Merge pull request #2449 from bgilbert/kernel-4.10

sys-kernel/coreos-*: bump to v4.10

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest

@@ -1,2 +1 @@
-DIST linux-4.9.tar.xz 93192404 SHA256 029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a SHA512 bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a WHIRLPOOL 072505b29972ad120eb25a074217847c9c2813416c4903e605a0433574f5f87616dbea0b1454e4b19acc48107f11274b682958b1d773373156e99f8163e6606a
-DIST patch-4.9.9.xz 256400 SHA256 ec97e3bf8585865d409a804316b276a6b4e4939286de9757f99bfb41cf112078 SHA512 a7a2d44b83b00b20f1424d12af0f42e1c576d3053feacd13491ef185661fb1c789b9265c500b62f5ede39f57b72f358820000fa6c852a5f035e566ee1dfcd5d9 WHIRLPOOL 3d83b79dd6d4ca249638338cfd93153f2914142859d4126fbc499acc30f1aef2ba7d59c41c337fd45fb20b56b375fb2457319c933bdf8c38b656eb3e340fe95e
+DIST linux-4.10.tar.xz 94231404 SHA256 3c95d9f049bd085e5c346d2c77f063b8425f191460fcd3ae9fe7e94e0477dc4b SHA512 c3690125a8402df638095bd98a613fcf1a257b81de7611c84711d315cd11e2634ab4636302b3742aedf1e3ba9ce0fea53fe8c7d48e37865d8ee5db3565220d90 WHIRLPOOL 86d021bae2dbfc4ef80c22d9e886bed4fbd9476473a2851d7beaf8ed0c7f7fbc1fa0da230eb9e763eb231b7c164c17b2a73fd336ab233543f57be280d6173738

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.10.0.ebuild

@@ -36,6 +36,4 @@ UNIPATCH_LIST="
 	${PATCH_DIR}/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
 	${PATCH_DIR}/z0015-Add-arm64-coreos-verity-hash.patch \
 	${PATCH_DIR}/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch \
-	${PATCH_DIR}/z0017-perf-x86-intel-rapl-Make-package-handling-more-robus.patch \
-	${PATCH_DIR}/z0018-perf-x86-intel-uncore-Make-package-handling-more-rob.patch \
 "

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0001-Add-secure_modules-call.patch

@@ -1,7 +1,7 @@
-From 428385fe28e9523377ecf26c97dd36382468fd8d Mon Sep 17 00:00:00 2001
+From 73bb7b8238ec592b103a34d8cf0390afc63bd7e1 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
-Subject: [PATCH 01/18] Add secure_modules() call
+Subject: [PATCH 01/16] Add secure_modules() call
 
 Provide a single call to allow kernel code to determine whether the system
 has been configured to either disable module loading entirely or to load
@@ -17,7 +17,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  2 files changed, 16 insertions(+)
 
 diff --git a/include/linux/module.h b/include/linux/module.h
-index 0c3207d..c8b4ea0 100644
+index cc7cba2..da4bd57 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
 @@ -629,6 +629,8 @@ static inline bool module_requested_async_probing(struct module *module)
@@ -41,10 +41,10 @@ index 0c3207d..c8b4ea0 100644
  
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index 0e54d5b..085b720 100644
+index 3d8f126..9a565d5 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4285,3 +4285,13 @@ void module_layout(struct module *mod,
+@@ -4299,3 +4299,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch

@@ -1,7 +1,7 @@
-From ac008727488d38debfe9d336bc3172c0cc6a55d3 Mon Sep 17 00:00:00 2001
+From b3852ff8d63155d0323a66b81c9c7835dd367b1c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
-Subject: [PATCH 02/18] PCI: Lock down BAR access when module security is
+Subject: [PATCH 02/16] PCI: Lock down BAR access when module security is
  enabled
 
 Any hardware that can potentially generate DMA has to be locked down from
@@ -18,7 +18,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  3 files changed, 19 insertions(+), 2 deletions(-)
 
 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index bcd10c7..a950301 100644
+index 0666287..9867e0c 100644
 --- a/drivers/pci/pci-sysfs.c
 +++ b/drivers/pci/pci-sysfs.c
 @@ -30,6 +30,7 @@
@@ -29,7 +29,7 @@ index bcd10c7..a950301 100644
  #include "pci.h"
  
  static int sysfs_initialized;	/* = 0 */
-@@ -716,6 +717,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
+@@ -718,6 +719,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
  	loff_t init_off = off;
  	u8 *data = (u8 *) buf;
  
@@ -39,7 +39,7 @@ index bcd10c7..a950301 100644
  	if (off > dev->cfg_size)
  		return 0;
  	if (off + count > dev->cfg_size) {
-@@ -1007,6 +1011,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
+@@ -1009,6 +1013,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
  	resource_size_t start, end;
  	int i;
  
@@ -49,7 +49,7 @@ index bcd10c7..a950301 100644
  	for (i = 0; i < PCI_ROM_RESOURCE; i++)
  		if (res == &pdev->resource[i])
  			break;
-@@ -1106,6 +1113,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
+@@ -1108,6 +1115,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
  				     struct bin_attribute *attr, char *buf,
  				     loff_t off, size_t count)
  {
@@ -60,7 +60,7 @@ index bcd10c7..a950301 100644
  }
  
 diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
-index 2408abe..59f321c 100644
+index f82710a..3af0fcf 100644
 --- a/drivers/pci/proc.c
 +++ b/drivers/pci/proc.c
 @@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf,
@@ -93,17 +93,17 @@ index 2408abe..59f321c 100644
  
