mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-22 06:51:26 +02:00
Merge pull request #2730 from bgilbert/4.13-rc6
sys-kernel/coreos-*: bump to 4.13-rc6
This commit is contained in:
Benjamin Gilbert
GitHub
commit
d54fd8941f
@ -8,7 +8,7 @@
|
||||
: ${COREOS_SOURCE_REVISION:=}
|
||||
|
||||
COREOS_SOURCE_VERSION="${PV}${COREOS_SOURCE_REVISION}"
|
||||
COREOS_SOURCE_NAME="linux-${PV}-coreos${COREOS_SOURCE_REVISION}"
|
||||
COREOS_SOURCE_NAME="linux-${PV/_rc/-rc}-coreos${COREOS_SOURCE_REVISION}"
|
||||
|
||||
[[ ${EAPI} != "5" ]] && die "Only EAPI=5 is supported"
|
||||
|
||||
@ -40,11 +40,12 @@ KERNEL_DIR="${SYSROOT}/usr/src/${COREOS_SOURCE_NAME}"
|
||||
# - amd64_defconfig-3.12.4
|
||||
# - amd64_defconfig-3.12
|
||||
# - amd64_defconfig
|
||||
# and similarly for _rcN releases.
|
||||
# The first matching config is used, die otherwise.
|
||||
find_config() {
|
||||
local base_path="${FILESDIR}/${1}"
|
||||
local try_suffix try_path
|
||||
for try_suffix in "-${PVR}" "-${PV}" "-${PV%.*}" ""; do
|
||||
for try_suffix in "-${PVR}" "-${PV}" "-${PV%[._]*}" ""; do
|
||||
try_path="${base_path}${try_suffix}"
|
||||
if [[ -f "${try_path}" ]]; then
|
||||
echo "${try_path}"
|
||||
|
||||
@ -146,6 +146,7 @@ CONFIG_IRQ_REMAP=y
|
||||
CONFIG_DELL_RBU=m
|
||||
CONFIG_DCDBAS=m
|
||||
CONFIG_DEBUG_STACKOVERFLOW=y
|
||||
CONFIG_HARDLOCKUP_DETECTOR=y
|
||||
CONFIG_BOOTPARAM_HARDLOCKUP_PANIC=y
|
||||
CONFIG_SCHED_TRACER=y
|
||||
CONFIG_FTRACE_SYSCALLS=y
|
||||
@ -828,7 +828,6 @@ CONFIG_CIFS_XATTR=y
|
||||
CONFIG_CIFS_POSIX=y
|
||||
CONFIG_CIFS_ACL=y
|
||||
CONFIG_CIFS_DFS_UPCALL=y
|
||||
CONFIG_CIFS_SMB2=y
|
||||
CONFIG_CIFS_FSCACHE=y
|
||||
CONFIG_NET_9P=m
|
||||
# CONFIG_NET_9P_DEBUG is not set
|
||||
@ -848,7 +847,7 @@ CONFIG_DEBUG_INFO=y
|
||||
CONFIG_STRIP_ASM_SYMS=y
|
||||
CONFIG_MAGIC_SYSRQ=y
|
||||
CONFIG_DEBUG_SHIRQ=y
|
||||
CONFIG_LOCKUP_DETECTOR=y
|
||||
CONFIG_SOFTLOCKUP_DETECTOR=y
|
||||
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC=y
|
||||
CONFIG_PANIC_ON_OOPS=y
|
||||
CONFIG_PANIC_TIMEOUT=60
|
||||
@ -1,2 +1,2 @@
|
||||
DIST linux-4.12.tar.xz 99186576 SHA256 a45c3becd4d08ce411c14628a949d08e2433d8cdeca92036c7013980e93858ab SHA512 8e81b41b253e63233e92948941f44c6482acb52aa3a3fd172f03a38a86f2c35b2ad4fd407acd1bc3964673eba344fe104d3a03e3ff4bf9cd1f22bd44263bd728 WHIRLPOOL 3b97da251c2ba4ace4a27b708f2b1dcf94cb1b59aaeded6acb74bd98f0d3e33f1df83670665e4186d99a55daa84c88d539d93e20f0ff18a6d46ef326c48dd375
|
||||
DIST patch-4.12.8.xz 161064 SHA256 32b860911a3bafd5cd5bc813a427c90fad6eafdf607fa64e1b763b16ab605636 SHA512 44e2417fe1379977b4891f74b227c2c6d6588f3726b598ad8c8a52ecaea32f56cf222b877230fc87c043583a6f230f3044fe3c9b293c67699e1743c0161004cf WHIRLPOOL e9c6493b4c9743b031bdd0c49ab06057a6c4ba25812955189508a48be08c2b4836e999c2b7662ae049ccc8de41c3d639fe51841e3d1eaa23fda1dce5872c01cf
|
||||
DIST patch-4.13-rc6.patch 71739562 SHA256 0124dc320611f86dfa2eabef86c494ce3eb2a8f2b241907f8ff0f059de82d41a SHA512 8ae76a5e1eb78ea8688d3736e59dd2b4279de629f2acd653b46c328d13419d34e4b2b55c01f001701e4539127cbfc264c4bb83134d3ae28a4100e1715429ba9a WHIRLPOOL 68d09102a5af7ddabc2aaf72ec64e34f2b4d63f368fe46383449fbce1eff78705a7c4b7474982647ecbf34f2ee8bca9fb90c44254dc45bb0217b7b259ce99597
|
||||
|
||||
@ -3,18 +3,29 @@
|
||||
|
||||
EAPI="5"
|
||||
ETYPE="sources"
|
||||
|
||||
# -rc releases should be versioned L.M_rcN
|
||||
# Final releases should be versioned L.M.N, even for n == 0
|
||||
|
||||
# Only needed for RCs
|
