struct boot_params *params, unsigned long params_load_addr,
|
||||
@ -34,5 +34,5 @@ index 9d7fd5e6689a..7e6f00ae8322 100644
|
||||
ei->efi_systab = current_ei->efi_systab;
|
||||
ei->efi_systab_hi = current_ei->efi_systab_hi;
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 11cdd5d6f82dc648da689d0d5df80415aa6ccfdb Mon Sep 17 00:00:00 2001
|
||||
From f8779b5166b0ba1efe85923913ebfc6c179be953 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
|
||||
Date: Wed, 23 Nov 2016 13:49:19 +0000
|
||||
Subject: [PATCH 08/28] kexec_file: Disable at runtime if securelevel has been
|
||||
Subject: [PATCH 08/26] kexec_file: Disable at runtime if securelevel has been
|
||||
set
|
||||
|
||||
When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
|
||||
@ -18,7 +18,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
|
||||
index b118735fea9d..f6937eecd1eb 100644
|
||||
index b118735..f6937ee 100644
|
||||
--- a/kernel/kexec_file.c
|
||||
+++ b/kernel/kexec_file.c
|
||||
@@ -268,6 +268,12 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
|
||||
@ -35,5 +35,5 @@ index b118735fea9d..f6937eecd1eb 100644
|
||||
if (flags != (flags & KEXEC_FILE_FLAGS))
|
||||
return -EINVAL;
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From e066547b800fe128b1490bed96ce05485308a4ac Mon Sep 17 00:00:00 2001
|
||||
From 0cdbcc1e92c0f61b0e70d414cbee882e591eabe1 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 09/28] hibernate: Disable when the kernel is locked down
|
||||
Subject: [PATCH 09/26] hibernate: Disable when the kernel is locked down
|
||||
|
||||
There is currently no way to verify the resume image when returning
|
||||
from hibernate. This might compromise the signed modules trust model,
|
||||
@ -15,7 +15,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
|
||||
index a8b978c35a6a..50cca5dcb62f 100644
|
||||
index a8b978c..50cca5d 100644
|
||||
--- a/kernel/power/hibernate.c
|
||||
+++ b/kernel/power/hibernate.c
|
||||
@@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
|
||||
@ -28,5 +28,5 @@ index a8b978c35a6a..50cca5dcb62f 100644
|
||||
|
||||
/**
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 56b9aa60591fcda67ed2343781feae65d4b644e0 Mon Sep 17 00:00:00 2001
|
||||
From e24f1a7b1c6cbf19fe62b769b1ad1953e90774b7 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <mjg59@srcf.ucam.org>
|
||||
Date: Wed, 23 Nov 2016 13:28:17 +0000
|
||||
Subject: [PATCH 10/28] uswsusp: Disable when the kernel is locked down
|
||||
Subject: [PATCH 10/26] uswsusp: Disable when the kernel is locked down
|
||||
|
||||
uswsusp allows a user process to dump and then restore kernel state, which
|
||||
makes it possible to modify the running kernel. Disable this if the kernel
|
||||
@ -14,7 +14,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/kernel/power/user.c b/kernel/power/user.c
|
||||
index 22df9f7ff672..e4b926d329b7 100644
|
||||
index 22df9f7..e4b926d 100644
|
||||
--- a/kernel/power/user.c
|
||||
+++ b/kernel/power/user.c
|
||||
@@ -52,6 +52,9 @@ static int snapshot_open(struct inode *inode, struct file *filp)
|
||||
@ -28,5 +28,5 @@ index 22df9f7ff672..e4b926d329b7 100644
|
||||
|
||||
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 376f41a9e72da16e71afae479db0ddfdb3b00648 Mon Sep 17 00:00:00 2001
|
||||
From 888408b5e10a8c86d04a1eba78f3e6de8559ff7f Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 11/28] PCI: Lock down BAR access when the kernel is locked
|
||||
Subject: [PATCH 11/26] PCI: Lock down BAR access when the kernel is locked
|
||||
down
|
||||
|
||||
Any hardware that can potentially generate DMA has to be locked down in
|
||||
@ -19,7 +19,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