  	/* Make sure the caller is mapping a real resource for this device */
 diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
-index b91c4da..98f5637 100644
+index 9bf993e..922bdf6 100644
 --- a/drivers/pci/syscall.c
 +++ b/drivers/pci/syscall.c
-@@ -10,6 +10,7 @@
- #include <linux/errno.h>
+@@ -11,6 +11,7 @@
  #include <linux/pci.h>
  #include <linux/syscalls.h>
+ #include <linux/uaccess.h>
 +#include <linux/module.h>
- #include <asm/uaccess.h>
  #include "pci.h"
  
+ SYSCALL_DEFINE5(pciconfig_read, unsigned long, bus, unsigned long, dfn,
 @@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
  	u32 dword;
  	int err = 0;

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch

@@ -1,7 +1,7 @@
-From 594c655d0c106fbc6c3789688d0f58dd741f2c49 Mon Sep 17 00:00:00 2001
+From 91f145f51fc8f22bc879da39bfe6d16e95b50202 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
-Subject: [PATCH 03/18] x86: Lock down IO port access when module security is
+Subject: [PATCH 03/16] x86: Lock down IO port access when module security is
  enabled
 
 IO port access would permit users to gain access to PCI configuration

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0004-ACPI-Limit-access-to-custom_method.patch

@@ -1,7 +1,7 @@
-From 6514dc7053261af884ba59e0a6c08a1c091dc9e0 Mon Sep 17 00:00:00 2001
+From 03d7d4e42715c4a314bdc669658065557c3b44c4 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
-Subject: [PATCH 04/18] ACPI: Limit access to custom_method
+Subject: [PATCH 04/16] ACPI: Limit access to custom_method
 
 custom_method effectively allows arbitrary access to system memory, making
 it possible for an attacker to circumvent restrictions on module loading.

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch

@@ -1,7 +1,7 @@
-From 459c4b5751f448645f26292fe780d97d47e84265 Mon Sep 17 00:00:00 2001
+From 914723fe6b4fccc9fb080d52cfc54de04d526e3d Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
-Subject: [PATCH 05/18] asus-wmi: Restrict debugfs interface when module
+Subject: [PATCH 05/16] asus-wmi: Restrict debugfs interface when module
  loading is restricted
 
 We have no way of validating what all of the Asus WMI methods do on a
@@ -16,10 +16,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 9 insertions(+)
 
 diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
-index ce6ca31..55d2399 100644
+index 43cb680..b5d77af 100644
 --- a/drivers/platform/x86/asus-wmi.c
 +++ b/drivers/platform/x86/asus-wmi.c
-@@ -1872,6 +1872,9 @@ static int show_dsts(struct seq_file *m, void *data)
+@@ -1898,6 +1898,9 @@ static int show_dsts(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
  
@@ -29,7 +29,7 @@ index ce6ca31..55d2399 100644
  	err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
  
  	if (err < 0)
-@@ -1888,6 +1891,9 @@ static int show_devs(struct seq_file *m, void *data)
+@@ -1914,6 +1917,9 @@ static int show_devs(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
  
@@ -39,7 +39,7 @@ index ce6ca31..55d2399 100644
  	err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
  				    &retval);
  
-@@ -1912,6 +1918,9 @@ static int show_call(struct seq_file *m, void *data)
+@@ -1938,6 +1944,9 @@ static int show_call(struct seq_file *m, void *data)
  	union acpi_object *obj;
  	acpi_status status;
  

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch

@@ -1,7 +1,7 @@
-From 06dd44588d8aa2f2c4a903b858660d6d6860c22f Mon Sep 17 00:00:00 2001
+From be3c5948ec57189c877afc2af2da91c45569db79 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
-Subject: [PATCH 06/18] Restrict /dev/mem and /dev/kmem when module loading is
+Subject: [PATCH 06/16] Restrict /dev/mem and /dev/kmem when module loading is
  restricted
 
 Allowing users to write to address space makes it possible for the kernel

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch

@@ -1,7 +1,7 @@
-From 904f9519810723da81230c693b60510684990837 Mon Sep 17 00:00:00 2001
+From 8802118d5ab3c81409bb2571f6c45d58fb60cb07 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
-Subject: [PATCH 07/18] acpi: Ignore acpi_rsdp kernel parameter when module
+Subject: [PATCH 07/16] acpi: Ignore acpi_rsdp kernel parameter when module
  loading is restricted
 
 This option allows userspace to pass the RSDP address to the kernel, which
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index 416953a..4887e34 100644
+index 57fb5f4..9174461 100644
 --- a/drivers/acpi/osl.c
 +++ b/drivers/acpi/osl.c
 @@ -40,6 +40,7 @@
@@ -24,10 +24,10 @@ index 416953a..4887e34 100644
 +#include <linux/module.h>
  
  #include <asm/io.h>
- #include <asm/uaccess.h>
-@@ -191,7 +192,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
- acpi_physical_address __init acpi_os_get_root_pointer(void)
- {
+ #include <linux/uaccess.h>
+@@ -192,7 +193,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void)
+ 	acpi_physical_address pa = 0;
+ 
  #ifdef CONFIG_KEXEC
 -	if (acpi_rsdp)
 +	if (acpi_rsdp && !secure_modules())

