Linux v3.12-4849-g10d0c97

Replace x86-allow-1024-cpus.patch with the patch that contains the one hunk not already applied upstream. Don't install the 'trace' alias symlink for 'perf trace'. Seems much too generic to just throw that into /usr/bin
author: Josh Boyer <jwboyer@fedoraproject.org> 2013-11-12 13:22:52 -0500
committer: Josh Boyer <jwboyer@fedoraproject.org> 2013-11-12 14:24:29 -0500
commit: 713abc0c25d574380a3154b9c4d524ac2f5aab29 (patch)
tree: 972ea7d7258b7c6b59f788a7d59a3ecdcde135c5 /secure-modules.patch
parent: 6dfcb01411c8465cede72726b709b986754c3ed1 (diff)
download: kernel-713abc0c25d574380a3154b9c4d524ac2f5aab29.tar.gz
kernel-713abc0c25d574380a3154b9c4d524ac2f5aab29.tar.xz
kernel-713abc0c25d574380a3154b9c4d524ac2f5aab29.zip
1 files changed, 55 insertions, 55 deletions
diff --git a/secure-modules.patch b/secure-modules.patch
index 9d01b935..025bf4fb 100644
--- a/secure-modules.patch
+++ b/secure-modules.patch
@@ -1,4 +1,4 @@
-From 8dea807503a1ba88d9e27595daae7f86ec968711 Mon Sep 17 00:00:00 2001
+From 0fc411ee00c81b8a18b1417d31f2736fad155d89 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
 Subject: [PATCH 01/14] Add secure_modules() call
@@ -14,10 +14,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  2 files changed, 17 insertions(+)
 
 diff --git a/include/linux/module.h b/include/linux/module.h
-index 46f1ea0..0c266b2 100644
+index 05f2447..de97e77 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -509,6 +509,8 @@ int unregister_module_notifier(struct notifier_block * nb);
+@@ -515,6 +515,8 @@ int unregister_module_notifier(struct notifier_block * nb);
  
  extern void print_modules(void);
  
@@ -26,7 +26,7 @@ index 46f1ea0..0c266b2 100644
  #else /* !CONFIG_MODULES... */
  
  /* Given an address, look for it in the exception tables. */
-@@ -619,6 +621,11 @@ static inline int unregister_module_notifier(struct notifier_block * nb)
+@@ -625,6 +627,11 @@ static inline int unregister_module_notifier(struct notifier_block * nb)
  static inline void print_modules(void)
  {
  }
@@ -39,10 +39,10 @@ index 46f1ea0..0c266b2 100644
  
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index 2069158..0e94acf 100644
+index dc58274..81206c1 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -3852,3 +3852,13 @@ void module_layout(struct module *mod,
+@@ -3860,3 +3860,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif
@@ -60,7 +60,7 @@ index 2069158..0e94acf 100644
 1.8.3.1
 
 
-From 9b7b3f6283bf784e4ea1c34e52646b12971b2823 Mon Sep 17 00:00:00 2001
+From b94942e55b519e70366e970cea3665c464d1b7da Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
 Subject: [PATCH 02/14] PCI: Lock down BAR access when module security is
@@ -80,7 +80,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  3 files changed, 19 insertions(+), 2 deletions(-)
 
 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index c0dbe1f..cd4e35f 100644
+index d8eb880..a851ad6 100644
 --- a/drivers/pci/pci-sysfs.c
 +++ b/drivers/pci/pci-sysfs.c
 @@ -29,6 +29,7 @@
@@ -91,7 +91,7 @@ index c0dbe1f..cd4e35f 100644
  #include "pci.h"
  
  static int sysfs_initialized;	/* = 0 */
-@@ -624,6 +625,9 @@ pci_write_config(struct file* filp, struct kobject *kobj,
+@@ -644,6 +645,9 @@ pci_write_config(struct file* filp, struct kobject *kobj,
  	loff_t init_off = off;
  	u8 *data = (u8*) buf;
  
@@ -101,7 +101,7 @@ index c0dbe1f..cd4e35f 100644
  	if (off > dev->cfg_size)
  		return 0;
  	if (off + count > dev->cfg_size) {
-@@ -930,6 +934,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
+@@ -950,6 +954,9 @@ pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
  	resource_size_t start, end;
  	int i;
  