3 files changed, 17 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
||||
index 31e99613a12e..559556047d66 100644
|
||||
index 31e9961..5595560 100644
|
||||
--- a/drivers/pci/pci-sysfs.c
|
||||
+++ b/drivers/pci/pci-sysfs.c
|
||||
@@ -754,6 +754,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
@ -53,7 +53,7 @@ index 31e99613a12e..559556047d66 100644
|
||||
}
|
||||
|
||||
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
||||
index 098360d7ff81..ef16fccb1923 100644
|
||||
index 098360d..ef16fcc 100644
|
||||
--- a/drivers/pci/proc.c
|
||||
+++ b/drivers/pci/proc.c
|
||||
@@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
|
||||
@ -86,7 +86,7 @@ index 098360d7ff81..ef16fccb1923 100644
|
||||
|
||||
if (fpriv->mmap_state == pci_mmap_io) {
|
||||
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
|
||||
index 9bf993e1f71e..c09524738ceb 100644
|
||||
index 9bf993e..c095247 100644
|
||||
--- a/drivers/pci/syscall.c
|
||||
+++ b/drivers/pci/syscall.c
|
||||
@@ -92,7 +92,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
|
||||
@ -99,5 +99,5 @@ index 9bf993e1f71e..c09524738ceb 100644
|
||||
|
||||
dev = pci_get_bus_and_slot(bus, dfn);
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 95073d14a7f72af389cf7ae17967918f5fa69807 Mon Sep 17 00:00:00 2001
|
||||
From 34f5006c012e4f072ca4d5739788f14cc8e77518 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 12/28] x86: Lock down IO port access when the kernel is locked
|
||||
Subject: [PATCH 12/26] x86: Lock down IO port access when the kernel is locked
|
||||
down
|
||||
|
||||
IO port access would permit users to gain access to PCI configuration
|
||||
@ -20,7 +20,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
|
||||
index 9c3cf0944bce..4a613fed94b6 100644
|
||||
index 9c3cf09..4a613fe 100644
|
||||
--- a/arch/x86/kernel/ioport.c
|
||||
+++ b/arch/x86/kernel/ioport.c
|
||||
@@ -30,7 +30,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
|
||||
@ -42,7 +42,7 @@ index 9c3cf0944bce..4a613fed94b6 100644
|
||||
}
|
||||
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
|
||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||
index ba68add9677f..5e2a260fb89f 100644
|
||||
index ba68add..5e2a260 100644
|
||||
--- a/drivers/char/mem.c
|
||||
+++ b/drivers/char/mem.c
|
||||
@@ -768,6 +768,8 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
|
||||
@ -55,5 +55,5 @@ index ba68add9677f..5e2a260fb89f 100644
|
||||
}
|
||||
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 772e7b9176b7ddcce9cef71b2e79ed705916342f Mon Sep 17 00:00:00 2001
|
||||
From 92da241449df225e6c5db92dcc5a416619060ef7 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:17 +0000
|
||||
Subject: [PATCH 13/28] x86: Restrict MSR access when the kernel is locked down
|
||||
Subject: [PATCH 13/26] x86: Restrict MSR access when the kernel is locked down
|
||||
|
||||
Writing to MSRs should not be allowed if the kernel is locked down, since
|
||||
it could lead to execution of arbitrary code in kernel mode. Based on a
|
||||
@ -15,7 +15,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
|
||||
index ef688804f80d..fbcce028e502 100644
|
||||
index ef68880..fbcce02 100644
|
||||
--- a/arch/x86/kernel/msr.c
|
||||
+++ b/arch/x86/kernel/msr.c
|
||||
@@ -84,6 +84,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
|
||||
@ -40,5 +40,5 @@ index ef688804f80d..fbcce028e502 100644
|
||||
err = -EFAULT;
|
||||
break;
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From e08b26f76b182ac6e12a6b9d50b493d2fedd34fc Mon Sep 17 00:00:00 2001
|
||||
From 4ae96184f96b41f805ea08eb944403f50896c7db Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 14/28] asus-wmi: Restrict debugfs interface when the kernel is