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch

@@ -1,7 +1,7 @@
-From 97b270a085859d5ada3614b45902c0b75df2be4e Mon Sep 17 00:00:00 2001
+From f1fcf911f8b2fc3e77685122e191a5faa2d90530 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Thu, 19 Nov 2015 18:55:53 -0800
-Subject: [PATCH 08/18] kexec: Disable at runtime if the kernel enforces module
+Subject: [PATCH 08/16] kexec: Disable at runtime if the kernel enforces module
  loading restrictions
 
 kexec permits the loading and execution of arbitrary code in ring 0, which

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch

@@ -1,7 +1,7 @@
-From 43e3113404497c837aa083b43b0a9e08dae73f53 Mon Sep 17 00:00:00 2001
+From 6cdc502e447e28b9aeba39cacad87a1a58573494 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
-Subject: [PATCH 09/18] x86: Restrict MSR access when module loading is
+Subject: [PATCH 09/16] x86: Restrict MSR access when module loading is
  restricted
 
 Writing to MSRs should not be allowed if module loading is restricted,
@@ -15,10 +15,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 7 insertions(+)
 
 diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 7f3550a..963ba40 100644
+index ef68880..74937d9 100644
 --- a/arch/x86/kernel/msr.c
 +++ b/arch/x86/kernel/msr.c
-@@ -83,6 +83,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
+@@ -84,6 +84,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
  	int err = 0;
  	ssize_t bytes = 0;
  
@@ -28,7 +28,7 @@ index 7f3550a..963ba40 100644
  	if (count % 8)
  		return -EINVAL;	/* Invalid chunk size */
  
-@@ -130,6 +133,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
+@@ -131,6 +134,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
  			err = -EBADF;
  			break;
  		}

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0010-Add-option-to-automatically-enforce-module-signature.patch

@@ -1,7 +1,7 @@
-From 24fd0e7dcfb42abc8999f0bc3b55bdf02324da75 Mon Sep 17 00:00:00 2001
+From 8513cddf6e021327feb0297ae9f3c113dd327620 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
-Subject: [PATCH 10/18] Add option to automatically enforce module signatures
+Subject: [PATCH 10/16] Add option to automatically enforce module signatures
  when in Secure Boot mode
 
 UEFI Secure Boot provides a mechanism for ensuring that the firmware will
@@ -34,10 +34,10 @@ index 95a4d34..b8527c6 100644
  290/040	ALL	edd_mbr_sig_buffer EDD MBR signatures
  2D0/A00	ALL	e820_map	E820 memory map table
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index bada636..882da2b 100644
+index e487493..5be38b4 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1786,6 +1786,16 @@ config EFI_MIXED
+@@ -1815,6 +1815,16 @@ config EFI_MIXED
  
  	   If unsure, say N.
  
@@ -55,7 +55,7 @@ index bada636..882da2b 100644
  	def_bool y
  	prompt "Enable seccomp to safely compute untrusted bytecode"
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index cc69e37..17b3765 100644
+index ff01c8f..3e9e29a 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -12,6 +12,7 @@
@@ -66,8 +66,8 @@ index cc69e37..17b3765 100644
  
  #include "../string.h"
  #include "eboot.h"
-@@ -537,6 +538,36 @@ static void setup_efi_pci(struct boot_params *params)
- 	efi_call_early(free_pool, pci_handle);
+@@ -600,6 +601,36 @@ static void setup_quirks(struct boot_params *boot_params)
+ 	}
  }
  
 +static int get_secure_boot(void)
@@ -103,7 +103,7 @@ index cc69e37..17b3765 100644
  static efi_status_t
  setup_uga32(void **uga_handle, unsigned long size, u32 *width, u32 *height)
  {
-@@ -1094,6 +1125,10 @@ struct boot_params *efi_main(struct efi_config *c,
+@@ -1157,6 +1188,10 @@ struct boot_params *efi_main(struct efi_config *c,
  	else
  		setup_boot_services32(efi_early);
  
@@ -115,10 +115,10 @@ index cc69e37..17b3765 100644
  
  	setup_efi_pci(boot_params);
 diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
-index c18ce67..2b3e542 100644
+index b10bf31..5138dac 100644
 --- a/arch/x86/include/uapi/asm/bootparam.h
 +++ b/arch/x86/include/uapi/asm/bootparam.h
-@@ -134,7 +134,8 @@ struct boot_params {
+@@ -135,7 +135,8 @@ struct boot_params {
  	__u8  eddbuf_entries;				/* 0x1e9 */
  	__u8  edd_mbr_sig_buf_entries;			/* 0x1ea */
  	__u8  kbd_status;				/* 0x1eb */
@@ -129,10 +129,10 @@ index c18ce67..2b3e542 100644
  	 * The sentinel is set to a nonzero value (0xff) in header.S.
  	 *
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 9c337b0..f7f369b 100644
+index 4cfba94..7c4295c 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1184,6 +1184,12 @@ void __init setup_arch(char **cmdline_p)
  
  	io_delay_init();
  
