From cdf6c9f78024f87f2598552a80f57f8a8682fbb5 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 24 Feb 2017 16:14:35 -0800 Subject: [PATCH] sys-kernel/coreos-*: bump to v4.10 --- ...9.9.ebuild => coreos-kernel-4.10.0.ebuild} | 0 ....9.ebuild => coreos-modules-4.10.0.ebuild} | 0 ...d64_defconfig-4.9 => amd64_defconfig-4.10} | 0 ...m64_defconfig-4.9 => arm64_defconfig-4.10} | 0 .../{commonconfig-4.9 => commonconfig-4.10} | 0 .../sys-kernel/coreos-sources/Manifest | 3 +- ....9.ebuild => coreos-sources-4.10.0.ebuild} | 2 - .../z0001-Add-secure_modules-call.patch | 10 +- ...R-access-when-module-security-is-ena.patch | 22 +- ...-port-access-when-module-security-is.patch | 4 +- ...4-ACPI-Limit-access-to-custom_method.patch | 4 +- ...t-debugfs-interface-when-module-load.patch | 12 +- ...-and-dev-kmem-when-module-loading-is.patch | 4 +- ..._rsdp-kernel-parameter-when-module-l.patch | 14 +- ...-runtime-if-the-kernel-enforces-modu.patch | 4 +- ...-access-when-module-loading-is-restr.patch | 10 +- ...tomatically-enforce-module-signature.patch | 30 +- ...ECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch | 8 +- .../z0012-efi-Add-EFI_SECURE_BOOT-bit.patch | 12 +- ...able-in-a-signed-modules-environment.patch | 4 +- ...lative-path-for-KBUILD_SRC-from-CURD.patch | 6 +- .../z0015-Add-arm64-coreos-verity-hash.patch | 6 +- ...ntext-mounts-on-tmpfs-ramfs-devpts-w.patch | 8 +- ...apl-Make-package-handling-more-robus.patch | 179 ---------- ...ncore-Make-package-handling-more-rob.patch | 309 ------------------ 25 files changed, 80 insertions(+), 571 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-4.9.9.ebuild => coreos-kernel-4.10.0.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/{coreos-modules-4.9.9.ebuild => coreos-modules-4.10.0.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{amd64_defconfig-4.9 => amd64_defconfig-4.10} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{arm64_defconfig-4.9 => arm64_defconfig-4.10} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{commonconfig-4.9 => commonconfig-4.10} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-4.9.9.ebuild => coreos-sources-4.10.0.ebuild} (91%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0001-Add-secure_modules-call.patch (86%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch (85%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch (94%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0004-ACPI-Limit-access-to-custom_method.patch (88%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch (79%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch (90%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch (72%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch (89%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch (77%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0010-Add-option-to-automatically-enforce-module-signature.patch (87%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch (78%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch (78%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0013-hibernate-Disable-in-a-signed-modules-environment.patch (89%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch (84%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0015-Add-arm64-coreos-verity-hash.patch (83%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{4.9 => 4.10}/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch (90%) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0017-perf-x86-intel-rapl-Make-package-handling-more-robus.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0018-perf-x86-intel-uncore-Make-package-handling-more-rob.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.9.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.10.0.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.9.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.10.0.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.9.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.10.0.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.9.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.10.0.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.9 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.10 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.9 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-4.10 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-4.9 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-4.10 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-4.9 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-4.10 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-4.9 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-4.10 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-4.9 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-4.10 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest index cfdb5f2624..0178c0d1c7 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest @@ -1,2 +1 @@ -DIST linux-4.9.tar.xz 93192404 SHA256 029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a SHA512 bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a WHIRLPOOL 072505b29972ad120eb25a074217847c9c2813416c4903e605a0433574f5f87616dbea0b1454e4b19acc48107f11274b682958b1d773373156e99f8163e6606a -DIST patch-4.9.9.xz 256400 SHA256 ec97e3bf8585865d409a804316b276a6b4e4939286de9757f99bfb41cf112078 SHA512 a7a2d44b83b00b20f1424d12af0f42e1c576d3053feacd13491ef185661fb1c789b9265c500b62f5ede39f57b72f358820000fa6c852a5f035e566ee1dfcd5d9 WHIRLPOOL 3d83b79dd6d4ca249638338cfd93153f2914142859d4126fbc499acc30f1aef2ba7d59c41c337fd45fb20b56b375fb2457319c933bdf8c38b656eb3e340fe95e +DIST linux-4.10.tar.xz 94231404 SHA256 3c95d9f049bd085e5c346d2c77f063b8425f191460fcd3ae9fe7e94e0477dc4b SHA512 c3690125a8402df638095bd98a613fcf1a257b81de7611c84711d315cd11e2634ab4636302b3742aedf1e3ba9ce0fea53fe8c7d48e37865d8ee5db3565220d90 WHIRLPOOL 86d021bae2dbfc4ef80c22d9e886bed4fbd9476473a2851d7beaf8ed0c7f7fbc1fa0da230eb9e763eb231b7c164c17b2a73fd336ab233543f57be280d6173738 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.9.