|
||||
Subject: [PATCH 14/26] asus-wmi: Restrict debugfs interface when the kernel is
|
||||
locked down
|
||||
|
||||
We have no way of validating what all of the Asus WMI methods do on a given
|
||||
@ -17,7 +17,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index 6c7d86074b38..57b82cbc9a6b 100644
|
||||
index 6c7d860..57b82cb 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1905,6 +1905,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||
@ -51,5 +51,5 @@ index 6c7d86074b38..57b82cbc9a6b 100644
|
||||
1, asus->debug.method_id,
|
||||
&input, &output);
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 47a2d3bcc537f52e09d195cd5ae6c1546dfb2cdc Mon Sep 17 00:00:00 2001
|
||||
From 1f170f847c8637bf6aa53415a5ada4871fb99352 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 15/28] ACPI: Limit access to custom_method when the kernel is
|
||||
Subject: [PATCH 15/26] ACPI: Limit access to custom_method when the kernel is
|
||||
locked down
|
||||
|
||||
custom_method effectively allows arbitrary access to system memory, making
|
||||
@ -15,7 +15,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
|
||||
index c68e72414a67..e4d721c330c0 100644
|
||||
index c68e724..e4d721c 100644
|
||||
--- a/drivers/acpi/custom_method.c
|
||||
+++ b/drivers/acpi/custom_method.c
|
||||
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
||||
@ -29,5 +29,5 @@ index c68e72414a67..e4d721c330c0 100644
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 9e4a043b792c4599a313aeb81b548e4a65b85f3f Mon Sep 17 00:00:00 2001
|
||||
From 55313fd4ce12323c6b5568e7bf78b260b99858da Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 16/28] acpi: Ignore acpi_rsdp kernel param when the kernel has
|
||||
Subject: [PATCH 16/26] acpi: Ignore acpi_rsdp kernel param when the kernel has
|
||||
been locked down
|
||||
|
||||
This option allows userspace to pass the RSDP address to the kernel, which
|
||||
@ -15,7 +15,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||
index db78d353bab1..d4d4ba348451 100644
|
||||
index db78d35..d4d4ba3 100644
|
||||
--- a/drivers/acpi/osl.c
|
||||
+++ b/drivers/acpi/osl.c
|
||||
@@ -192,7 +192,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void)
|
||||
@ -28,5 +28,5 @@ index db78d353bab1..d4d4ba348451 100644
|
||||
#endif
|
||||
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From e0ff61fba4dd9e26a6744446a6e133eac094b6ee Mon Sep 17 00:00:00 2001
|
||||
From 9d89af85b5aa6a3f4b2b5eed66523dad03a6aba0 Mon Sep 17 00:00:00 2001
|
||||
From: Linn Crosetto <linn@hpe.com>
|
||||
Date: Wed, 23 Nov 2016 13:32:27 +0000
|
||||
Subject: [PATCH 17/28] acpi: Disable ACPI table override if the kernel is
|
||||
Subject: [PATCH 17/26] acpi: Disable ACPI table override if the kernel is
|
||||
locked down
|
||||
|
||||
From the kernel documentation (initrd_table_override.txt):
|
||||
@ -21,7 +21,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
|
||||
index ff425390bfa8..c72bfa97888a 100644
|
||||
index ff42539..c72bfa9 100644
|
||||
--- a/drivers/acpi/tables.c
|
||||
+++ b/drivers/acpi/tables.c
|
||||
@@ -526,6 +526,11 @@ void __init acpi_table_upgrade(void)
|
||||
@ -37,5 +37,5 @@ index ff425390bfa8..c72bfa97888a 100644
|
||||
memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS,
|
||||
all_tables_size, PAGE_SIZE);
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 7f0ec497364d309fdddb96ced1a83a9890b86baa Mon Sep 17 00:00:00 2001
|
||||
From 07487cd303209f3a99d7eb25e37fa09a4a2c2c73 Mon Sep 17 00:00:00 2001
|
||||
From: Linn Crosetto <linn@hpe.com>
|
||||
Date: Wed, 23 Nov 2016 13:39:41 +0000
|
||||
Subject: [PATCH 18/28] acpi: Disable APEI error injection if the kernel is
|
||||