@@ -146,7 +146,7 @@ index 9c337b0..f7f369b 100644
  	 * Parse the ACPI tables for possible boot-time SMP configuration.
  	 */
 diff --git a/include/linux/module.h b/include/linux/module.h
-index c8b4ea0..8918ef4 100644
+index da4bd57..25d88bb 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
 @@ -260,6 +260,12 @@ extern const typeof(name) __mod_##type##__##name##_device_table		\
@@ -163,10 +163,10 @@ index c8b4ea0..8918ef4 100644
  
  extern int modules_disabled; /* for sysctl */
 diff --git a/kernel/module.c b/kernel/module.c
-index 085b720..e0c6216 100644
+index 9a565d5..421ee82 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4286,6 +4286,13 @@ void module_layout(struct module *mod,
+@@ -4300,6 +4300,13 @@ void module_layout(struct module *mod,
  EXPORT_SYMBOL(module_layout);
  #endif
  

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch

@@ -1,7 +1,7 @@
-From 24e6c471ffdfed1d389c9bd033117e1ca4cbd97b Mon Sep 17 00:00:00 2001
+From 4c58cd43848c62e13421c4f4fa98df540e674fba Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
-Subject: [PATCH 11/18] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
+Subject: [PATCH 11/16] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
 
 The functionality of the config option is dependent upon the platform being
 UEFI based.  Reflect this in the config deps.
@@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 882da2b..d666ef8b 100644
+index 5be38b4..efe6b42 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1787,7 +1787,8 @@ config EFI_MIXED
+@@ -1816,7 +1816,8 @@ config EFI_MIXED
  	   If unsure, say N.
  
  config EFI_SECURE_BOOT_SIG_ENFORCE

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch

@@ -1,7 +1,7 @@
-From 3891469497a0435fa026dca9fe58dc707d49c197 Mon Sep 17 00:00:00 2001
+From d70536a7ba4cf46392317622faa74d97c3215b5c Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
-Subject: [PATCH 12/18] efi: Add EFI_SECURE_BOOT bit
+Subject: [PATCH 12/16] efi: Add EFI_SECURE_BOOT bit
 
 UEFI machines can be booted in Secure Boot mode.  Add a EFI_SECURE_BOOT bit
 for use with efi_enabled.
@@ -13,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  2 files changed, 3 insertions(+)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index f7f369b..60dccc2 100644
+index 7c4295c..c5c88bc 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
+@@ -1186,7 +1186,9 @@ void __init setup_arch(char **cmdline_p)
  
  #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
  	if (boot_params.secure_boot) {
@@ -27,10 +27,10 @@ index f7f369b..60dccc2 100644
  #endif
  
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index cba7177..0d76705 100644
+index 5b1af30..1b12c29 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -1045,6 +1045,7 @@ extern int __init efi_setup_pcdp_console(char *);
+@@ -1065,6 +1065,7 @@ extern int __init efi_setup_pcdp_console(char *);
  #define EFI_ARCH_1		7	/* First arch-specific bit */
  #define EFI_DBG			8	/* Print additional debug info at runtime */
  #define EFI_NX_PE_DATA		9	/* Can runtime data regions be mapped non-executable? */

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0013-hibernate-Disable-in-a-signed-modules-environment.patch

@@ -1,7 +1,7 @@
-From 804784cb138b64f247a1db03d2b43118e4d31e54 Mon Sep 17 00:00:00 2001
+From e9e2b41c3642aa993063c9cac6551590e4c30c35 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 20 Jun 2014 08:53:24 -0400
-Subject: [PATCH 13/18] hibernate: Disable in a signed modules environment
+Subject: [PATCH 13/16] hibernate: Disable in a signed modules environment
 
 There is currently no way to verify the resume image when returning
 from hibernate.  This might compromise the signed modules trust model,

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch

@@ -1,7 +1,7 @@
-From 023410cc67fdf43960f44d73121e735aeee3fc35 Mon Sep 17 00:00:00 2001
+From 0e124e61a4387e81e9d80c2df48683d6fa209d4a Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
-Subject: [PATCH 14/18] kbuild: derive relative path for KBUILD_SRC from CURDIR
+Subject: [PATCH 14/16] kbuild: derive relative path for KBUILD_SRC from CURDIR
 
 This enables relocating source and build trees to different roots,
 provided they stay reachable relative to one another.  Useful for
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index c0c41c9..8ab8bd3 100644
+index f1e6a02..18e3450 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -147,7 +147,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0015-Add-arm64-coreos-verity-hash.patch

@@ -1,7 +1,7 @@
-From 888796efad08c03f7868fe02189e02132e925766 Mon Sep 17 00:00:00 2001
+From 27499a2ffb18d13cb0b4ffe67cbccec23ba7b551 Mon Sep 17 00:00:00 2001
 From: Geoff Levand <geoff@infradead.org>
 Date: Fri, 11 Nov 2016 17:28:52 -0800
-Subject: [PATCH 15/18] Add arm64 coreos verity hash
+Subject: [PATCH 15/16] Add arm64 coreos verity hash
 
 Signed-off-by: Geoff Levand <geoff@infradead.org>
 ---
@@ -9,7 +9,7 @@ Signed-off-by: Geoff Levand <geoff@infradead.org>
  1 file changed, 5 insertions(+)
 
 diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
-index 332e331..964bae1 100644
+index 4b1abac..a53fa57 100644
 --- a/arch/arm64/kernel/head.S
 +++ b/arch/arm64/kernel/head.S
 @@ -195,6 +195,11 @@ section_table:

