From 0e60be213aea5fd2b69b3aaad0cf7d85b5be7e89 Mon Sep 17 00:00:00 2001 From: Dongjin Kim Date: Sat, 21 Dec 2019 11:23:18 +0900 Subject: [PATCH] ODROID: remove default patches Signed-off-by: Dongjin Kim --- .../all/cpupower-bump-soname-version.patch | 28 - ...pupower-fix-checks-for-cpu-existence.patch | 49 - .../all/disable-some-marvell-phys.patch | 93 - ...-redundant-log-messages-from-drivers.patch | 2576 ----------------- ..._class-log-every-success-and-failure.patch | 79 - ...ftdep-declarations-for-hard-coded-cr.patch | 69 - .../kbuild-fix-recordmcount-dependency.patch | 23 - .../libcpupower-hide-private-function.patch | 20 - ...disable-matching-missing-version-crc.patch | 23 - ...t-socket-implement-64-bit-timestamps.patch | 140 - ...-usb-kconfig-using-select-for-usb_co.patch | 30 - ...uired-for-drm-and-kms-on-r600-onward.patch | 139 - ...ove-bpf-run-time-check-at-build-time.patch | 27 - ...ib-api-fs-fs.c-fix-misuse-of-strncpy.patch | 39 - .../bugfix/all/tools-perf-man-date.patch | 44 - ...-perf-pmu-events-fix-reproducibility.patch | 165 -- .../all/tools-perf-remove-shebangs.patch | 39 - .../all/usbip-document-tcp-wrappers.patch | 29 - .../all/usbip-fix-misuse-of-strncpy.patch | 72 - ...-network-fix-unaligned-member-access.patch | 79 - ...rkwood-fix-sata-pinmux-ing-for-ts419.patch | 37 - ...__sync_icache_dcache-for-xen-privcmd.patch | 31 - ...4-acpi-Add-fixup-for-HPE-m400-quirks.patch | 90 - ...rect-voltage-selector-firefly-RK3399.patch | 45 - ...2poly.h-when-building-with-kernel_xz.patch | 39 - ...lf-output-parsing-on-powerpc-with-re.patch | 46 - ...use-hyphen-in-exported-variable-name.patch | 124 - .../perf-tools-fix-unwind-build-on-i386.patch | 35 - ...d-fix-libunwind-feature-detection-on.patch | 22 - .../viafb-autoload-on-olpc-xo1.5-only.patch | 34 - ...6-32-disable-3dnow-in-generic-config.patch | 29 - ...nprivileged-CLONE_NEWUSER-by-default.patch | 93 - ...e-auto-loading-as-mitigation-against.patch | 29 - ...uilding-ashmem-and-binder-as-modules.patch | 110 - .../debian/arch-sh4-fix-uimage-build.patch | 18 - ...-raid5-6-being-experimental-at-mount.patch | 35 - .../cdc_ncm-cdc_mbim-use-ncm-by-default.patch | 27 - ...as-mitigation-against-local-exploits.patch | 41 - ...uto-loading-as-mitigation-against-lo.patch | 32 - ...-powerpc-platforms-8xx-ucode-disable.patch | 29 - ...ation-fix-broken-link-to-cipso-draft.patch | 18 - ...ers-media-dvb-dvb-usb-af9005-disable.patch | 15 - .../dfsg/drivers-net-appletalk-cops.patch | 50 - .../video-remove-nvidiafb-and-rivafb.patch | 128 - .../patches/debian/dfsg/vs6624-disable.patch | 15 - ...rt-symbols-needed-by-android-drivers.patch | 175 -- ...n-use-of-fanotify_access_permissions.patch | 29 - ...s-refer-to-debian-wiki-firmware-page.patch | 52 - .../debian/fjes-disable-autoload.patch | 24 - ...ink-security-restrictions-by-default.patch | 22 - debian/patches/debian/gitignore.patch | 49 - ...as-mitigation-against-local-exploits.patch | 48 - ...86-pae-pci-set-pci-nobios-by-default.patch | 27 - .../ia64-hardcode-arch-script-output.patch | 78 - ...i-do-not-request-unreleased-firmware.patch | 26 - debian/patches/debian/kernelvariables.patch | 82 - .../debian/mips-boston-disable-its.patch | 20 - .../patches/debian/mips-disable-werror.patch | 23 - .../debian/ntfs-mark-it-as-broken.patch | 22 - .../overlayfs-permit-mounts-in-userns.patch | 59 - ...-loading-as-mitigation-against-local.patch | 34 - ...ix-config_stack_validation-y-warning.patch | 52 - .../debian/sched-autogroup-disabled.patch | 19 - .../debian/snd-pcsp-disable-autoload.patch | 30 - .../patches/debian/tools-perf-install.patch | 51 - .../patches/debian/tools-perf-version.patch | 111 - .../debian/uname-version-timestamp.patch | 33 - debian/patches/debian/version.patch | 188 -- ...d-debian-wireless-regdb-certificates.patch | 961 ------ ...disable-regulatory.db-direct-loading.patch | 73 - .../debian/yama-disable-by-default.patch | 32 - .../features/all/aufs5/aufs5-base.patch | 328 --- .../features/all/aufs5/aufs5-mmap.patch | 405 --- .../features/all/aufs5/aufs5-standalone.patch | 285 -- ...t-load-mok-when-secure-boot-disabled.patch | 63 - ...002-MODSIGN-load-blacklist-from-MOKx.patch | 59 - ...