Subject: [PATCH 18/26] acpi: Disable APEI error injection if the kernel is
|
||||
locked down
|
||||
|
||||
ACPI provides an error injection mechanism, EINJ, for debugging and testing
|
||||
@ -26,7 +26,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c
|
||||
index ec50c32ea3da..e082718d01c2 100644
|
||||
index ec50c32..e082718 100644
|
||||
--- a/drivers/acpi/apei/einj.c
|
||||
+++ b/drivers/acpi/apei/einj.c
|
||||
@@ -518,6 +518,9 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2,
|
||||
@ -40,5 +40,5 @@ index ec50c32ea3da..e082718d01c2 100644
|
||||
if (flags && (flags &
|
||||
~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF)))
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 1670abea3f18938e2bd3407c47e6d1b0b66d3bc2 Mon Sep 17 00:00:00 2001
|
||||
From c2f660328cd669d2f0d5a46d182f70ad01950009 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <jlee@suse.com>
|
||||
Date: Wed, 23 Nov 2016 13:52:16 +0000
|
||||
Subject: [PATCH 19/28] bpf: Restrict kernel image access functions when the
|
||||
Subject: [PATCH 19/26] bpf: Restrict kernel image access functions when the
|
||||
kernel is locked down
|
||||
|
||||
There are some bpf functions can be used to read kernel memory:
|
||||
@ -17,7 +17,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
|
||||
index 460a031c77e5..58eb33d5d6ae 100644
|
||||
index 460a031..58eb33d 100644
|
||||
--- a/kernel/trace/bpf_trace.c
|
||||
+++ b/kernel/trace/bpf_trace.c
|
||||
@@ -65,6 +65,11 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size, const void *, unsafe_ptr)
|
||||
@ -53,5 +53,5 @@ index 460a031c77e5..58eb33d5d6ae 100644
|
||||
for (i = 0; i < fmt_size; i++) {
|
||||
if ((!isprint(fmt[i]) && !isspace(fmt[i])) || !isascii(fmt[i]))
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 6c9effad0058286f8bb4d01ac247ef92be727b40 Mon Sep 17 00:00:00 2001
|
||||
From c0fc636f2353986110221040b2793d6862314d3f Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 10:10:34 +0000
|
||||
Subject: [PATCH 20/28] scsi: Lock down the eata driver
|
||||
Subject: [PATCH 20/26] scsi: Lock down the eata driver
|
||||
|
||||
When the kernel is running in secure boot mode, we lock down the kernel to
|
||||
prevent userspace from modifying the running kernel image. Whilst this
|
||||
@ -24,7 +24,7 @@ cc: linux-scsi@vger.kernel.org
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c
|
||||
index 227dd2c2ec2f..5c036d10c18b 100644
|
||||
index 227dd2c..5c036d1 100644
|
||||
--- a/drivers/scsi/eata.c
|
||||
+++ b/drivers/scsi/eata.c
|
||||
@@ -1552,8 +1552,13 @@ static int eata2x_detect(struct scsi_host_template *tpnt)
|
||||
@ -43,5 +43,5 @@ index 227dd2c2ec2f..5c036d10c18b 100644
|
||||
#if defined(MODULE)
|
||||
/* io_port could have been modified when loading as a module */
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From df81e03770883fd556ba9591ab30e74097f0229f Mon Sep 17 00:00:00 2001
|
||||
From fc5badf0296ae38b74c4d8a7a6e703c7e858d12f Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Fri, 25 Nov 2016 14:37:45 +0000
|
||||
Subject: [PATCH 21/28] Prohibit PCMCIA CIS storage when the kernel is locked
|
||||
Subject: [PATCH 21/26] Prohibit PCMCIA CIS storage when the kernel is locked
|
||||
down
|
||||
|
||||
Prohibit replacement of the PCMCIA Card Information Structure when the
|
||||
@ -13,7 +13,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/drivers/pcmcia/cistpl.c b/drivers/pcmcia/cistpl.c
|
||||
index 55ef7d1fd8da..193e4f7b73b1 100644
|
||||
index 55ef7d1..193e4f7 100644
|
||||
--- a/drivers/pcmcia/cistpl.c
|
||||
+++ b/drivers/pcmcia/cistpl.c
|
||||
@@ -1578,6 +1578,11 @@ static ssize_t pccard_store_cis(struct file *filp, struct kobject *kobj,
|
||||
@ -29,5 +29,5 @@ index 55ef7d1fd8da..193e4f7b73b1 100644