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch

@@ -1,7 +1,7 @@
-From 648e8f090f90f19237cfa70c047419341de49417 Mon Sep 17 00:00:00 2001
+From c67b19ff423d5d94e7b69dc82e09f12446bf5888 Mon Sep 17 00:00:00 2001
 From: Stephen Smalley <sds@tycho.nsa.gov>
 Date: Mon, 9 Jan 2017 10:07:31 -0500
-Subject: [PATCH 16/18] selinux: allow context mounts on tmpfs, ramfs, devpts
+Subject: [PATCH 16/16] selinux: allow context mounts on tmpfs, ramfs, devpts
  within user namespaces
 
 commit aad82892af261b9903cc11c55be3ecf5f0b0b4f8 ("selinux: Add support for
@@ -31,10 +31,10 @@ Signed-off-by: Paul Moore <paul@paul-moore.com>
  1 file changed, 7 insertions(+), 3 deletions(-)
 
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 09fd610..7f4387f 100644
+index d98550a..fbf2d6d 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
-@@ -832,10 +832,14 @@ static int selinux_set_mnt_opts(struct super_block *sb,
+@@ -833,10 +833,14 @@ static int selinux_set_mnt_opts(struct super_block *sb,
  	}
  
  	/*

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0017-perf-x86-intel-rapl-Make-package-handling-more-robus.patch

@@ -1,179 +0,0 @@
-From 463b9d55d967de5900c5097bc99c34f4207a85a9 Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Tue, 31 Jan 2017 23:58:38 +0100
-Subject: [PATCH 17/18] perf/x86/intel/rapl: Make package handling more robust
-
-The package management code in RAPL relies on package mapping being
-available before a CPU is started. This changed with:
-
-  9d85eb9119f4 ("x86/smpboot: Make logical package management more robust")
-
-because the ACPI/BIOS information turned out to be unreliable, but that
-left RAPL in broken state. This was not noticed because on a regular boot
-all CPUs are online before RAPL is initialized.
-
-A possible fix would be to reintroduce the mess which allocates a package
-data structure in CPU prepare and when it turns out to already exist in
-starting throw it away later in the CPU online callback. But that's a
-horrible hack and not required at all because RAPL becomes functional for
-perf only in the CPU online callback. That's correct because user space is
-not yet informed about the CPU being onlined, so nothing caan rely on RAPL
-being available on that particular CPU.
-
-Move the allocation to the CPU online callback and simplify the hotplug
-handling. At this point the package mapping is established and correct.
-
-This also adds a missing check for available package data in the
-event_init() function.
-
-Reported-by: Yasuaki Ishimatsu <yasu.isimatu@gmail.com>
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
-Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
-Cc: Jiri Olsa <jolsa@redhat.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Sebastian Siewior <bigeasy@linutronix.de>
-Cc: Stephane Eranian <eranian@google.com>
-Cc: Vince Weaver <vincent.weaver@maine.edu>
-Fixes: 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust")
-Link: http://lkml.kernel.org/r/20170131230141.212593966@linutronix.de
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
- arch/x86/events/intel/rapl.c | 60 +++++++++++++++++++-------------------------
- include/linux/cpuhotplug.h   |  1 -
- 2 files changed, 26 insertions(+), 35 deletions(-)
-
-diff --git a/arch/x86/events/intel/rapl.c b/arch/x86/events/intel/rapl.c
-index 0a535ce..1dba3c2 100644
---- a/arch/x86/events/intel/rapl.c
-+++ b/arch/x86/events/intel/rapl.c
-@@ -161,7 +161,13 @@ static u64 rapl_timer_ms;
- 
- static inline struct rapl_pmu *cpu_to_rapl_pmu(unsigned int cpu)