||||
K_BASE_VER="4.12"
|
||||
|
||||
inherit kernel-2
|
||||
detect_version
|
||||
|
||||
DESCRIPTION="Full sources for the CoreOS Linux kernel"
|
||||
HOMEPAGE="http://www.kernel.org"
|
||||
if [[ "${PV%%_rc*}" != "${PV}" ]]; then
|
||||
SRC_URI="https://git.kernel.org/torvalds/p/v${KV%-coreos}/v${OKV} -> patch-${KV%-coreos}.patch ${KERNEL_BASE_URI}/linux-${OKV}.tar.xz"
|
||||
PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_PATCH}"
|
||||
else
|
||||
SRC_URI="${KERNEL_URI}"
|
||||
PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_MINOR}"
|
||||
fi
|
||||
|
||||
KEYWORDS="amd64 arm64"
|
||||
IUSE=""
|
||||
|
||||
PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_MINOR}"
|
||||
|
||||
# XXX: Note we must prefix the patch filenames with "z" to ensure they are
|
||||
# applied _after_ a potential patch-${KV}.patch file, present when building a
|
||||
# patchlevel revision. We mustn't apply our patches first, it fails when the
|
||||
@ -1,4 +1,4 @@
|
||||
From 4e2f9eda0169ec4c6eac1499aeca816ed13fb22d Mon Sep 17 00:00:00 2001
|
||||
From 481a43ba6c1a3987ab96b55cd5834ea1bfd32d61 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Mon, 21 Nov 2016 23:55:55 +0000
|
||||
Subject: [PATCH 01/24] efi: Add EFI_SECURE_BOOT bit
|
||||
@ -18,7 +18,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
2 files changed, 2 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 36646f19d40b..87ef54e64842 100644
|
||||
index 3486d0498800..319995f58345 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -1190,6 +1190,7 @@ void __init setup_arch(char **cmdline_p)
|
||||
@ -30,10 +30,10 @@ index 36646f19d40b..87ef54e64842 100644
|
||||
break;
|
||||
default:
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index ec36f42a2add..381b3f6670d3 100644
|
||||
index 8269bcb8ccf7..7952dd3ffa73 100644
|
||||
--- a/include/linux/efi.h
|
||||
+++ b/include/linux/efi.h
|
||||
@@ -1069,6 +1069,7 @@ extern int __init efi_setup_pcdp_console(char *);
|
||||
@@ -1081,6 +1081,7 @@ extern int __init efi_setup_pcdp_console(char *);
|
||||
#define EFI_DBG 8 /* Print additional debug info at runtime */
|
||||
#define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */
|
||||
#define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
|
||||
@ -1,4 +1,4 @@
|
||||
From 2501f1d32a7739cc573f78dc1bfd84b8b698a9f7 Mon Sep 17 00:00:00 2001
|
||||
From 54c7d80dbd0228bf36fa0bc6b89347d98f033270 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 21 Nov 2016 23:36:17 +0000
|
||||
Subject: [PATCH 02/24] Add the ability to lock down access to the running
|
||||
@ -21,10 +21,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
create mode 100644 security/lock_down.c
|
||||
|
||||
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
|
||||
index 13bc08aba704..282a1684d6e8 100644
|
||||
index bd6d96cf80b1..65692c80aa1a 100644
|
||||
--- a/include/linux/kernel.h
|
||||
+++ b/include/linux/kernel.h
|
||||
@@ -276,6 +276,15 @@ extern int oops_may_print(void);
|
||||
@@ -277,6 +277,15 @@ extern int oops_may_print(void);
|
||||
void do_exit(long error_code) __noreturn;
|
||||
void complete_and_exit(struct completion *, long) __noreturn;
|
||||
|
||||
@ -41,10 +41,10 @@ index 13bc08aba704..282a1684d6e8 100644
|
||||
int __must_check _kstrtoul(const char *s, unsigned int base, unsigned long *res);
|
||||
int __must_check _kstrtol(const char *s, unsigned int base, long *res);
|
||||
diff --git a/include/linux/security.h b/include/linux/security.h