@@ -111,7 +111,7 @@ index c0dbe1f..cd4e35f 100644
  	for (i = 0; i < PCI_ROM_RESOURCE; i++)
  		if (res == &pdev->resource[i])
  			break;
-@@ -1037,6 +1044,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj,
+@@ -1057,6 +1064,9 @@ pci_write_resource_io(struct file *filp, struct kobject *kobj,
  		      struct bin_attribute *attr, char *buf,
  		      loff_t off, size_t count)
  {
@@ -179,7 +179,7 @@ index e1c1ec5..bffbf71 100644
 1.8.3.1
 
 
-From aac2425a2664c09c2a369e1eec6e7a5bc2713cb1 Mon Sep 17 00:00:00 2001
+From 36f34509fe52cc49e1b1f6815a3f235040f64a03 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
 Subject: [PATCH 03/14] x86: Lock down IO port access when module security is
@@ -252,7 +252,7 @@ index f895a8c..1af8664 100644
 1.8.3.1
 
 
-From e7f9789c7eedf291972666befee726ff8e7126f6 Mon Sep 17 00:00:00 2001
+From 67d9800dcf60467e076587b0aac67bcdc516cfe2 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
 Subject: [PATCH 04/14] ACPI: Limit access to custom_method
@@ -284,7 +284,7 @@ index 12b62f2..50647b3 100644
 1.8.3.1
 
 
-From d81cd6628c821d47bd086354cbc57b1474f3c1a8 Mon Sep 17 00:00:00 2001
+From bdf3761573167c20c72b151c1088b24fd24869ac Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
 Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface when module
@@ -339,7 +339,7 @@ index 19c313b..db18ef66 100644
 1.8.3.1
 
 
-From df75e984729ef50bb691b4d15472529fcd81580b Mon Sep 17 00:00:00 2001
+From 65d88af5a2c6bb6d01da17819d8ba782bd208837 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
 Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem when module loading is
@@ -382,7 +382,7 @@ index 1af8664..61406c8 100644
 1.8.3.1
 
 
-From 78955913cc46cc5e5c7f2c71c1b07a5c18e06456 Mon Sep 17 00:00:00 2001
+From 4aa42b7fa5d7f79eb1d179e728ffa561fd9cf354 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
 Subject: [PATCH 07/14] acpi: Ignore acpi_rsdp kernel parameter when module
@@ -398,7 +398,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index 6ab2c35..e4c4410 100644
+index e5f416c..9311c00 100644
 --- a/drivers/acpi/osl.c
 +++ b/drivers/acpi/osl.c
 @@ -45,6 +45,7 @@
@@ -409,7 +409,7 @@ index 6ab2c35..e4c4410 100644
  
  #include <asm/io.h>
  #include <asm/uaccess.h>
-@@ -245,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
+@@ -249,7 +250,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
  acpi_physical_address __init acpi_os_get_root_pointer(void)
  {
  #ifdef CONFIG_KEXEC
@@ -422,7 +422,7 @@ index 6ab2c35..e4c4410 100644
 1.8.3.1
 
 
-From 23aae9143fbece326b3a26bf5ba48956c99cabe4 Mon Sep 17 00:00:00 2001
+From c9e62c2ce588d98a774a3853e56d95e48b9df98c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 03:33:56 -0400
 Subject: [PATCH 08/14] kexec: Disable at runtime if the kernel enforces module
@@ -438,7 +438,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 8 insertions(+)
 
 diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 59f7b55..3e2b63a 100644
+index 2a74f30..13601e3 100644
 --- a/kernel/kexec.c
 +++ b/kernel/kexec.c
 @@ -32,6 +32,7 @@
@@ -467,7 +467,7 @@ index 59f7b55..3e2b63a 100644
 1.8.3.1
 
 
-From 218cd49aa2d6a085c5c4edc0396200864f0b54ad Mon Sep 17 00:00:00 2001
+From d0e3cb2c13dc9634849ddacf75b6f0d94147516a Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Tue, 3 Sep 2013 11:23:29 -0400
 Subject: [PATCH 09/14] uswsusp: Disable when module loading is restricted
@@ -482,7 +482,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 4 insertions(+)
 
 diff --git a/kernel/power/user.c b/kernel/power/user.c
-index 4ed81e7..15cb72f 100644
+index 957f061..e570609d 100644
 --- a/kernel/power/user.c
 +++ b/kernel/power/user.c
 @@ -24,6 +24,7 @@
@@ -493,7 +493,7 @@ index 4ed81e7..15cb72f 100644
  