- {
--	return rapl_pmus->pmus[topology_logical_package_id(cpu)];
-+	unsigned int pkgid = topology_logical_package_id(cpu);
-+
-+	/*
-+	 * The unsigned check also catches the '-1' return value for non
-+	 * existent mappings in the topology map.
-+	 */
-+	return pkgid < rapl_pmus->maxpkg ? rapl_pmus->pmus[pkgid] : NULL;
- }
- 
- static inline u64 rapl_read_counter(struct perf_event *event)
-@@ -402,6 +408,8 @@ static int rapl_pmu_event_init(struct perf_event *event)
- 
- 	/* must be done before validate_group */
- 	pmu = cpu_to_rapl_pmu(event->cpu);
-+	if (!pmu)
-+		return -EINVAL;
- 	event->cpu = pmu->cpu;
- 	event->pmu_private = pmu;
- 	event->hw.event_base = msr;
-@@ -585,6 +593,20 @@ static int rapl_cpu_online(unsigned int cpu)
- 	struct rapl_pmu *pmu = cpu_to_rapl_pmu(cpu);
- 	int target;
- 
-+	if (!pmu) {
-+		pmu = kzalloc_node(sizeof(*pmu), GFP_KERNEL, cpu_to_node(cpu));
-+		if (!pmu)
-+			return -ENOMEM;
-+
-+		raw_spin_lock_init(&pmu->lock);
-+		INIT_LIST_HEAD(&pmu->active_list);
-+		pmu->pmu = &rapl_pmus->pmu;
-+		pmu->timer_interval = ms_to_ktime(rapl_timer_ms);
-+		rapl_hrtimer_init(pmu);
-+
-+		rapl_pmus->pmus[topology_logical_package_id(cpu)] = pmu;
-+	}
-+
- 	/*
- 	 * Check if there is an online cpu in the package which collects rapl
- 	 * events already.
-@@ -598,27 +620,6 @@ static int rapl_cpu_online(unsigned int cpu)
- 	return 0;
- }
- 
--static int rapl_cpu_prepare(unsigned int cpu)
--{
--	struct rapl_pmu *pmu = cpu_to_rapl_pmu(cpu);
--
--	if (pmu)
--		return 0;
--
--	pmu = kzalloc_node(sizeof(*pmu), GFP_KERNEL, cpu_to_node(cpu));
--	if (!pmu)
--		return -ENOMEM;
--
--	raw_spin_lock_init(&pmu->lock);
--	INIT_LIST_HEAD(&pmu->active_list);
--	pmu->pmu = &rapl_pmus->pmu;
--	pmu->timer_interval = ms_to_ktime(rapl_timer_ms);
--	pmu->cpu = -1;
--	rapl_hrtimer_init(pmu);
--	rapl_pmus->pmus[topology_logical_package_id(cpu)] = pmu;
--	return 0;
--}
--
- static int rapl_check_hw_unit(bool apply_quirk)
- {
- 	u64 msr_rapl_power_unit_bits;
-@@ -802,29 +803,21 @@ static int __init rapl_pmu_init(void)
- 	/*
- 	 * Install callbacks. Core will call them for each online cpu.
- 	 */
--
--	ret = cpuhp_setup_state(CPUHP_PERF_X86_RAPL_PREP, "PERF_X86_RAPL_PREP",
--				rapl_cpu_prepare, NULL);
--	if (ret)
--		goto out;
--
- 	ret = cpuhp_setup_state(CPUHP_AP_PERF_X86_RAPL_ONLINE,
- 				"AP_PERF_X86_RAPL_ONLINE",
- 				rapl_cpu_online, rapl_cpu_offline);
- 	if (ret)
--		goto out1;
-+		goto out;
- 
- 	ret = perf_pmu_register(&rapl_pmus->pmu, "power", -1);
- 	if (ret)
--		goto out2;
-+		goto out1;
- 
- 	rapl_advertise();
- 	return 0;
- 
--out2:
--	cpuhp_remove_state(CPUHP_AP_PERF_X86_RAPL_ONLINE);
- out1:
--	cpuhp_remove_state(CPUHP_PERF_X86_RAPL_PREP);
-+	cpuhp_remove_state(CPUHP_AP_PERF_X86_RAPL_ONLINE);
- out:
- 	pr_warn("Initialization failed (%d), disabled\n", ret);
- 	cleanup_rapl_pmus();
-@@ -835,7 +828,6 @@ module_init(rapl_pmu_init);
- static void __exit intel_rapl_exit(void)
- {
- 	cpuhp_remove_state_nocalls(CPUHP_AP_PERF_X86_RAPL_ONLINE);
--	cpuhp_remove_state_nocalls(CPUHP_PERF_X86_RAPL_PREP);
- 	perf_pmu_unregister(&rapl_pmus->pmu);
- 	cleanup_rapl_pmus();
- }
-diff --git a/include/linux/cpuhotplug.h b/include/linux/cpuhotplug.h
-index ba1cad7..965cc56 100644
---- a/include/linux/cpuhotplug.h
-+++ b/include/linux/cpuhotplug.h
-@@ -10,7 +10,6 @@ enum cpuhp_state {
- 	CPUHP_PERF_X86_PREPARE,
- 	CPUHP_PERF_X86_UNCORE_PREP,
- 	CPUHP_PERF_X86_AMD_UNCORE_PREP,
--	CPUHP_PERF_X86_RAPL_PREP,
- 	CPUHP_PERF_BFIN,
- 	CPUHP_PERF_POWER,
- 	CPUHP_PERF_SUPERH,
--- 
-2.9.3
-