|
||||
|
||||
if (off)
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From d17a0012c78e29a87b949f30f175267fd91ff525 Mon Sep 17 00:00:00 2001
|
||||
From e70949285ce3c7db9d4a11227f1961a83610ec96 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Wed, 7 Dec 2016 10:28:39 +0000
|
||||
Subject: [PATCH 22/28] Lock down TIOCSSERIAL
|
||||
Subject: [PATCH 22/26] Lock down TIOCSSERIAL
|
||||
|
||||
Lock down TIOCSSERIAL as that can be used to change the ioport and irq
|
||||
settings on a serial port. This only appears to be an issue for the serial
|
||||
@ -15,7 +15,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
|
||||
index 13bfd5dcffce..45fb7689bc1c 100644
|
||||
index 13bfd5d..45fb768 100644
|
||||
--- a/drivers/tty/serial/serial_core.c
|
||||
+++ b/drivers/tty/serial/serial_core.c
|
||||
@@ -821,6 +821,12 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
|
||||
@ -32,5 +32,5 @@ index 13bfd5dcffce..45fb7689bc1c 100644
|
||||
retval = -EPERM;
|
||||
if (change_irq || change_port ||
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From d21200af07c733bfc29d16883443a5207dd623eb Mon Sep 17 00:00:00 2001
|
||||
From eff86357a5494081d560b73c007f6d89da350816 Mon Sep 17 00:00:00 2001
|
||||
From: Vito Caputo <vito.caputo@coreos.com>
|
||||
Date: Wed, 25 Nov 2015 02:59:45 -0800
|
||||
Subject: [PATCH 23/28] kbuild: derive relative path for KBUILD_SRC from CURDIR
|
||||
Subject: [PATCH 23/26] kbuild: derive relative path for KBUILD_SRC from CURDIR
|
||||
|
||||
This enables relocating source and build trees to different roots,
|
||||
provided they stay reachable relative to one another. Useful for
|
||||
@ -12,7 +12,7 @@ by some undesirable path component.
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 382e967b0792..e5aa82292663 100644
|
||||
index c8d80b5..6bafb67 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -149,7 +149,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
|
||||
@ -26,5 +26,5 @@ index 382e967b0792..e5aa82292663 100644
|
||||
|
||||
# Leave processing to above invocation of make
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 94f8291a354361a902bfaa9aefc9de9cbbe8bacb Mon Sep 17 00:00:00 2001
|
||||
From 2b2a0f2afd2f05b3f8e9e61561ce176d881c384a Mon Sep 17 00:00:00 2001
|
||||
From: Geoff Levand <geoff@infradead.org>
|
||||
Date: Fri, 11 Nov 2016 17:28:52 -0800
|
||||
Subject: [PATCH 24/28] Add arm64 coreos verity hash
|
||||
Subject: [PATCH 24/26] Add arm64 coreos verity hash
|
||||
|
||||
Signed-off-by: Geoff Levand <geoff@infradead.org>
|
||||
---
|
||||
@ -9,7 +9,7 @@ Signed-off-by: Geoff Levand <geoff@infradead.org>
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
|
||||
index 613fc3000677..fdaf86c78332 100644
|
||||
index 613fc30..fdaf86c 100644
|
||||
--- a/arch/arm64/kernel/efi-header.S
|
||||
+++ b/arch/arm64/kernel/efi-header.S
|
||||
@@ -103,6 +103,11 @@ section_table:
|
||||
@ -25,5 +25,5 @@ index 613fc3000677..fdaf86c78332 100644
|
||||
/*
|
||||
* The debug table is referenced via its Relative Virtual Address (RVA),
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
|
||||
@ -1,44 +0,0 @@
|
||||
From 0d1fedc72064771c52e3bd8947b9a52b81f239fb Mon Sep 17 00:00:00 2001
|
||||
From: WANG Cong <xiyou.wangcong@gmail.com>
|
||||
Date: Tue, 25 Jul 2017 09:44:25 -0700
|
||||
Subject: [PATCH 25/28] bonding: commit link status change after propose
|
||||
|
||||
Commit de77ecd4ef02 ("bonding: improve link-status update in mii-monitoring")
|
||||
moves link status commitment into bond_mii_monitor(), but it still relies
|
||||
on the return value of bond_miimon_inspect() as the hint. We need to return
|
||||
non-zero as long as we propose a link status change.