  #include <asm/uaccess.h>
  
-@@ -48,6 +49,9 @@ static int snapshot_open(struct inode *inode, struct file *filp)
+@@ -49,6 +50,9 @@ static int snapshot_open(struct inode *inode, struct file *filp)
  	struct snapshot_data *data;
  	int error;
  
@@ -507,7 +507,7 @@ index 4ed81e7..15cb72f 100644
 1.8.3.1
 
 
-From beeaac053d4ae57dc65be1da8b46e5d4bc6542b8 Mon Sep 17 00:00:00 2001
+From b238417ed3c5a0b21bbfcac84f6c70011b8977c0 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
 Subject: [PATCH 10/14] x86: Restrict MSR access when module loading is
@@ -524,7 +524,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 7 insertions(+)
 
 diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 88458fa..d08f7e3 100644
+index 05266b5..e2bd647 100644
 --- a/arch/x86/kernel/msr.c
 +++ b/arch/x86/kernel/msr.c
 @@ -103,6 +103,9 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
@@ -552,7 +552,7 @@ index 88458fa..d08f7e3 100644
 1.8.3.1
 
 
-From b4331711c52aff0a6a9cef0f4b52fe261874d6f2 Mon Sep 17 00:00:00 2001
+From c3a9afb3b580b4f721d245fc5d13e378b99b9cd8 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
 Subject: [PATCH 11/14] Add option to automatically enforce module signatures
@@ -588,12 +588,12 @@ index 199f453..ec38acf 100644
  290/040	ALL	edd_mbr_sig_buffer EDD MBR signatures
  2D0/A00	ALL	e820_map	E820 memory map table
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index b32ebf9..6a6c19b 100644
+index 725e157..fe212ef 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1581,6 +1581,16 @@ config EFI_STUB
+@@ -1604,6 +1604,16 @@ config EFI_STUB
  
- 	  See Documentation/x86/efi-stub.txt for more information.
+ 	  See Documentation/efi-stub.txt for more information.
  
 +config EFI_SECURE_BOOT_SIG_ENFORCE
 +        def_bool n
@@ -609,7 +609,7 @@ index b32ebf9..6a6c19b 100644
  	def_bool y
  	prompt "Enable seccomp to safely compute untrusted bytecode"
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index b7388a4..53bfe4f 100644
+index a7677ba..4e172e9 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -12,6 +12,7 @@
@@ -620,10 +620,10 @@ index b7388a4..53bfe4f 100644
  
  #undef memcpy			/* Use memcpy from misc.c */
  
-@@ -861,6 +862,37 @@ fail:
- 	return status;
+@@ -741,6 +742,37 @@ free_mem_map:
  }
  
+ 
 +static int get_secure_boot(void)
 +{
 +	u8 sb, setup;
@@ -656,9 +656,9 @@ index b7388a4..53bfe4f 100644
 +
 +
  /*
-  * Because the x86 boot code expects to be passed a boot_params we
-  * need to create one ourselves (usually the bootloader would create
-@@ -1169,6 +1201,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
+  * On success we return a pointer to a boot_params structure, and NULL
+  * on failure.
+@@ -760,6 +792,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
  	if (sys_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE)
  		goto fail;
  
@@ -670,7 +670,7 @@ index b7388a4..53bfe4f 100644
  
  	setup_efi_pci(boot_params);
 diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
-index c15ddaf..85d7685 100644
+index 9c3733c..a7ba210 100644
 --- a/arch/x86/include/uapi/asm/bootparam.h
 +++ b/arch/x86/include/uapi/asm/bootparam.h
 @@ -131,7 +131,8 @@ struct boot_params {
@@ -684,10 +684,10 @@ index c15ddaf..85d7685 100644
  	 * The sentinel is set to a nonzero value (0xff) in header.S.
  	 *
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index f8ec578..deeb7bc 100644
+index 918d489..fe429c1 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1129,6 +1129,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1127,6 +1127,12 @@ void __init setup_arch(char **cmdline_p)
  
  	io_delay_init();
  
@@ -701,10 +701,10 @@ index f8ec578..deeb7bc 100644
  	 * Parse the ACPI tables for possible boot-time SMP configuration.
  	 */
 diff --git a/include/linux/module.h b/include/linux/module.h
-index 0c266b2..5a6374a 100644
+index de97e77..d69fe19 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -184,6 +184,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
+@@ -190,6 +190,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
  
  struct notifier_block;
  