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.10.0.ebuild similarity index 91% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.9.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.10.0.ebuild index 3a80592313..d34ba81d76 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.9.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.10.0.ebuild @@ -36,6 +36,4 @@ UNIPATCH_LIST=" ${PATCH_DIR}/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \ ${PATCH_DIR}/z0015-Add-arm64-coreos-verity-hash.patch \ ${PATCH_DIR}/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch \ - ${PATCH_DIR}/z0017-perf-x86-intel-rapl-Make-package-handling-more-robus.patch \ - ${PATCH_DIR}/z0018-perf-x86-intel-uncore-Make-package-handling-more-rob.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0001-Add-secure_modules-call.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0001-Add-secure_modules-call.patch similarity index 86% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0001-Add-secure_modules-call.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0001-Add-secure_modules-call.patch index 144dc975de..77c32b38c1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0001-Add-secure_modules-call.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0001-Add-secure_modules-call.patch @@ -1,7 +1,7 @@ -From 428385fe28e9523377ecf26c97dd36382468fd8d Mon Sep 17 00:00:00 2001 +From 73bb7b8238ec592b103a34d8cf0390afc63bd7e1 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Aug 2013 17:58:15 -0400 -Subject: [PATCH 01/18] Add secure_modules() call +Subject: [PATCH 01/16] Add secure_modules() call Provide a single call to allow kernel code to determine whether the system has been configured to either disable module loading entirely or to load @@ -17,7 +17,7 @@ Signed-off-by: Matthew Garrett 2 files changed, 16 insertions(+) diff --git a/include/linux/module.h b/include/linux/module.h -index 0c3207d..c8b4ea0 100644 +index cc7cba2..da4bd57 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -629,6 +629,8 @@ static inline bool module_requested_async_probing(struct module *module) @@ -41,10 +41,10 @@ index 0c3207d..c8b4ea0 100644 #ifdef CONFIG_SYSFS diff --git a/kernel/module.c b/kernel/module.c -index 0e54d5b..085b720 100644 +index 3d8f126..9a565d5 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -4285,3 +4285,13 @@ void module_layout(struct module *mod, +@@ -4299,3 +4299,13 @@ void module_layout(struct module *mod, } EXPORT_SYMBOL(module_layout); #endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch similarity index 85% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch index 55d26e705a..6774aa355a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch @@ -1,7 +1,7 @@ -From ac008727488d38debfe9d336bc3172c0cc6a55d3 Mon Sep 17 00:00:00 2001 +From b3852ff8d63155d0323a66b81c9c7835dd367b1c Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 8 Mar 2012 10:10:38 -0500 -Subject: [PATCH 02/18] PCI: Lock down BAR access when module security is +Subject: [PATCH 02/16] PCI: Lock down BAR access when module security is enabled Any hardware that can potentially generate DMA has to be locked down from @@ -18,7 +18,7 @@ Signed-off-by: Matthew Garrett 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index bcd10c7..a950301 100644 +index 0666287..9867e0c 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -30,6 +30,7 @@ @@ -29,7 +29,7 @@ index bcd10c7..a950301 100644 #include "pci.h" static int sysfs_initialized; /* = 0 */ -@@ -716,6 +717,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, +@@ -718,6 +719,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, loff_t init_off = off; u8 *data = (u8 *) buf; @@ -39,7 +39,7 @@ index bcd10c7..a950301 100644 if (off > dev->cfg_size) return 0; if (off + count > dev->cfg_size) { -@@ -1007,6 +1011,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, +@@ -1009,6 +1013,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, resource_size_t start, end; int i; @@ -49,7 +49,7 @@ index bcd10c7..a950301 100644 for (i = 0; i < PCI_ROM_RESOURCE; i++) if (res == &pdev->resource[i]) break; -@@ -1106,6 +1113,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, +@@ -1108,6 +1115,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { @@ -60,7 +60,7 @@ index bcd10c7..a950301 100644 } diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c -index 2408abe..59f321c 100644 +index f82710a..3af0fcf 100644 --- a/drivers/pci/proc.c +++ b/drivers/pci/proc.c @@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf, @@ -93,17 +93,17 @@ index 2408abe..59f321c 100644 /* Make sure the caller is mapping a real resource for this device */ diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c -index b91c4da..98f5637 100644 +index 9bf993e..922bdf6 100644 --- a/drivers/pci/syscall.c +++ b/drivers/pci/syscall.c -@@ -10,6 +10,7 @@ - #include +@@ -11,6 +11,7 @@ #include #include + #include +#include - #include #include "pci.h" + SYSCALL_DEFINE5(pciconfig_read, unsigned long, bus, unsigned long, dfn, @@ -92,7 +93,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn, u32 dword; int err = 0; diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch similarity index 94% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch index d85409d460..0da1cdd274 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch @@ -1,7 +1,7 @@ -From 594c655d0c106fbc6c3789688d0f58dd741f2c49 Mon Sep 17 00:00:00 2001 +From 91f145f51fc8f22bc879da39bfe6d16e95b50202 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 8 Mar 2012 10:35:59 -0500 -Subject: [PATCH 03/18] x86: Lock down IO port access when module security is +Subject: [PATCH 03/16] x86: Lock down IO port access when module security is enabled IO port access would permit users to gain access to PCI configuration diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0004-ACPI-Limit-access-to-custom_method.