|
||||
index af675b576645..68bab18ddd57 100644
|
||||
index b6ea1dc9cc9d..834b355fa298 100644
|
||||
--- a/include/linux/security.h
|
||||
+++ b/include/linux/security.h
|
||||
@@ -1698,5 +1698,16 @@ static inline void free_secdata(void *secdata)
|
||||
@@ -1764,5 +1764,16 @@ static inline void free_secdata(void *secdata)
|
||||
{ }
|
||||
#endif /* CONFIG_SECURITY */
|
||||
|
||||
@ -62,10 +62,10 @@ index af675b576645..68bab18ddd57 100644
|
||||
#endif /* ! __LINUX_SECURITY_H */
|
||||
|
||||
diff --git a/security/Kconfig b/security/Kconfig
|
||||
index 93027fdf47d1..4baac4aab277 100644
|
||||
index e8e449444e65..1a84ed33c09a 100644
|
||||
--- a/security/Kconfig
|
||||
+++ b/security/Kconfig
|
||||
@@ -189,6 +189,21 @@ config STATIC_USERMODEHELPER_PATH
|
||||
@@ -205,6 +205,21 @@ config STATIC_USERMODEHELPER_PATH
|
||||
If you wish for all usermode helper programs to be disabled,
|
||||
specify an empty string here (i.e. "").
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
From 658a0724dcd6f78a873dde6529d173a14912cfa4 Mon Sep 17 00:00:00 2001
|
||||
From cfed0982c1ec30cf155173ae53324cea75efb7ee Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Mon, 21 Nov 2016 23:55:55 +0000
|
||||
Subject: [PATCH 03/24] efi: Lock down the kernel if booted in secure boot mode
|
||||
@ -16,10 +16,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
2 files changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
||||
index 0efb4c9497bc..4d1c53bb8411 100644
|
||||
index 323cb065be5e..8e41d54d6498 100644
|
||||
--- a/arch/x86/Kconfig
|
||||
+++ b/arch/x86/Kconfig
|
||||
@@ -1827,6 +1827,18 @@ config EFI_MIXED
|
||||
@@ -1836,6 +1836,18 @@ config EFI_MIXED
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
@ -39,7 +39,7 @@ index 0efb4c9497bc..4d1c53bb8411 100644
|
||||
def_bool y
|
||||
prompt "Enable seccomp to safely compute untrusted bytecode"
|
||||
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
|
||||
index 87ef54e64842..4c4d758d4be1 100644
|
||||
index 319995f58345..d0128aef43ce 100644
|
||||
--- a/arch/x86/kernel/setup.c
|
||||
+++ b/arch/x86/kernel/setup.c
|
||||
@@ -69,6 +69,7 @@
|
||||
@ -1,4 +1,4 @@
|
||||
From c24c03a43f605a9a2eebd6c3127233e1e6a11f47 Mon Sep 17 00:00:00 2001
|
||||
From a9896875729d63cf1b5467350e377c88045eb5d7 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Wed, 23 Nov 2016 13:22:22 +0000
|
||||
Subject: [PATCH 04/24] Enforce module signatures if the kernel is locked down
|
||||
@ -12,10 +12,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index 4a3665f8f837..3f1de34c6d10 100644
|
||||
index 40f983cbea81..e5b878b26906 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -2777,7 +2777,7 @@ static int module_sig_check(struct load_info *info, int flags)
|
||||
@@ -2781,7 +2781,7 @@ static int module_sig_check(struct load_info *info, int flags)
|
||||
}
|
||||
|
||||
/* Not having a signature is only an error if we're strict. */
|
||||
@ -1,4 +1,4 @@
|
||||
From bf0386cef0f2d98d50633f58f74d35be5d443857 Mon Sep 17 00:00:00 2001
|
||||
From d7e88bdd95b2dae73d4b637f0c9f8f0db66b08c9 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 05/24] Restrict /dev/mem and /dev/kmem when the kernel is
|
||||
@ -1,4 +1,4 @@
|
||||
From 9da0efbc7e61210ad676ed61192c6ca90c09d4a1 Mon Sep 17 00:00:00 2001
|
||||
From c28baf4af445d7469f8cda3b927cf8f3af6cd356 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 06/24] kexec: Disable at runtime if the kernel is locked down