|
||||
|
||||
Fixes: de77ecd4ef02 ("bonding: improve link-status update in mii-monitoring")
|
||||
Reported-by: Benjamin Gilbert <benjamin.gilbert@coreos.com>
|
||||
Tested-by: Benjamin Gilbert <benjamin.gilbert@coreos.com>
|
||||
Cc: Mahesh Bandewar <maheshb@google.com>
|
||||
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
|
||||
Acked-by: Mahesh Bandewar <maheshb@google.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/bonding/bond_main.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
|
||||
index 8ab6bdbe1682..0eab2fdff8d7 100644
|
||||
--- a/drivers/net/bonding/bond_main.c
|
||||
+++ b/drivers/net/bonding/bond_main.c
|
||||
@@ -2047,6 +2047,7 @@ static int bond_miimon_inspect(struct bonding *bond)
|
||||
continue;
|
||||
|
||||
bond_propose_link_state(slave, BOND_LINK_FAIL);
|
||||
+ commit++;
|
||||
slave->delay = bond->params.downdelay;
|
||||
if (slave->delay) {
|
||||
netdev_info(bond->dev, "link status down for %sinterface %s, disabling it in %d ms\n",
|
||||
@@ -2085,6 +2086,7 @@ static int bond_miimon_inspect(struct bonding *bond)
|
||||
continue;
|
||||
|
||||
bond_propose_link_state(slave, BOND_LINK_BACK);
|
||||
+ commit++;
|
||||
slave->delay = bond->params.updelay;
|
||||
|
||||
if (slave->delay) {
|
||||
--
|
||||
2.13.4
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From 0f444da98d55b1d78467778c2db2a0fdf7a11f9d Mon Sep 17 00:00:00 2001
|
||||
From c0e5883e09e5a226baadb06d790e5b20c3d3a547 Mon Sep 17 00:00:00 2001
|
||||
From: Willem de Bruijn <willemb@google.com>
|
||||
Date: Fri, 14 Jul 2017 10:19:00 -0700
|
||||
Subject: [PATCH 27/28] udp: consistently apply ufo or fragmentation
|
||||
Subject: [PATCH 25/26] udp: consistently apply ufo or fragmentation
|
||||
|
||||
When iteratively building a UDP datagram with MSG_MORE and that
|
||||
datagram exceeds MTU, consistently choose UFO or fragmentation.
|
||||
@ -22,7 +22,7 @@ Signed-off-by: Willem de Bruijn <willemb@google.com>
|
||||
2 files changed, 9 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
|
||||
index 532b36e9ce2a..e5948c0c9759 100644
|
||||
index 532b36e..e5948c0 100644
|
||||
--- a/net/ipv4/ip_output.c
|
||||
+++ b/net/ipv4/ip_output.c
|
||||
@@ -964,11 +964,12 @@ static int __ip_append_data(struct sock *sk,
|
||||
@ -50,10 +50,10 @@ index 532b36e9ce2a..e5948c0c9759 100644
|
||||
(rt->dst.dev->features & NETIF_F_UFO)) {
|
||||
if (skb->ip_summed != CHECKSUM_PARTIAL)
|
||||
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
|
||||
index 1699acb2fa2c..90e8c3d57423 100644
|
||||
index be03067..365d510 100644
|
||||
--- a/net/ipv6/ip6_output.c
|
||||
+++ b/net/ipv6/ip6_output.c
|
||||
@@ -1390,11 +1390,12 @@ static int __ip6_append_data(struct sock *sk,
|
||||
@@ -1386,11 +1386,12 @@ static int __ip6_append_data(struct sock *sk,
|
||||
*/
|
||||
|
||||
cork->length += length;
|
||||
@ -70,5 +70,5 @@ index 1699acb2fa2c..90e8c3d57423 100644
|
||||
hh_len, fragheaderlen, exthdrlen,
|
||||
transhdrlen, mtu, flags, fl6);
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
From af6054f1bf2facd5f44e4f3652f5f86ea81e7c06 Mon Sep 17 00:00:00 2001
|
||||
From 4ebbab6018792779607c8e1c17786bfeb573a210 Mon Sep 17 00:00:00 2001
|
||||
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
|
||||
Date: Fri, 4 Aug 2017 12:48:20 -0400
|
||||
Subject: [PATCH 28/28] net-packet: fix race in packet_set_ring on
|
||||
Subject: [PATCH 26/26] net-packet: fix race in packet_set_ring on
|
||||
PACKET_RESERVE
|
||||
|
||||
PACKET_RESERVE reserves headroom in memory mapped packet ring frames.