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0004-ACPI-Limit-access-to-custom_method.patch similarity index 88% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0004-ACPI-Limit-access-to-custom_method.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0004-ACPI-Limit-access-to-custom_method.patch index 6a8e32480c..46ee82a05b 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0004-ACPI-Limit-access-to-custom_method.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0004-ACPI-Limit-access-to-custom_method.patch @@ -1,7 +1,7 @@ -From 6514dc7053261af884ba59e0a6c08a1c091dc9e0 Mon Sep 17 00:00:00 2001 +From 03d7d4e42715c4a314bdc669658065557c3b44c4 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Mar 2012 08:39:37 -0500 -Subject: [PATCH 04/18] ACPI: Limit access to custom_method +Subject: [PATCH 04/16] ACPI: Limit access to custom_method custom_method effectively allows arbitrary access to system memory, making it possible for an attacker to circumvent restrictions on module loading. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch similarity index 79% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch index 762d117787..3f66dacc15 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch @@ -1,7 +1,7 @@ -From 459c4b5751f448645f26292fe780d97d47e84265 Mon Sep 17 00:00:00 2001 +From 914723fe6b4fccc9fb080d52cfc54de04d526e3d Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Mar 2012 08:46:50 -0500 -Subject: [PATCH 05/18] asus-wmi: Restrict debugfs interface when module +Subject: [PATCH 05/16] asus-wmi: Restrict debugfs interface when module loading is restricted We have no way of validating what all of the Asus WMI methods do on a @@ -16,10 +16,10 @@ Signed-off-by: Matthew Garrett 1 file changed, 9 insertions(+) diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c -index ce6ca31..55d2399 100644 +index 43cb680..b5d77af 100644 --- a/drivers/platform/x86/asus-wmi.c +++ b/drivers/platform/x86/asus-wmi.c -@@ -1872,6 +1872,9 @@ static int show_dsts(struct seq_file *m, void *data) +@@ -1898,6 +1898,9 @@ static int show_dsts(struct seq_file *m, void *data) int err; u32 retval = -1; @@ -29,7 +29,7 @@ index ce6ca31..55d2399 100644 err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval); if (err < 0) -@@ -1888,6 +1891,9 @@ static int show_devs(struct seq_file *m, void *data) +@@ -1914,6 +1917,9 @@ static int show_devs(struct seq_file *m, void *data) int err; u32 retval = -1; @@ -39,7 +39,7 @@ index ce6ca31..55d2399 100644 err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param, &retval); -@@ -1912,6 +1918,9 @@ static int show_call(struct seq_file *m, void *data) +@@ -1938,6 +1944,9 @@ static int show_call(struct seq_file *m, void *data) union acpi_object *obj; acpi_status status; diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch similarity index 90% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch index 72625e4c21..e88094d4ea 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch @@ -1,7 +1,7 @@ -From 06dd44588d8aa2f2c4a903b858660d6d6860c22f Mon Sep 17 00:00:00 2001 +From be3c5948ec57189c877afc2af2da91c45569db79 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Mar 2012 09:28:15 -0500 -Subject: [PATCH 06/18] Restrict /dev/mem and /dev/kmem when module loading is +Subject: [PATCH 06/16] Restrict /dev/mem and /dev/kmem when module loading is restricted Allowing users to write to address space makes it possible for the kernel diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch similarity index 72% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch index e4607c10b1..34c9b18e43 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch @@ -1,7 +1,7 @@ -From 904f9519810723da81230c693b60510684990837 Mon Sep 17 00:00:00 2001 +From 8802118d5ab3c81409bb2571f6c45d58fb60cb07 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Mon, 25 Jun 2012 19:57:30 -0400 -Subject: [PATCH 07/18] acpi: Ignore acpi_rsdp kernel parameter when module +Subject: [PATCH 07/16] acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted This option allows userspace to pass the RSDP address to the kernel, which @@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index 416953a..4887e34 100644 +index 57fb5f4..9174461 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -40,6 +40,7 @@ @@ -24,10 +24,10 @@ index 416953a..4887e34 100644 +#include #include - #include -@@ -191,7 +192,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp); - acpi_physical_address __init acpi_os_get_root_pointer(void) - { + #include +@@ -192,7 +193,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void) + acpi_physical_address pa = 0; + #ifdef CONFIG_KEXEC - if (acpi_rsdp) + if (acpi_rsdp && !secure_modules()) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch similarity index 89% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch index d271fe92d3..85f8ce1fc8 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch @@ -1,7 +1,7 @@ -From 97b270a085859d5ada3614b45902c0b75df2be4e