|
||||
@ -17,10 +17,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||
index 980936a90ee6..46de8e6b42f4 100644
|
||||
index e62ec4dc6620..37f75d0b75de 100644
|
||||
--- a/kernel/kexec.c
|
||||
+++ b/kernel/kexec.c
|
||||
@@ -194,6 +194,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
@@ -202,6 +202,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||
return -EPERM;
|
||||
|
||||
/*
|
||||
@ -1,4 +1,4 @@
|
||||
From fc8d8b030d2ca4bf45ff0773ecd22fb889ef7bd3 Mon Sep 17 00:00:00 2001
|
||||
From 575526722acc8ff5d5cbe476b65fa8fa376c3e62 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Young <dyoung@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 07/24] Copy secure_boot flag in boot params across kexec
|
||||
@ -22,7 +22,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
|
||||
index 9d7fd5e6689a..7e6f00ae8322 100644
|
||||
index fb095ba0c02f..7d0fac5bcbbe 100644
|
||||
--- a/arch/x86/kernel/kexec-bzimage64.c
|
||||
+++ b/arch/x86/kernel/kexec-bzimage64.c
|
||||
@@ -179,6 +179,7 @@ setup_efi_state(struct boot_params *params, unsigned long params_load_addr,
|
||||
@ -1,4 +1,4 @@
|
||||
From 4278fb032961f619a8d9605efc98fe88b43f68c8 Mon Sep 17 00:00:00 2001
|
||||
From ff42bf8fbde161f5f56410bee078313016fe9d84 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
|
||||
Date: Wed, 23 Nov 2016 13:49:19 +0000
|
||||
Subject: [PATCH 08/24] kexec_file: Disable at runtime if securelevel has been
|
||||
@ -18,10 +18,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
|
||||
index b118735fea9d..f6937eecd1eb 100644
|
||||
index 9f48f4412297..7da87007c202 100644
|
||||
--- a/kernel/kexec_file.c
|
||||
+++ b/kernel/kexec_file.c
|
||||
@@ -268,6 +268,12 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
|
||||
@@ -255,6 +255,12 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
|
||||
if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
|
||||
return -EPERM;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
From eb3bd4fc83774bb5f0a8b95c273fac07a912dcc5 Mon Sep 17 00:00:00 2001
|
||||
From 5bc506ab5a4bcba529f2f4461478f57990029255 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 09/24] hibernate: Disable when the kernel is locked down
|
||||
@ -15,7 +15,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
|
||||
index a8b978c35a6a..50cca5dcb62f 100644
|
||||
index e1914c7b85b1..7859ba79e181 100644
|
||||
--- a/kernel/power/hibernate.c
|
||||
+++ b/kernel/power/hibernate.c
|
||||
@@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
|
||||
@ -1,4 +1,4 @@
|
||||
From 5e24aa7d6d87d9579604d9fb9b0a423748e6e879 Mon Sep 17 00:00:00 2001
|
||||
From 3c85a22ee69a084fd61b7ab16c49e25cfb351bfb Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <mjg59@srcf.ucam.org>
|
||||
Date: Wed, 23 Nov 2016 13:28:17 +0000
|
||||
Subject: [PATCH 10/24] uswsusp: Disable when the kernel is locked down
|
||||
@ -1,4 +1,4 @@
|
||||
From f2972226aac2cfcdaa79a2814ec2d6dc76898dcd Mon Sep 17 00:00:00 2001
|
||||
From c065d3f63e6d2a328cc072471309da1bece1c159 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:15 +0000
|
||||
Subject: [PATCH 11/24] PCI: Lock down BAR access when the kernel is locked
|
||||
@ -19,10 +19,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
3 files changed, 17 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
||||
index 31e99613a12e..559556047d66 100644
|
||||
index 2f3780b50723..534d6df4aec2 100644
|
||||
--- a/drivers/pci/pci-sysfs.c
|
||||