-hash-before-loading-a-kernel-module.patch | 122 - ...N-check-the-attributes-of-db-and-mok.patch | 107 - ...st-not-complain-about-cert-lists-tha.patch | 103 - ...latform-keyring-for-module-signature.patch | 37 - ...-make-shash-allocation-failure-fatal.patch | 28 - ...edia-dvb-usb-af9005-request_firmware.patch | 145 - ...sysrq-option-to-lift-kernel-lockdown.patch | 270 -- ...rnel-config-option-to-lock-down-when.patch | 86 - ...ecure_boot-flag-to-indicate-secure-b.patch | 145 - ...e-kernel-if-booted-in-secure-boot-mo.patch | 115 - .../enable-cold-boot-attack-mitigation.patch | 50 - ...debian-wiki-until-manual-page-exists.patch | 32 - ...ble-slram-and-phram-when-locked-down.patch | 75 - ...rther-restriction-of-perf_event_open.patch | 75 - ...Add-Loongson-LS3A-RS780E-1-way-machi.patch | 57 - ...ig-option-to-exclude-igpu-by-default.patch | 88 - ...ption-to-exclude-integrated-gpu-only.patch | 87 - ...make-x32-syscall-support-conditional.patch | 180 -- .../x86-memtest-WARN-if-bad-RAM-found.patch | 28 - debian/patches/series | 137 - debian/rules.real | 2 + 97 files changed, 2 insertions(+), 10362 deletions(-) delete mode 100644 debian/patches/bugfix/all/cpupower-bump-soname-version.patch delete mode 100644 debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch delete mode 100644 debian/patches/bugfix/all/disable-some-marvell-phys.patch delete mode 100644 debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch delete mode 100644 debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch delete mode 100644 debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch delete mode 100644 debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch delete mode 100644 debian/patches/bugfix/all/libcpupower-hide-private-function.patch delete mode 100644 debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch delete mode 100644 debian/patches/bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch delete mode 100644 debian/patches/bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch delete mode 100644 debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch delete mode 100644 debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch delete mode 100644 debian/patches/bugfix/all/tools-lib-api-fs-fs.c-fix-misuse-of-strncpy.patch delete mode 100644 debian/patches/bugfix/all/tools-perf-man-date.patch delete mode 100644 debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch delete mode 100644 debian/patches/bugfix/all/tools-perf-remove-shebangs.patch delete mode 100644 debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch delete mode 100644 debian/patches/bugfix/all/usbip-fix-misuse-of-strncpy.patch delete mode 100644 debian/patches/bugfix/all/usbip-network-fix-unaligned-member-access.patch delete mode 100644 debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch delete mode 100644 debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch delete mode 100644 debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch delete mode 100644 debian/patches/bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch delete mode 100644 debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch delete mode 100644 debian/patches/bugfix/ppc64el/libbpf-fix-readelf-output-parsing-on-powerpc-with-re.patch delete mode 100644 debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch delete mode 100644 debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch delete mode 100644 debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch delete mode 100644 debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch delete mode 100644 debian/patches/bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch delete mode 100644 debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch delete mode 100644 debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch delete mode 100644 debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch delete mode 100644 debian/patches/debian/arch-sh4-fix-uimage-build.patch delete mode 100644 debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch delete mode 100644 debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch delete mode 100644 debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch delete mode 100644 debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch delete mode 100644 debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch delete mode 100644 debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch delete mode 100644 debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch delete mode 100644 debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch delete mode 100644 debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch delete mode 100644 debian/patches/debian/dfsg/vs6624-disable.patch delete mode 100644 debian/patches/debian/export-symbols-needed-by-android-drivers.patch delete mode 100644 debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch delete mode 100644 debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch delete mode 100644 debian/patches/debian/fjes-disable-autoload.patch delete mode 100644 debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch delete mode 100644 debian/patches/debian/gitignore.patch delete mode 100644 debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch delete mode 100644 debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch delete mode 100644 debian/patches/debian/ia64-hardcode-arch-script-output.patch delete mode 100644 debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch delete mode 100644 debian/patches/debian/kernelvariables.patch delete mode 100644 debian/patches/debian/mips-boston-disable-its.patch delete mode 100644 debian/patches/debian/mips-disable-werror.patch delete mode 100644 debian/patches/debian/ntfs-mark-it-as-broken.patch delete mode 100644 debian/patches/debian/overlayfs-permit-mounts-in-userns.patch delete mode 100644 debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch delete mode 100644 debian/patches/debian/revert-objtool-fix-config_stack_validation-y-warning.patch delete mode 100644 debian/patches/debian/sched-autogroup-disabled.patch delete mode 100644 debian/patches/debian/snd-pcsp-disable-autoload.patch delete mode 100644 debian/patches/debian/tools-perf-install.patch delete mode 100644 debian/patches/debian/tools-perf-version.patch delete mode 100644 debian/patches/debian/uname-version-timestamp.patch delete mode 100644 debian/patches/debian/version.patch delete mode 100644 debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch delete mode 100644 debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch delete mode 100644 debian/patches/debian/yama-disable-by-default.patch delete mode 100644 debian/patches/features/all/aufs5/aufs5-base.patch delete mode 100644 debian/patches/features/all/aufs5/aufs5-mmap.patch delete mode 100644 debian/patches/features/all/aufs5/aufs5-standalone.patch delete mode 100644 debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch delete mode 100644 debian/patches/features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch delete mode 100644 debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch delete mode 100644 debian/patches/features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch delete mode 100644 debian/patches/features/all/db-mok-keyring/0006-Make-get_cert_list-not-complain-about-cert-lists-tha.patch delete mode 100644 debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch delete mode 100644 debian/patches/features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch delete mode 100644 debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch delete mode 100644 debian/patches/features/all/lockdown/add-a-sysrq-option-to-lift-kernel-lockdown.patch delete mode 100644 debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch delete mode 100644 debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch delete mode 100644 debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch delete mode 100644 debian/patches/features/all/lockdown/enable-cold-boot-attack-mitigation.patch delete mode 100644 debian/patches/features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.patch delete mode 100644 debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch delete mode 100644 debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch delete mode 100644 debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch delete mode 100644 debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch delete mode 100644 debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch delete mode 100644 debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch delete mode 100644 debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch delete mode 100644 debian/patches/series diff --git a/debian/patches/bugfix/all/cpupower-bump-soname-version.patch b/debian/patches/bugfix/all/cpupower-bump-soname-version.patch deleted file mode 100644 index b6eb2dd8e05b..000000000000 --- a/debian/patches/bugfix/all/cpupower-bump-soname-version.