|
||||
@ -31,7 +31,7 @@ Signed-off-by: Willem de Bruijn <willemb@google.com>
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
|
||||
index e3eeed19cc7a..b2df3bae2de7 100644
|
||||
index 0880e0a..b84110e 100644
|
||||
--- a/net/packet/af_packet.c
|
||||
+++ b/net/packet/af_packet.c
|
||||
@@ -3705,14 +3705,19 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
|
||||
@ -59,5 +59,5 @@ index e3eeed19cc7a..b2df3bae2de7 100644
|
||||
case PACKET_LOSS:
|
||||
{
|
||||
--
|
||||
2.13.4
|
||||
2.10.2
|
||||
|
||||
@ -1,59 +0,0 @@
|
||||
From b24f16f597586d794bb66c08f09b4e83579da916 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Mon, 31 Jul 2017 21:49:49 +0300
|
||||
Subject: [PATCH 26/28] virtio_net: fix truesize for mergeable buffers
|
||||
|
||||
Seth Forshee noticed a performance degradation with some workloads.
|
||||
This turns out to be due to packet drops. Euan Kemp noticed that this
|
||||
is because we drop all packets where length exceeds the truesize, but
|
||||
for some packets we add in extra memory without updating the truesize.
|
||||
This in turn was kept around unchanged from ab7db91705e95 ("virtio-net:
|
||||
auto-tune mergeable rx buffer size for improved performance"). That
|
||||
commit had an internal reason not to account for the extra space: not
|
||||
enough bits to do it. No longer true so let's account for the allocated
|
||||
length exactly.
|
||||
|
||||
Many thanks to Seth Forshee for the report and bisecting and Euan Kemp
|
||||
for debugging the issue.
|
||||
|
||||
Fixes: 680557cf79f8 ("virtio_net: rework mergeable buffer handling")
|
||||
Reported-by: Euan Kemp <euan.kemp@coreos.com>
|
||||
Tested-by: Euan Kemp <euan.kemp@coreos.com>
|
||||
Reported-by: Seth Forshee <seth.forshee@canonical.com>
|
||||
Tested-by: Seth Forshee <seth.forshee@canonical.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
---
|
||||
drivers/net/virtio_net.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
|
||||
index 6633dd4bb649..acb754eb1ccb 100644
|
||||
--- a/drivers/net/virtio_net.c
|
||||
+++ b/drivers/net/virtio_net.c
|
||||
@@ -889,21 +889,20 @@ static int add_recvbuf_mergeable(struct virtnet_info *vi,
|
||||
|
||||
buf = (char *)page_address(alloc_frag->page) + alloc_frag->offset;
|
||||
buf += headroom; /* advance address leaving hole at front of pkt */
|
||||
- ctx = (void *)(unsigned long)len;
|
||||
get_page(alloc_frag->page);
|
||||
alloc_frag->offset += len + headroom;
|
||||
hole = alloc_frag->size - alloc_frag->offset;
|
||||
if (hole < len + headroom) {
|
||||
/* To avoid internal fragmentation, if there is very likely not
|
||||
* enough space for another buffer, add the remaining space to
|
||||
- * the current buffer. This extra space is not included in
|
||||
- * the truesize stored in ctx.
|
||||
+ * the current buffer.
|
||||
*/
|
||||
len += hole;
|
||||
alloc_frag->offset += hole;
|
||||
}
|
||||
|
||||
sg_init_one(rq->sg, buf, len);
|
||||
+ ctx = (void *)(unsigned long)len;
|
||||
err = virtqueue_add_inbuf_ctx(rq->vq, rq->sg, 1, buf, ctx, gfp);
|
||||
if (err < 0)
|
||||
put_page(virt_to_head_page(buf));
|
||||
--
|
||||
2.13.4
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user