+++ b/drivers/pci/pci-sysfs.c
|
||||
@@ -754,6 +754,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
@@ -881,6 +881,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
|
||||
loff_t init_off = off;
|
||||
u8 *data = (u8 *) buf;
|
||||
|
||||
@ -32,7 +32,7 @@ index 31e99613a12e..559556047d66 100644
|
||||
if (off > dev->cfg_size)
|
||||
return 0;
|
||||
if (off + count > dev->cfg_size) {
|
||||
@@ -1048,6 +1051,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
|
||||
@@ -1175,6 +1178,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
|
||||
enum pci_mmap_state mmap_type;
|
||||
struct resource *res = &pdev->resource[bar];
|
||||
|
||||
@ -42,7 +42,7 @@ index 31e99613a12e..559556047d66 100644
|
||||
if (res->flags & IORESOURCE_MEM && iomem_is_exclusive(res->start))
|
||||
return -EINVAL;
|
||||
|
||||
@@ -1131,6 +1137,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
|
||||
@@ -1258,6 +1264,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
|
||||
struct bin_attribute *attr, char *buf,
|
||||
loff_t off, size_t count)
|
||||
{
|
||||
@ -1,4 +1,4 @@
|
||||
From 484812949960307a41ac09edbc0cdf3760067008 Mon Sep 17 00:00:00 2001
|
||||
From 792ad5524762a4652914eed1e27fa80dbc88fe63 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 12/24] x86: Lock down IO port access when the kernel is locked
|
||||
@ -1,4 +1,4 @@
|
||||
From c476d98c6d2e7f6bd5614e65d6beccedc9f2de0a Mon Sep 17 00:00:00 2001
|
||||
From 0111a95655634467b2756f4a98751fca214bc7bc Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:17 +0000
|
||||
Subject: [PATCH 13/24] x86: Restrict MSR access when the kernel is locked down
|
||||
@ -1,4 +1,4 @@
|
||||
From 14820764b607846accbf8976d150a9d4694c6926 Mon Sep 17 00:00:00 2001
|
||||
From adf4bb1b4d055642c4634f40826f76b5d9fa80ab Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 14/24] asus-wmi: Restrict debugfs interface when the kernel is
|
||||
@ -17,7 +17,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||
index 6c7d86074b38..57b82cbc9a6b 100644
|
||||
index 709e3a67391a..2d8db47698b2 100644
|
||||
--- a/drivers/platform/x86/asus-wmi.c
|
||||
+++ b/drivers/platform/x86/asus-wmi.c
|
||||
@@ -1905,6 +1905,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||
@ -1,4 +1,4 @@
|
||||
From 42ed5afba86d6f44ac77e7eda7ffdb18969db24d Mon Sep 17 00:00:00 2001
|
||||
From a60c37afdbf4c2f651225dba77ce30eba398e9fb Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Garrett <matthew.garrett@nebula.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 15/24] ACPI: Limit access to custom_method when the kernel is
|
||||
@ -1,4 +1,4 @@
|
||||
From e735d109ecc0a688d015e7e1b47e2bd7565a3706 Mon Sep 17 00:00:00 2001
|
||||
From 287d04c343cc148beeaf5dfd319baf4f45202fa5 Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 08:46:16 +0000
|
||||
Subject: [PATCH 16/24] acpi: Ignore acpi_rsdp kernel param when the kernel has
|
||||
@ -1,4 +1,4 @@
|
||||
From d02deefe966da9ce7b24a634461a55a48a26f5c4 Mon Sep 17 00:00:00 2001
|
||||
From b40bd3a020d61d854c73eefd7181c7e9bab8edff Mon Sep 17 00:00:00 2001
|
||||
From: Linn Crosetto <linn@hpe.com>
|
||||
Date: Wed, 23 Nov 2016 13:32:27 +0000
|
||||
Subject: [PATCH 17/24] acpi: Disable ACPI table override if the kernel is
|
||||
@ -1,4 +1,4 @@
|
||||
From d57dc54e42838cc52b3d622cfdf8fc9146d223fb Mon Sep 17 00:00:00 2001
|
||||
From c76adce8d0727a6af33bd546da1198660bc716fa Mon Sep 17 00:00:00 2001
|
||||
From: Linn Crosetto <linn@hpe.com>
|