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Ben Hutchings -Date: Sun, 19 May 2019 17:17:33 +0100 -Subject: cpupower: Bump soname version - -Several functions in the libcpupower API were renamed or removed in -Linux 4.7, and again in 5.1. This is a backward-incompatible ABI -change, so the library soname should change from libcpupower.so.0 to -libcpupower.so.2. - -Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library") -Signed-off-by: Ben Hutchings ---- - tools/power/cpupower/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/tools/power/cpupower/Makefile -+++ b/tools/power/cpupower/Makefile -@@ -65,8 +65,8 @@ DESTDIR ?= - # and _should_ modify the PACKAGE_BUGREPORT definition - - VERSION= $(shell ./utils/version-gen.sh) --LIB_MAJ= 0.0.1 --LIB_MIN= 0 -+LIB_MAJ= 2.0.1 -+LIB_MIN= 2 - - PACKAGE = cpupower - PACKAGE_BUGREPORT = linux-pm@vger.kernel.org diff --git a/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch b/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch deleted file mode 100644 index 5cce9b76a242..000000000000 --- a/debian/patches/bugfix/all/cpupower-fix-checks-for-cpu-existence.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Ben Hutchings -Date: Thu, 03 Nov 2016 15:25:26 -0600 -Subject: cpupower: Fix checks for CPU existence -Forwarded: https://marc.info/?l=linux-pm&m=149248268214265 - -Calls to cpufreq_cpu_exists(cpu) were converted to -cpupower_is_cpu_online(cpu) when libcpupower was introduced and the -former function was deleted. However, cpupower_is_cpu_online() does -not distinguish physically absent and offline CPUs, and does not set -errno. - -cpufreq-set has already been fixed (commit c25badc9ceb6). - -In cpufreq-bench, which prints an error message for offline CPUs, -properly distinguish and report the zero and negative cases. - -Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library") -Fixes: 53d1cd6b125f ("cpupowerutils: bench - Fix cpu online check") -Signed-off-by: Ben Hutchings -[carnil: Update/Refresh patch for 4.14.17: The issue with the -incorrect check has been fixed with upstream commit 53d1cd6b125f. -Keep in the patch the distinction and report for the zero and -negative cases.] ---- ---- a/tools/power/cpupower/bench/system.c -+++ b/tools/power/cpupower/bench/system.c -@@ -58,12 +58,19 @@ long long int get_time() - - int set_cpufreq_governor(char *governor, unsigned int cpu) - { -+ int rc; - - dprintf("set %s as cpufreq governor\n", governor); - -- if (cpupower_is_cpu_online(cpu) != 1) { -- perror("cpufreq_cpu_exists"); -- fprintf(stderr, "error: cpu %u does not exist\n", cpu); -+ rc = cpupower_is_cpu_online(cpu); -+ if (rc != 1) { -+ if (rc < 0) -+ fprintf(stderr, "cpupower_is_cpu_online: %s\n", -+ strerror(-rc)); -+ else -+ fprintf(stderr, -+ "error: cpu %u is offline or does not exist\n", -+ cpu); - return -1; - } - diff --git a/debian/patches/bugfix/all/disable-some-marvell-phys.patch b/debian/patches/bugfix/all/disable-some-marvell-phys.patch deleted file mode 100644 index 07b118389d20..000000000000 --- a/debian/patches/bugfix/all/disable-some-marvell-phys.patch +++ /dev/null @@ -1,93 +0,0 @@ -From: Ian Campbell -Subject: phy/marvell: disable 4-port phys -Date: Wed, 20 Nov 2013 08:30:14 +0000 -Bug-Debian: https://bugs.debian.org/723177 -Forwarded: http://thread.gmane.org/gmane.linux.debian.devel.bugs.general/1107774/ - -The Marvell PHY was originally disabled because it can cause networking -failures on some systems. According to Lennert Buytenhek this is because some -of the variants added did not share the same register layout. Since the known -cases are all 4-ports disable