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0018-perf-x86-intel-uncore-Make-package-handling-more-rob.patch

@@ -1,309 +0,0 @@
-From c768c2f2907728b8ce5c43718221afcd1353da8b Mon Sep 17 00:00:00 2001
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Tue, 31 Jan 2017 23:58:40 +0100
-Subject: [PATCH 18/18] perf/x86/intel/uncore: Make package handling more
- robust
-
-The package management code in uncore relies on package mapping being
-available before a CPU is started. This changed with:
-
-  9d85eb9119f4 ("x86/smpboot: Make logical package management more robust")
-
-because the ACPI/BIOS information turned out to be unreliable, but that
-left uncore in broken state. This was not noticed because on a regular boot
-all CPUs are online before uncore is initialized.
-
-Move the allocation to the CPU online callback and simplify the hotplug
-handling. At this point the package mapping is established and correct.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
-Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
-Cc: Jiri Olsa <jolsa@redhat.com>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Sebastian Siewior <bigeasy@linutronix.de>
-Cc: Stephane Eranian <eranian@google.com>
-Cc: Vince Weaver <vincent.weaver@maine.edu>
-Cc: Yasuaki Ishimatsu <yasu.isimatu@gmail.com>
-Fixes: 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust")
-Link: http://lkml.kernel.org/r/20170131230141.377156255@linutronix.de
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
- arch/x86/events/intel/uncore.c | 196 +++++++++++++++++++----------------------
- include/linux/cpuhotplug.h     |   2 -
- 2 files changed, 91 insertions(+), 107 deletions(-)
-
-diff --git a/arch/x86/events/intel/uncore.c b/arch/x86/events/intel/uncore.c
-index 19d646a..f2d760d 100644
---- a/arch/x86/events/intel/uncore.c
-+++ b/arch/x86/events/intel/uncore.c
-@@ -100,7 +100,13 @@ ssize_t uncore_event_show(struct kobject *kobj,
- 
- struct intel_uncore_box *uncore_pmu_to_box(struct intel_uncore_pmu *pmu, int cpu)
- {
--	return pmu->boxes[topology_logical_package_id(cpu)];
-+	unsigned int pkgid = topology_logical_package_id(cpu);
-+
-+	/*
-+	 * The unsigned check also catches the '-1' return value for non
-+	 * existent mappings in the topology map.
-+	 */
-+	return pkgid < max_packages ? pmu->boxes[pkgid] : NULL;
- }
- 
- u64 uncore_msr_read_counter(struct intel_uncore_box *box, struct perf_event *event)
-@@ -1033,76 +1039,6 @@ static void uncore_pci_exit(void)
- 	}
- }
- 
--static int uncore_cpu_dying(unsigned int cpu)
--{
--	struct intel_uncore_type *type, **types = uncore_msr_uncores;
--	struct intel_uncore_pmu *pmu;
--	struct intel_uncore_box *box;
--	int i, pkg;
--
--	pkg = topology_logical_package_id(cpu);
--	for (; *types; types++) {
--		type = *types;
--		pmu = type->pmus;
--		for (i = 0; i < type->num_boxes; i++, pmu++) {
--			box = pmu->boxes[pkg];
--			if (box && atomic_dec_return(&box->refcnt) == 0)
--				uncore_box_exit(box);
--		}
--	}
--	return 0;
--}
--
--static int uncore_cpu_starting(unsigned int cpu)
--{
--	struct intel_uncore_type *type, **types = uncore_msr_uncores;
--	struct intel_uncore_pmu *pmu;
--	struct intel_uncore_box *box;
--	int i, pkg;
--
--	pkg = topology_logical_package_id(cpu);
--	for (; *types; types++) {
--		type = *types;
--		pmu = type->pmus;
--		for (i = 0; i < type->num_boxes; i++, pmu++) {
--			box = pmu->boxes[pkg];
--			if (!box)
--				continue;
--			/* The first cpu on a package activates the box */
--			if (atomic_inc_return(&box->refcnt) == 1)
--				uncore_box_init(box);
--		}
--	}
--
--	return 0;
--}
--
--static int uncore_cpu_prepare(unsigned int cpu)
--{
--	struct intel_uncore_type *type, **types = uncore_msr_uncores;
--	struct intel_uncore_pmu *pmu;
--	struct intel_uncore_box *box;
--	int i, pkg;
--
--	pkg = topology_logical_package_id(cpu);
--	for (; *types; types++) {
--		type = *types;
--		pmu = type->pmus;
--		for (i = 0; i < type->num_boxes; i++, pmu++) {
--			if (pmu->boxes[pkg])
--				continue;
--			/* First cpu of a package allocates the box */
--			box = uncore_alloc_box(type, cpu_to_node(cpu));
--			if (!box)
--				return -ENOMEM;
--			box->pmu = pmu;
--			box->pkgid = pkg;
--			pmu->boxes[pkg] = box;
--		}
--	}
--	return 0;
--}
--
- static void uncore_change_type_ctx(struct intel_uncore_type *type, int old_cpu,
- 				   int new_cpu)
- {
-@@ -1142,12 +1078,14 @@ static void uncore_change_context(struct intel_uncore_type **uncores,
- 
- static int uncore_event_cpu_offline(unsigned int cpu)
- {
--	int target;
-+	struct intel_uncore_type *type, **types = uncore_msr_uncores;
-+	struct intel_uncore_pmu *pmu;
-+	struct intel_uncore_box *box;
-+	int i, pkg, target;
- 
- 	/* Check if exiting cpu is used for collecting uncore events */
- 	if (!cpumask_test_and_clear_cpu(cpu, &uncore_cpu_mask))