@@ -718,10 +718,10 @@ index 0c266b2..5a6374a 100644
  
  extern int modules_disabled; /* for sysctl */
 diff --git a/kernel/module.c b/kernel/module.c
-index 0e94acf..974139b 100644
+index 81206c1..e1428f0 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -3853,6 +3853,13 @@ void module_layout(struct module *mod,
+@@ -3861,6 +3861,13 @@ void module_layout(struct module *mod,
  EXPORT_SYMBOL(module_layout);
  #endif
  
@@ -739,7 +739,7 @@ index 0e94acf..974139b 100644
 1.8.3.1
 
 
-From bb28516d346e6511f1e012321c48eb142763e539 Mon Sep 17 00:00:00 2001
+From 27a1aa77c7fbaaae8c6a776190a38dcbf3c3d6d2 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Tue, 5 Feb 2013 19:25:05 -0500
 Subject: [PATCH 12/14] efi: Disable secure boot if shim is in insecure mode
@@ -756,10 +756,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
  1 file changed, 19 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 53bfe4f..946028b 100644
+index 4e172e9..4905f4d 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
-@@ -864,8 +864,9 @@ fail:
+@@ -744,8 +744,9 @@ free_mem_map:
  
  static int get_secure_boot(void)
  {
@@ -770,7 +770,7 @@ index 53bfe4f..946028b 100644
  	efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
  	efi_status_t status;
  
-@@ -889,6 +890,23 @@ static int get_secure_boot(void)
+@@ -769,6 +770,23 @@ static int get_secure_boot(void)
  	if (setup == 1)
  		return 0;
  
@@ -798,7 +798,7 @@ index 53bfe4f..946028b 100644
 1.8.3.1
 
 
-From 4c8824bac8d4284e66c39c365ba84151f2d78e87 Mon Sep 17 00:00:00 2001
+From 2a445ca2c187da4497ef5f68f111574fd2b0d419 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
 Subject: [PATCH 13/14] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
@@ -812,11 +812,11 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 6a6c19b..10498ec 100644
+index fe212ef..bf83fd3 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1582,7 +1582,8 @@ config EFI_STUB
- 	  See Documentation/x86/efi-stub.txt for more information.
+@@ -1605,7 +1605,8 @@ config EFI_STUB
+ 	  See Documentation/efi-stub.txt for more information.
  
  config EFI_SECURE_BOOT_SIG_ENFORCE
 -        def_bool n
@@ -829,7 +829,7 @@ index 6a6c19b..10498ec 100644
 1.8.3.1
 
 
-From 871b0ed1847c3c5413a4ca72ecf18735858f7708 Mon Sep 17 00:00:00 2001
+From b1c533cc1d1ca7a03497cc4f2e1b029bde95633c Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
 Subject: [PATCH 14/14] efi: Add EFI_SECURE_BOOT bit
@@ -844,10 +844,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  2 files changed, 3 insertions(+)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index deeb7bc..08dc16e 100644
+index fe429c1..469fbf0 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1131,7 +1131,9 @@ void __init setup_arch(char **cmdline_p)
+@@ -1129,7 +1129,9 @@ void __init setup_arch(char **cmdline_p)
  
  #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
  	if (boot_params.secure_boot) {
@@ -858,10 +858,10 @@ index deeb7bc..08dc16e 100644
  #endif
  
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 5f8f176..eed2202 100644
+index bc5687d..b010a2e 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -634,6 +634,7 @@ extern int __init efi_setup_pcdp_console(char *);
+@@ -653,6 +653,7 @@ extern int __init efi_setup_pcdp_console(char *);
  #define EFI_RUNTIME_SERVICES	3	/* Can we use runtime services? */
  #define EFI_MEMMAP		4	/* Can we use EFI memory map? */
  #define EFI_64BIT		5	/* Is the firmware 64-bit? */
author	Josh Boyer <jwboyer@fedoraproject.org>	2013-11-12 13:22:52 -0500
committer	Josh Boyer <jwboyer@fedoraproject.org>	2013-11-12 14:24:29 -0500
commit	713abc0c25d574380a3154b9c4d524ac2f5aab29 (patch)
tree	972ea7d7258b7c6b59f788a7d59a3ecdcde135c5 /secure-modules.patch
parent	6dfcb01411c8465cede72726b709b986754c3ed1 (diff)
download	kernel-713abc0c25d574380a3154b9c4d524ac2f5aab29.tar.gz kernel-713abc0c25d574380a3154b9c4d524ac2f5aab29.tar.xz kernel-713abc0c25d574380a3154b9c4d524ac2f5aab29.zip