||||
Date: Wed, 23 Nov 2016 13:39:41 +0000
|
||||
Subject: [PATCH 18/24] acpi: Disable APEI error injection if the kernel is
|
||||
@ -1,4 +1,4 @@
|
||||
From f9f91a7b1673ed43f430dc5b5acc5add311fffb2 Mon Sep 17 00:00:00 2001
|
||||
From 44a1cbfc4903c6d1ae1965b9a203fbde710163f7 Mon Sep 17 00:00:00 2001
|
||||
From: "Lee, Chun-Yi" <jlee@suse.com>
|
||||
Date: Wed, 23 Nov 2016 13:52:16 +0000
|
||||
Subject: [PATCH 19/24] bpf: Restrict kernel image access functions when the
|
||||
@ -17,7 +17,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
|
||||
index 460a031c77e5..58eb33d5d6ae 100644
|
||||
index dc498b605d5d..fb240222b89b 100644
|
||||
--- a/kernel/trace/bpf_trace.c
|
||||
+++ b/kernel/trace/bpf_trace.c
|
||||
@@ -65,6 +65,11 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size, const void *, unsafe_ptr)
|
||||
@ -1,4 +1,4 @@
|
||||
From 5cb364215e15f7b2261a4a080bc47034c0420602 Mon Sep 17 00:00:00 2001
|
||||
From 9a254d6fb0731b425165c5e84e6c80a6a6978c76 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Tue, 22 Nov 2016 10:10:34 +0000
|
||||
Subject: [PATCH 20/24] scsi: Lock down the eata driver
|
||||
@ -1,4 +1,4 @@
|
||||
From a71e61219464413efec0989992de9156807cfae8 Mon Sep 17 00:00:00 2001
|
||||
From e54719b6e3d345c7c1dc12c1816962332fd321f4 Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Fri, 25 Nov 2016 14:37:45 +0000
|
||||
Subject: [PATCH 21/24] Prohibit PCMCIA CIS storage when the kernel is locked
|
||||
@ -1,4 +1,4 @@
|
||||
From 8630a903079e06b279c544242a0bef5c446a5cce Mon Sep 17 00:00:00 2001
|
||||
From b2072dd22bcb12ff9146c02cf152b997d4015cec Mon Sep 17 00:00:00 2001
|
||||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Wed, 7 Dec 2016 10:28:39 +0000
|
||||
Subject: [PATCH 22/24] Lock down TIOCSSERIAL
|
||||
@ -15,7 +15,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
|
||||
index 13bfd5dcffce..45fb7689bc1c 100644
|
||||
index f534a40aebde..e32c0179f423 100644
|
||||
--- a/drivers/tty/serial/serial_core.c
|
||||
+++ b/drivers/tty/serial/serial_core.c
|
||||
@@ -821,6 +821,12 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
|
||||
@ -1,4 +1,4 @@
|
||||
From fc70365d40918461359916508605676073ce26d6 Mon Sep 17 00:00:00 2001
|
||||
From acfbb7ecfdfef21a3dd7af9ec73bc8eddfb030f5 Mon Sep 17 00:00:00 2001
|
||||
From: Vito Caputo <vito.caputo@coreos.com>
|
||||
Date: Wed, 25 Nov 2015 02:59:45 -0800
|
||||
Subject: [PATCH 23/24] kbuild: derive relative path for KBUILD_SRC from CURDIR
|
||||
@ -12,12 +12,12 @@ by some undesirable path component.
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 6da481d08441..9087044d964c 100644
|
||||
index 235826f95741..f77bb99032e8 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -149,7 +149,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
|
||||
@:
|
||||
@@ -142,7 +142,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
|
||||
|
||||
# Invoke a second make in the output directory, passing relevant variables
|
||||
sub-make:
|
||||
- $(Q)$(MAKE) -C $(KBUILD_OUTPUT) KBUILD_SRC=$(CURDIR) \
|
||||
+ $(Q)$(MAKE) -C $(KBUILD_OUTPUT) \
|
||||
@ -1,4 +1,4 @@
|
||||
From d824d0b5ff849b21152a3c26bb22f9efa248eee9 Mon Sep 17 00:00:00 2001
|
||||
From 97f0d2110bc94979ebd09c73fb5b23d49c851363 Mon Sep 17 00:00:00 2001
|
||||
From: Geoff Levand <geoff@infradead.org>
|
||||
Date: Fri, 11 Nov 2016 17:28:52 -0800
|
||||
Subject: [PATCH 24/24] Add arm64 coreos verity hash
|
||||
Loading…
x
Reference in New Issue
Block a user