Mon Sep 17 00:00:00 2001 +From f1fcf911f8b2fc3e77685122e191a5faa2d90530 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Thu, 19 Nov 2015 18:55:53 -0800 -Subject: [PATCH 08/18] kexec: Disable at runtime if the kernel enforces module +Subject: [PATCH 08/16] kexec: Disable at runtime if the kernel enforces module loading restrictions kexec permits the loading and execution of arbitrary code in ring 0, which diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch similarity index 77% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch index 10ef00a593..51d3bc98f9 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch @@ -1,7 +1,7 @@ -From 43e3113404497c837aa083b43b0a9e08dae73f53 Mon Sep 17 00:00:00 2001 +From 6cdc502e447e28b9aeba39cacad87a1a58573494 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 8 Feb 2013 11:12:13 -0800 -Subject: [PATCH 09/18] x86: Restrict MSR access when module loading is +Subject: [PATCH 09/16] x86: Restrict MSR access when module loading is restricted Writing to MSRs should not be allowed if module loading is restricted, @@ -15,10 +15,10 @@ Signed-off-by: Matthew Garrett 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index 7f3550a..963ba40 100644 +index ef68880..74937d9 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c -@@ -83,6 +83,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, +@@ -84,6 +84,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf, int err = 0; ssize_t bytes = 0; @@ -28,7 +28,7 @@ index 7f3550a..963ba40 100644 if (count % 8) return -EINVAL; /* Invalid chunk size */ -@@ -130,6 +133,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) +@@ -131,6 +134,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) err = -EBADF; break; } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0010-Add-option-to-automatically-enforce-module-signature.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0010-Add-option-to-automatically-enforce-module-signature.patch similarity index 87% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0010-Add-option-to-automatically-enforce-module-signature.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0010-Add-option-to-automatically-enforce-module-signature.patch index 371aec4b05..6af64ccea5 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0010-Add-option-to-automatically-enforce-module-signature.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0010-Add-option-to-automatically-enforce-module-signature.patch @@ -1,7 +1,7 @@ -From 24fd0e7dcfb42abc8999f0bc3b55bdf02324da75 Mon Sep 17 00:00:00 2001 +From 8513cddf6e021327feb0297ae9f3c113dd327620 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Fri, 9 Aug 2013 18:36:30 -0400 -Subject: [PATCH 10/18] Add option to automatically enforce module signatures +Subject: [PATCH 10/16] Add option to automatically enforce module signatures when in Secure Boot mode UEFI Secure Boot provides a mechanism for ensuring that the firmware will @@ -34,10 +34,10 @@ index 95a4d34..b8527c6 100644 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index bada636..882da2b 100644 +index e487493..5be38b4 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1786,6 +1786,16 @@ config EFI_MIXED +@@ -1815,6 +1815,16 @@ config EFI_MIXED If unsure, say N. @@ -55,7 +55,7 @@ index bada636..882da2b 100644 def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index cc69e37..17b3765 100644 +index ff01c8f..3e9e29a 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -12,6 +12,7 @@ @@ -66,8 +66,8 @@ index cc69e37..17b3765 100644 #include "../string.h" #include "eboot.h" -@@ -537,6 +538,36 @@ static void setup_efi_pci(struct boot_params *params) - efi_call_early(free_pool, pci_handle); +@@ -600,6 +601,36 @@ static void setup_quirks(struct boot_params *boot_params) + } } +static int get_secure_boot(void) @@ -103,7 +103,7 @@ index cc69e37..17b3765 100644 static efi_status_t setup_uga32(void **uga_handle, unsigned long size, u32 *width, u32 *height) { -@@ -1094,6 +1125,10 @@ struct boot_params *efi_main(struct efi_config *c, +@@ -1157,6 +1188,10 @@ struct boot_params *efi_main(struct efi_config *c, else setup_boot_services32(efi_early); @@ -115,10 +115,10 @@ index cc69e37..17b3765 100644 setup_efi_pci(boot_params); diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h -index c18ce67..2b3e542 100644 +index b10bf31..5138dac 100644 --- a/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h -@@ -134,7 +134,8 @@ struct boot_params { +@@ -135,7 +135,8 @@ struct boot_params { __u8 eddbuf_entries; /* 0x1e9 */ __u8 edd_mbr_sig_buf_entries; /* 0x1ea */ __u8 kbd_status; /* 0x1eb */ @@ -129,10 +129,10 @@ index c18ce67..2b3e542 100644 * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 9c337b0..f7f369b 100644 +index 4cfba94..7c4295c 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p) +@@ -1184,6 +1184,12 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); @@ -146,7 +146,7 @@ index 9c337b0..f7f369b 100644 * Parse the ACPI tables for possible boot-time SMP configuration. */ diff --git a/include/linux/module.h b/include/linux/module.h -index c8b4ea0..8918ef4 100644 +index da4bd57..25d88bb 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -260,6 +260,12 @@ extern const typeof(name) __mod_##type##__##name##_device_table \ @@ -163,10 +163,10 @@ index c8b4ea0..8918ef4 100644 extern int modules_disabled; /* for sysctl */ diff --git a/kernel/module.c b/kernel/module.c -index 085b720..e0c6216 100644 +index 9a565d5..421ee82 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -4286,6 +4286,13 @@ void module_layout(struct module *mod, +@@ -4300,6 +4300,13 @@ void module_layout(struct module *mod, EXPORT_SYMBOL(module_layout); #endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch similarity index 78% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch index 29338eb48c..54e4f6c424 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch @@ -1,7 +1,7 @@ -From 24e6c471ffdfed1d389c9bd033117e1ca4cbd97b Mon Sep 17 00:00:00 2001 +From 4c58cd43848c62e13421c4f4fa98df540e674fba Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 27 Aug 2013 13:28:43 -0400 -Subject: [PATCH 11/18] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI +Subject: [PATCH 11/16] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI The functionality of the config option is dependent upon the platform being UEFI based. Reflect this in the config deps. @@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 882da2b..d666ef8b 100644 +index 5be38b4..efe6b42 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1787,7 +1787,8 @@ config EFI_MIXED +@@ -1816,7 +1816,8 @@ config EFI_MIXED If unsure, say N. config EFI_SECURE_BOOT_SIG_ENFORCE diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch similarity index 78% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch index 14d3848752..bc3c7a1daa 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch @@ -1,7 +1,7 @@ -From 3891469497a0435fa026dca9fe58dc707d49c197 Mon Sep 17 00:00:00 2001 +From d70536a7ba4cf46392317622faa74d97c3215b5c Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 27 Aug 2013 13:33:03 -0400 -Subject: [PATCH 12/18] efi: Add EFI_SECURE_BOOT bit +Subject: [PATCH 12/16] efi: Add EFI_SECURE_BOOT bit UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit for use with efi_enabled. @@ -13,10 +13,10 @@ Signed-off-by: Josh Boyer 2 files changed, 3 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index f7f369b..60dccc2 100644 +index 7c4295c..c5c88bc 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p) +@@ -1186,7 +1186,9 @@ void __init setup_arch(char **cmdline_p) #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE if (boot_params.secure_boot) { @@ -27,10 +27,10 @@ index f7f369b..60dccc2 100644 #endif diff --git a/include/linux/efi.h b/include/linux/efi.h -index cba7177..0d76705 100644 +index 5b1af30..1b12c29 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -1045,6 +1045,7 @@ extern int __init efi_setup_pcdp_console(char *); +@@ -1065,6 +1065,7 @@ extern int __init efi_setup_pcdp_console(char *); #define EFI_ARCH_1 7 /* First arch-specific bit */ #define EFI_DBG 8 /* Print additional debug info at runtime */ #define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0013-hibernate-Disable-in-a-signed-modules-environment.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0013-hibernate-Disable-in-a-signed-modules-environment.patch similarity index 89% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0013-hibernate-Disable-in-a-signed-modules-environment.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0013-hibernate-Disable-in-a-signed-modules-environment.patch index 2bcb6d151e..45d62d6663 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0013-hibernate-Disable-in-a-signed-modules-environment.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0013-hibernate-Disable-in-a-signed-modules-environment.patch @@ -1,7 +1,7 @@ -From 804784cb138b64f247a1db03d2b43118e4d31e54 Mon Sep 17 00:00:00 2001 +From e9e2b41c3642aa993063c9cac6551590e4c30c35 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Fri, 20 Jun 2014 08:53:24 -0400 -Subject: [PATCH 13/18] hibernate: Disable in a signed modules environment +Subject: [PATCH 13/16] hibernate: Disable in a signed modules environment There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch similarity index 84% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch index 105906a9e0..9756d196b3 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0014-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch @@ -1,7 +1,7 @@ -From 023410cc67fdf43960f44d73121e735aeee3fc35 Mon Sep 17 00:00:00 2001 +From 0e124e61a4387e81e9d80c2df48683d6fa209d4a Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Wed, 25 Nov 2015 02:59:45 -0800 -Subject: [PATCH 14/18] kbuild: derive relative path for KBUILD_SRC from CURDIR +Subject: [PATCH 14/16] kbuild: derive relative path for KBUILD_SRC from CURDIR This enables relocating source and build trees to different roots, provided they stay reachable relative to one another. Useful for @@ -12,7 +12,7 @@ by some undesirable path component. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index c0c41c9..8ab8bd3 100644 +index f1e6a02..18e3450 100644 --- a/Makefile +++ b/Makefile @@ -147,7 +147,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0015-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0015-Add-arm64-coreos-verity-hash.patch similarity index 83% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0015-Add-arm64-coreos-verity-hash.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0015-Add-arm64-coreos-verity-hash.patch index e5167d852d..907414a8c5 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0015-Add-arm64-coreos-verity-hash.