--		return 0;
--
-+		goto unref;
- 	/* Find a new cpu to collect uncore events */
- 	target = cpumask_any_but(topology_core_cpumask(cpu), cpu);
- 
-@@ -1159,12 +1097,82 @@ static int uncore_event_cpu_offline(unsigned int cpu)
- 
- 	uncore_change_context(uncore_msr_uncores, cpu, target);
- 	uncore_change_context(uncore_pci_uncores, cpu, target);
-+
-+unref:
-+	/* Clear the references */
-+	pkg = topology_logical_package_id(cpu);
-+	for (; *types; types++) {
-+		type = *types;
-+		pmu = type->pmus;
-+		for (i = 0; i < type->num_boxes; i++, pmu++) {
-+			box = pmu->boxes[pkg];
-+			if (box && atomic_dec_return(&box->refcnt) == 0)
-+				uncore_box_exit(box);
-+		}
-+	}
- 	return 0;
- }
- 
-+static int allocate_boxes(struct intel_uncore_type **types,
-+			 unsigned int pkg, unsigned int cpu)
-+{
-+	struct intel_uncore_box *box, *tmp;
-+	struct intel_uncore_type *type;
-+	struct intel_uncore_pmu *pmu;
-+	LIST_HEAD(allocated);
-+	int i;
-+
-+	/* Try to allocate all required boxes */
-+	for (; *types; types++) {
-+		type = *types;
-+		pmu = type->pmus;
-+		for (i = 0; i < type->num_boxes; i++, pmu++) {
-+			if (pmu->boxes[pkg])
-+				continue;
-+			box = uncore_alloc_box(type, cpu_to_node(cpu));
-+			if (!box)
-+				goto cleanup;
-+			box->pmu = pmu;
-+			box->pkgid = pkg;
-+			list_add(&box->active_list, &allocated);
-+		}
-+	}
-+	/* Install them in the pmus */
-+	list_for_each_entry_safe(box, tmp, &allocated, active_list) {
-+		list_del_init(&box->active_list);
-+		box->pmu->boxes[pkg] = box;
-+	}
-+	return 0;
-+
-+cleanup:
-+	list_for_each_entry_safe(box, tmp, &allocated, active_list) {
-+		list_del_init(&box->active_list);
-+		kfree(box);
-+	}
-+	return -ENOMEM;
-+}
-+
- static int uncore_event_cpu_online(unsigned int cpu)
- {
--	int target;
-+	struct intel_uncore_type *type, **types = uncore_msr_uncores;
-+	struct intel_uncore_pmu *pmu;
-+	struct intel_uncore_box *box;
-+	int i, ret, pkg, target;
-+
-+	pkg = topology_logical_package_id(cpu);
-+	ret = allocate_boxes(types, pkg, cpu);
-+	if (ret)
-+		return ret;
-+
-+	for (; *types; types++) {
-+		type = *types;
-+		pmu = type->pmus;
-+		for (i = 0; i < type->num_boxes; i++, pmu++) {
-+			box = pmu->boxes[pkg];
-+			if (!box && atomic_inc_return(&box->refcnt) == 1)
-+				uncore_box_init(box);
-+		}
-+	}
- 
- 	/*
- 	 * Check if there is an online cpu in the package
-@@ -1354,33 +1362,13 @@ static int __init intel_uncore_init(void)
- 	if (cret && pret)
- 		return -ENODEV;
- 
--	/*
--	 * Install callbacks. Core will call them for each online cpu.
--	 *
--	 * The first online cpu of each package allocates and takes
--	 * the refcounts for all other online cpus in that package.
--	 * If msrs are not enabled no allocation is required and
--	 * uncore_cpu_prepare() is not called for each online cpu.
--	 */
--	if (!cret) {
--	       ret = cpuhp_setup_state(CPUHP_PERF_X86_UNCORE_PREP,
--					"PERF_X86_UNCORE_PREP",
--					uncore_cpu_prepare, NULL);
--		if (ret)
--			goto err;
--	} else {
--		cpuhp_setup_state_nocalls(CPUHP_PERF_X86_UNCORE_PREP,
--					  "PERF_X86_UNCORE_PREP",
--					  uncore_cpu_prepare, NULL);
--	}
--
--	cpuhp_setup_state(CPUHP_AP_PERF_X86_UNCORE_STARTING,
--			  "AP_PERF_X86_UNCORE_STARTING",
--			  uncore_cpu_starting, uncore_cpu_dying);
--
--	cpuhp_setup_state(CPUHP_AP_PERF_X86_UNCORE_ONLINE,
--			  "AP_PERF_X86_UNCORE_ONLINE",
--			  uncore_event_cpu_online, uncore_event_cpu_offline);
-+	/* Install hotplug callbacks to setup the targets for each package */
-+	ret = cpuhp_setup_state(CPUHP_AP_PERF_X86_UNCORE_ONLINE,
-+				"AP_PERF_X86_UNCORE_ONLINE",
-+				uncore_event_cpu_online,
-+				uncore_event_cpu_offline);
-+	if (ret)
-+		goto err;
- 	return 0;
- 
- err:
-@@ -1392,9 +1380,7 @@ module_init(intel_uncore_init);
- 
- static void __exit intel_uncore_exit(void)
- {
--	cpuhp_remove_state_nocalls(CPUHP_AP_PERF_X86_UNCORE_ONLINE);
--	cpuhp_remove_state_nocalls(CPUHP_AP_PERF_X86_UNCORE_STARTING);
--	cpuhp_remove_state_nocalls(CPUHP_PERF_X86_UNCORE_PREP);
-+	cpuhp_remove_state(CPUHP_AP_PERF_X86_UNCORE_ONLINE);
- 	uncore_types_exit(uncore_msr_uncores);
- 	uncore_pci_exit();
- }
-diff --git a/include/linux/cpuhotplug.h b/include/linux/cpuhotplug.h
-index 965cc56..ce83119 100644
---- a/include/linux/cpuhotplug.h
-+++ b/include/linux/cpuhotplug.h
-@@ -8,7 +8,6 @@ enum cpuhp_state {
- 	CPUHP_CREATE_THREADS,
- 	CPUHP_PERF_PREPARE,
- 	CPUHP_PERF_X86_PREPARE,
--	CPUHP_PERF_X86_UNCORE_PREP,
- 	CPUHP_PERF_X86_AMD_UNCORE_PREP,
- 	CPUHP_PERF_BFIN,
- 	CPUHP_PERF_POWER,
-@@ -63,7 +62,6 @@ enum cpuhp_state {
- 	CPUHP_AP_IRQ_ARMADA_CASC_STARTING,
- 	CPUHP_AP_IRQ_BCM2836_STARTING,
- 	CPUHP_AP_ARM_MVEBU_COHERENCY,
--	CPUHP_AP_PERF_X86_UNCORE_STARTING,
- 	CPUHP_AP_PERF_X86_AMD_UNCORE_STARTING,
- 	CPUHP_AP_PERF_X86_STARTING,
- 	CPUHP_AP_PERF_X86_AMD_IBS_STARTING,
--- 
-2.9.3
-