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0015-Add-arm64-coreos-verity-hash.patch @@ -1,7 +1,7 @@ -From 888796efad08c03f7868fe02189e02132e925766 Mon Sep 17 00:00:00 2001 +From 27499a2ffb18d13cb0b4ffe67cbccec23ba7b551 Mon Sep 17 00:00:00 2001 From: Geoff Levand Date: Fri, 11 Nov 2016 17:28:52 -0800 -Subject: [PATCH 15/18] Add arm64 coreos verity hash +Subject: [PATCH 15/16] Add arm64 coreos verity hash Signed-off-by: Geoff Levand --- @@ -9,7 +9,7 @@ Signed-off-by: Geoff Levand 1 file changed, 5 insertions(+) diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S -index 332e331..964bae1 100644 +index 4b1abac..a53fa57 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -195,6 +195,11 @@ section_table: diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch similarity index 90% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch index 276cb1594c..e9aa8ab27b 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.10/z0016-selinux-allow-context-mounts-on-tmpfs-ramfs-devpts-w.patch @@ -1,7 +1,7 @@ -From 648e8f090f90f19237cfa70c047419341de49417 Mon Sep 17 00:00:00 2001 +From c67b19ff423d5d94e7b69dc82e09f12446bf5888 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Mon, 9 Jan 2017 10:07:31 -0500 -Subject: [PATCH 16/18] selinux: allow context mounts on tmpfs, ramfs, devpts +Subject: [PATCH 16/16] selinux: allow context mounts on tmpfs, ramfs, devpts within user namespaces commit aad82892af261b9903cc11c55be3ecf5f0b0b4f8 ("selinux: Add support for @@ -31,10 +31,10 @@ Signed-off-by: Paul Moore 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 09fd610..7f4387f 100644 +index d98550a..fbf2d6d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c -@@ -832,10 +832,14 @@ static int selinux_set_mnt_opts(struct super_block *sb, +@@ -833,10 +833,14 @@ static int selinux_set_mnt_opts(struct super_block *sb, } /* diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0017-perf-x86-intel-rapl-Make-package-handling-more-robus.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0017-perf-x86-intel-rapl-Make-package-handling-more-robus.patch deleted file mode 100644 index 3f017eda23..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0017-perf-x86-intel-rapl-Make-package-handling-more-robus.patch +++ /dev/null @@ -1,179 +0,0 @@ -From 463b9d55d967de5900c5097bc99c34f4207a85a9 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner -Date: Tue, 31 Jan 2017 23:58:38 +0100 -Subject: [PATCH 17/18] perf/x86/intel/rapl: Make package handling more robust - -The package management code in RAPL relies on package mapping being -available before a CPU is started. This changed with: - - 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust") - -because the ACPI/BIOS information turned out to be unreliable, but that -left RAPL in broken state. This was not noticed because on a regular boot -all CPUs are online before RAPL is initialized. - -A possible fix would be to reintroduce the mess which allocates a package -data structure in CPU prepare and when it turns out to already exist in -starting throw it away later in the CPU online callback. But that's a -horrible hack and not required at all because RAPL becomes functional for -perf only in the CPU online callback. That's correct because user space is -not yet informed about the CPU being onlined, so nothing caan rely on RAPL -being available on that particular CPU. - -Move the allocation to the CPU online callback and simplify the hotplug -handling. At this point the package mapping is established and correct. - -This also adds a missing check for available package data in the -event_init() function. - -Reported-by: Yasuaki Ishimatsu -Signed-off-by: Thomas Gleixner -Cc: Alexander Shishkin -Cc: Arnaldo Carvalho de Melo -Cc: Jiri Olsa -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Sebastian Siewior -Cc: Stephane Eranian -Cc: Vince Weaver -Fixes: 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust") -Link: http://lkml.kernel.org/r/20170131230141.212593966@linutronix.de -Signed-off-by: Ingo Molnar ---- - arch/x86/events/intel/rapl.c | 60 +++++++++++++++++++------------------------- - include/linux/cpuhotplug.h | 1 - - 2 files changed, 26 insertions(+), 35 deletions(-) - -diff --git a/arch/x86/events/intel/rapl.c b/arch/x86/events/intel/rapl.c -index 0a535ce..1dba3c2 100644 ---- a/arch/x86/events/intel/rapl.c -+++ b/arch/x86/events/intel/rapl.c -@@ -161,7 +161,13 @@ static u64 rapl_timer_ms; - - static inline struct rapl_pmu *cpu_to_rapl_pmu(unsigned int cpu) - { -- return rapl_pmus->pmus[topology_logical_package_id(cpu)]; -+ unsigned int pkgid = topology_logical_package_id(cpu); -+ -+ /* -+ * The unsigned check also catches the '-1' return value for non -+ * existent mappings in the topology map. -+ */ -+ return pkgid < rapl_pmus->maxpkg ? rapl_pmus->pmus[pkgid] : NULL; - } - - static inline u64 rapl_read_counter(struct perf_event *event) -@@ -402,6 +408,8 @@ static int rapl_pmu_event_init(struct perf_event *event) - - /* must be done before validate_group */ - pmu = cpu_to_rapl_pmu(event->cpu); -+ if (!pmu) -+ return -EINVAL; - event->cpu = pmu->cpu; - event->pmu_private = pmu; - event->hw.event_base = msr; -@@ -585,6 +593,20 @@ static int rapl_cpu_online(unsigned int cpu) - struct rapl_pmu *pmu = cpu_to_rapl_pmu(cpu); - int target; - -+ if (!pmu) { -+ pmu = kzalloc_node(sizeof(*pmu), GFP_KERNEL, cpu_to_node(cpu)); -+ if (!pmu) -+ return -ENOMEM; -+ -+ raw_spin_lock_init(&pmu->lock); -+ INIT_LIST_HEAD(&pmu->active_list); -+ pmu->pmu = &rapl_pmus->pmu; -+ pmu->timer_interval = ms_to_ktime(rapl_timer_ms); -+ rapl_hrtimer_init(pmu); -+ -+ rapl_pmus->pmus[topology_logical_package_id(cpu)] = pmu; -+ } -+ - /* - * Check if there is an online cpu in the package which collects rapl - * events already. -@@ -598,27 +620,6 @@ static int rapl_cpu_online(unsigned int cpu) - return 0; - } - --static int rapl_cpu_prepare(unsigned int cpu) --{ -- struct rapl_pmu *pmu = cpu_to_rapl_pmu(cpu); -- -- if (pmu) -- return 0; -- -- pmu = kzalloc_node(sizeof(*pmu), GFP_KERNEL, cpu_to_node(cpu)); -- if (!pmu) -- return -ENOMEM; -- -- raw_spin_lock_init(&pmu->lock); -- INIT_LIST_HEAD(&pmu->active_list); -- pmu->pmu = &rapl_pmus->pmu; -- pmu->timer_interval = ms_to_ktime(rapl_timer_ms); -- pmu->cpu = -1; -- rapl_hrtimer_init(pmu); -- rapl_pmus->pmus[topology_logical_package_id(cpu)] = pmu; -- return 0; --} -- - static int rapl_check_hw_unit(bool apply_quirk) - { - u64 msr_rapl_power_unit_bits; -@@ -802,29 +803,21 @@ static int __init rapl_pmu_init(void) - /* - * Install callbacks. Core will call them for each online cpu. - */ -- -- ret = cpuhp_setup_state(CPUHP_PERF_X86_RAPL_PREP, "PERF_X86_RAPL_PREP", -- rapl_cpu_prepare, NULL); -- if (ret) -- goto out; -- - ret = cpuhp_setup_state(CPUHP_AP_PERF_X86_RAPL_ONLINE, - "AP_PERF_X86_RAPL_ONLINE", - rapl_cpu_online, rapl_cpu_offline); - if (ret) -- goto out1; -+ goto out; - - ret = perf_pmu_register(&rapl_pmus->pmu, "power", -1); - if (ret) -- goto out2; -+ goto out1; - - rapl_advertise(); - return 0; - --out2: -- cpuhp_remove_state(CPUHP_AP_PERF_X86_RAPL_ONLINE); - out1: -- cpuhp_remove_state(CPUHP_PERF_X86_RAPL_PREP); -+ cpuhp_remove_state(CPUHP_AP_PERF_X86_RAPL_ONLINE); - out: - pr_warn("Initialization failed (%d), disabled\n", ret); - cleanup_rapl_pmus(); -@@ -835,7 +828,6 @@ module_init(rapl_pmu_init); - static void __exit intel_rapl_exit(void) - { - cpuhp_remove_state_nocalls(CPUHP_AP_PERF_X86_RAPL_ONLINE); -- cpuhp_remove_state_nocalls(CPUHP_PERF_X86_RAPL_PREP); - perf_pmu_unregister(&rapl_pmus->pmu); - cleanup_rapl_pmus(); - } -diff --git a/include/linux/cpuhotplug.h b/include/linux/cpuhotplug.h -index ba1cad7..965cc56 100644 ---- a/include/linux/cpuhotplug.h -+++ b/include/linux/cpuhotplug.h -@@ -10,7 +10,6 @@ enum cpuhp_state { - CPUHP_PERF_X86_PREPARE, - CPUHP_PERF_X86_UNCORE_PREP, - CPUHP_PERF_X86_AMD_UNCORE_PREP, -- CPUHP_PERF_X86_RAPL_PREP, - CPUHP_PERF_BFIN, - CPUHP_PERF_POWER, - CPUHP_PERF_SUPERH, --- -2.9.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0018-perf-x86-intel-uncore-Make-package-handling-more-rob.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0018-perf-x86-intel-uncore-Make-package-handling-more-rob.patch deleted file mode 100644 index fb88026ffb..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.9/z0018-perf-x86-intel-uncore-Make-package-handling-more-rob.patch +++ /dev/null @@ -1,309 +0,0 @@ -From c768c2f2907728b8ce5c43718221afcd1353da8b Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner -Date: Tue, 31 Jan 2017 23:58:40 +0100 -Subject: [PATCH 18/18] perf/x86/intel/uncore: Make package handling more - robust - -The package management code in uncore relies on package mapping being -available before a CPU is started. This changed with: - - 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust") - -because the ACPI/BIOS information turned out to be unreliable, but that -left uncore in broken state. This was not noticed because on a regular boot -all CPUs are online before uncore is initialized. - -Move the allocation to the CPU online callback and simplify the hotplug -handling. At this point the package mapping is established and correct. - -Signed-off-by: Thomas Gleixner -Cc: Alexander Shishkin -Cc: Arnaldo Carvalho de Melo -Cc: Jiri Olsa -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Sebastian Siewior -Cc: Stephane Eranian -Cc: Vince Weaver -Cc: Yasuaki Ishimatsu -Fixes: 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust") -Link: http://lkml.kernel.org/r/20170131230141.377156255@linutronix.de -Signed-off-by: Ingo Molnar ---- - arch/x86/events/intel/uncore.c | 196 +++++++++++++++++++---------------------- - include/linux/cpuhotplug.h | 2 - - 2 files changed, 91 insertions(+), 107 deletions(-) - -diff --git a/arch/x86/events/intel/uncore.c b/arch/x86/events/intel/uncore.c -index 19d646a..f2d760d 100644 ---- a/arch/x86/events/intel/uncore.c -+++ b/arch/x86/events/intel/uncore.c -@@ -100,7 +100,13 @@ ssize_t uncore_event_show(struct kobject *kobj, - - struct intel_uncore_box *uncore_pmu_to_box(struct intel_uncore_pmu *pmu, int cpu) - { -- return pmu->boxes[topology_logical_package_id(cpu)]; -+ unsigned int pkgid = topology_logical_package_id(cpu); -+ -+ /* -+ * The unsigned check also catches the '-1' return value for non -+ * existent mappings in the topology map. -+ */ -+ return pkgid < max_packages ? pmu->boxes[pkgid] : NULL; - } - - u64 uncore_msr_read_counter(struct intel_uncore_box *box, struct perf_event *event) -@@ -1033,76 +1039,6 @@ static void uncore_pci_exit(void) - } - } - --static int uncore_cpu_dying(unsigned int cpu) --{ -- struct intel_uncore_type *type, **types = uncore_msr_uncores; -- struct intel_uncore_pmu *pmu; -- struct intel_uncore_box *box; -- int i, pkg; -- -- pkg = topology_logical_package_id(cpu); -- for (; *types; types++) { -- type = *types; -- pmu = type->pmus; -- for (i = 0; i < type->num_boxes; i++, pmu++) { -- box = pmu->boxes[pkg]; -- if (box && atomic_dec_return(&box->refcnt) == 0) -- uncore_box_exit(box); -- } -- } -- return 0; --} -- --static int uncore_cpu_starting(unsigned int cpu) --{ -- struct intel_uncore_type *type, **types = uncore_msr_uncores; -- struct intel_uncore_pmu *pmu; -- struct intel_uncore_box *box; -- int i, pkg; -- -- pkg = topology_logical_package_id(cpu); -- for (; *types; types++) { -- type = *types; -- pmu = type->pmus; -- for (i = 0; i < type->num_boxes; i++, pmu++) { -- box = pmu->boxes[pkg]; -- if (!box) -- continue; -- /* The first cpu on a package activates the box */ -- if (atomic_inc_return(&box->refcnt) == 1) -- uncore_box_init(box); -- } -- } -- -- return 0; --} -- --static int uncore_cpu_prepare(unsigned int cpu) --{ -- struct intel_uncore_type *type, **types = uncore_msr_uncores; -- struct intel_uncore_pmu *pmu; -- struct intel_uncore_box *box; -- int i, pkg; -- -- pkg = topology_logical_package_id(cpu); -- for (; *types; types++) { -- type = *types; -- pmu = type->pmus; -- for (i = 0; i < type->num_boxes; i++, pmu++) { -- if (pmu->boxes[pkg]) -- continue; -- /* First cpu of a package allocates the box */ -- box = uncore_alloc_box(type, cpu_to_node(cpu)); -- if (!box) -- return -ENOMEM; -- box->pmu = pmu; -- box->pkgid = pkg; -- pmu->boxes[pkg] = box; -- } -- } -- return 0; --} -- - static void uncore_change_type_ctx(struct intel_uncore_type *type, int old_cpu, - int new_cpu) - { -@@ -1142,12 +1078,14 @@ static void uncore_change_context(struct intel_uncore_type **uncores, - - static int uncore_event_cpu_offline(unsigned int cpu) - { -- int target; -+ struct intel_uncore_type *type, **types = uncore_msr_uncores; -+ struct intel_uncore_pmu *pmu; -+ struct intel_uncore_box *box; -+ int i, pkg, target; - - /* Check if exiting cpu is used for collecting uncore events */ - if (!cpumask_test_and_clear_cpu(cpu, &uncore_cpu_mask)) -- return 0; -- -+ goto unref; - /* Find a new cpu to collect uncore events */ - target = cpumask_any_but(topology_core_cpumask(cpu), cpu); - -@@ -1159,12 +1097,82 @@ static int uncore_event_cpu_offline(unsigned int cpu) - - uncore_change_context(uncore_msr_uncores, cpu, target); - uncore_change_context(uncore_pci_uncores, cpu, target); -+ -+unref: -+ /* Clear the references */ -+ pkg = topology_logical_package_id(cpu); -+ for (; *types; types++) { -+ type = *types; -+ pmu = type->pmus; -+ for (i = 0; i < type->num_boxes; i++, pmu++) { -+ box = pmu->boxes[pkg]; -+ if (box && atomic_dec_return(&box->refcnt) == 0) -+ uncore_box_exit(box); -+ } -+ } - return 0; - } - -+static int allocate_boxes(struct intel_uncore_type **types, -+ unsigned int pkg, unsigned int cpu) -+{ -+ struct intel_uncore_box *box, *tmp; -+ struct intel_uncore_type *type; -+ struct intel_uncore_pmu *pmu; -+ LIST_HEAD(allocated); -+ int i; -+ -+ /* Try to allocate all required boxes */ -+ for (; *types; types++) { -+ type = *types; -+ pmu = type->pmus; -+ for (i = 0; i < type->num_boxes; i++, pmu++) { -+ if (pmu->boxes[pkg]) -+ continue; -+ box = uncore_alloc_box(type, cpu_to_node(cpu)); -+ if (!box) -+ goto cleanup; -+ box->pmu = pmu; -+ box->pkgid = pkg; -+ list_add(&box->active_list, &allocated); -+ } -+ } -+ /* Install them in the pmus */ -+ list_for_each_entry_safe(box, tmp, &allocated, active_list) { -+ list_del_init(&box->active_list); -+ box->pmu->boxes[pkg] = box; -+ } -+ return 0; -+ -+cleanup: -+ list_for_each_entry_safe(box, tmp, &allocated, active_list) { -+ list_del_init(&box->active_list); -+ kfree(box); -+ } -+ return -ENOMEM; -+} -+ - static int uncore_event_cpu_online(unsigned int cpu) - { -- int target; -+ struct intel_uncore_type *type, **types = uncore_msr_uncores; -+ struct intel_uncore_pmu *pmu; -+ struct intel_uncore_box *box; -+ int i, ret, pkg, target; -+ -+ pkg = topology_logical_package_id(cpu); -+ ret = allocate_boxes(types, pkg, cpu); -+ if (ret) -+ return ret; -+ -+ for (; *types; types++) { -+ type = *types; -+ pmu = type->pmus; -+ for (i = 0; i < type->num_boxes; i++, pmu++) { -+ box = pmu->boxes[pkg]; -+ if (!box && atomic_inc_return(&box->refcnt) == 1) -+ uncore_box_init(box); -+ } -+ } - - /* - * Check if there is an online cpu in the package -@@ -1354,33 +1362,13 @@ static int __init intel_uncore_init(void) - if (cret && pret) - return -ENODEV; - -- /* -- * Install callbacks. Core will call them for each online cpu. -- * -- * The first online cpu of each package allocates and takes -- * the refcounts for all other online cpus in that package. -- * If msrs are not enabled no allocation is required and -- * uncore_cpu_prepare() is not called for each online cpu. -- */ -- if (!cret) { -- ret = cpuhp_setup_state(CPUHP_PERF_X86_UNCORE_PREP, -- "PERF_X86_UNCORE_PREP", -- uncore_cpu_prepare, NULL); -- if (ret) -- goto err; -- } else { -- cpuhp_setup_state_nocalls(CPUHP_PERF_X86_UNCORE_PREP, -- "PERF_X86_UNCORE_PREP", -- uncore_cpu_prepare, NULL); -- } -- -- cpuhp_setup_state(CPUHP_AP_PERF_X86_UNCORE_STARTING, -- "AP_PERF_X86_UNCORE_STARTING", -- uncore_cpu_starting, uncore_cpu_dying); -- -- cpuhp_setup_state(CPUHP_AP_PERF_X86_UNCORE_ONLINE, -- "AP_PERF_X86_UNCORE_ONLINE", -- uncore_event_cpu_online, uncore_event_cpu_offline); -+ /* Install hotplug callbacks to setup the targets for each package */ -+ ret = cpuhp_setup_state(CPUHP_AP_PERF_X86_UNCORE_ONLINE, -+ "AP_PERF_X86_UNCORE_ONLINE", -+ uncore_event_cpu_online, -+ uncore_event_cpu_offline); -+ if (ret) -+ goto err; - return 0; - - err: -@@ -1392,9 +1380,7 @@ module_init(intel_uncore_init); - - static void __exit intel_uncore_exit(void) - { -- cpuhp_remove_state_nocalls(CPUHP_AP_PERF_X86_UNCORE_ONLINE); -- cpuhp_remove_state_nocalls(CPUHP_AP_PERF_X86_UNCORE_STARTING); -- cpuhp_remove_state_nocalls(CPUHP_PERF_X86_UNCORE_PREP); -+ cpuhp_remove_state(CPUHP_AP_PERF_X86_UNCORE_ONLINE); - uncore_types_exit(uncore_msr_uncores); - uncore_pci_exit(); - } -diff --git a/include/linux/cpuhotplug.h b/include/linux/cpuhotplug.h -index 965cc56..ce83119 100644 ---- a/include/linux/cpuhotplug.h -+++ b/include/linux/cpuhotplug.h -@@ -8,7 +8,6 @@ enum cpuhp_state { - CPUHP_CREATE_THREADS, - CPUHP_PERF_PREPARE, - CPUHP_PERF_X86_PREPARE, -- CPUHP_PERF_X86_UNCORE_PREP, - CPUHP_PERF_X86_AMD_UNCORE_PREP, - CPUHP_PERF_BFIN, - CPUHP_PERF_POWER, -@@ -63,7 +62,6 @@ enum cpuhp_state { - CPUHP_AP_IRQ_ARMADA_CASC_STARTING, - CPUHP_AP_IRQ_BCM2836_STARTING, - CPUHP_AP_ARM_MVEBU_COHERENCY, -- CPUHP_AP_PERF_X86_UNCORE_STARTING, - CPUHP_AP_PERF_X86_AMD_UNCORE_STARTING, - CPUHP_AP_PERF_X86_STARTING, - CPUHP_AP_PERF_X86_AMD_IBS_STARTING, --- -2.9.3 -