those variants (indicated by a 4 in the -penultimate position of the model name) until they can be audited for -correctness. - -[bwh: Also #if-out the init functions for these PHYs to avoid - compiler warnings] - -Index: debian-kernel/drivers/net/phy/marvell.c -=================================================================== ---- debian-kernel.orig/drivers/net/phy/marvell.c -+++ debian-kernel/drivers/net/phy/marvell.c -@@ -937,6 +937,7 @@ static int m88e1118_config_init(struct p - return genphy_soft_reset(phydev); - } - -+#if 0 - static int m88e1149_config_init(struct phy_device *phydev) - { - int err; -@@ -962,7 +963,9 @@ static int m88e1149_config_init(struct p - - return genphy_soft_reset(phydev); - } -+#endif - -+#if 0 - static int m88e1145_config_init_rgmii(struct phy_device *phydev) - { - int err; -@@ -1037,6 +1040,7 @@ static int m88e1145_config_init(struct p - - return 0; - } -+#endif - - static int m88e1540_get_fld(struct phy_device *phydev, u8 *msecs) - { -@@ -2243,6 +2247,7 @@ static struct phy_driver marvell_drivers - .get_strings = marvell_get_strings, - .get_stats = marvell_get_stats, - }, -+#if 0 - { - .phy_id = MARVELL_PHY_ID_88E1145, - .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2262,6 +2267,8 @@ static struct phy_driver marvell_drivers - .get_strings = marvell_get_strings, - .get_stats = marvell_get_stats, - }, -+#endif -+#if 0 - { - .phy_id = MARVELL_PHY_ID_88E1149R, - .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2280,6 +2287,8 @@ static struct phy_driver marvell_drivers - .get_strings = marvell_get_strings, - .get_stats = marvell_get_stats, - }, -+#endif -+#if 0 - { - .phy_id = MARVELL_PHY_ID_88E1240, - .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2298,6 +2307,7 @@ static struct phy_driver marvell_drivers - .get_strings = marvell_get_strings, - .get_stats = marvell_get_stats, - }, -+#endif - { - .phy_id = MARVELL_PHY_ID_88E1116R, - .phy_id_mask = MARVELL_PHY_ID_MASK, -@@ -2432,9 +2442,9 @@ static struct mdio_device_id __maybe_unu - { MARVELL_PHY_ID_88E1111, MARVELL_PHY_ID_MASK }, - { MARVELL_PHY_ID_88E1118, MARVELL_PHY_ID_MASK }, - { MARVELL_PHY_ID_88E1121R, MARVELL_PHY_ID_MASK }, -- { MARVELL_PHY_ID_88E1145, MARVELL_PHY_ID_MASK }, -- { MARVELL_PHY_ID_88E1149R, MARVELL_PHY_ID_MASK }, -- { MARVELL_PHY_ID_88E1240, MARVELL_PHY_ID_MASK }, -+/* { MARVELL_PHY_ID_88E1145, MARVELL_PHY_ID_MASK }, */ -+/* { MARVELL_PHY_ID_88E1149R, MARVELL_PHY_ID_MASK }, */ -+/* { MARVELL_PHY_ID_88E1240, MARVELL_PHY_ID_MASK }, */ - { MARVELL_PHY_ID_88E1318S, MARVELL_PHY_ID_MASK }, - { MARVELL_PHY_ID_88E1116R, MARVELL_PHY_ID_MASK }, - { MARVELL_PHY_ID_88E1510, MARVELL_PHY_ID_MASK }, diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch deleted file mode 100644 index fbc97f578c93..000000000000 --- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch +++ /dev/null @@ -1,2576 +0,0 @@ -From: Ben Hutchings -Subject: firmware: Remove redundant log messages from drivers -Date: Sun, 09 Dec 2012 16:40:31 +0000 -Forwarded: no - -Now that firmware_class logs every success and failure consistently, -many other log messages can be removed from drivers. - -This will probably need to be split up into multiple patches prior to -upstream submission. - ---- a/arch/x86/kernel/cpu/microcode/amd.c -+++ b/arch/x86/kernel/cpu/microcode/amd.c -@@ -901,10 +901,8 @@ static enum ucode_state request_microcod - if (c->x86 >= 0x15) - snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); - -- if (request_firmware_direct(&fw, (const char *)fw_name, device)) { -- pr_debug("failed to load file %s\n", fw_name); -+ if (request_firmware_direct(&fw, (const char *)fw_name, device)) - goto out; -- } - - ret = UCODE_ERROR; - if (!verify_container(fw->data, fw->size, false)) ---- a/drivers/atm/ambassador.c -+++ b/drivers/atm/ambassador.c -@@ -1914,10 +1914,8 @@ static int ucode_init(loader_block *lb, - int res; - - res = request_ihex_firmware(&fw, "atmsar11.fw", &dev->pci_dev->dev); -- if (res) { -- PRINTK (KERN_ERR, "Cannot load microcode data"); -+ if (res) - return res; -- } - - /* First record contains just the start address */ - rec = (const struct ihex_binrec *)fw->data; ---- a/drivers/atm/fore200e.c -+++ b/drivers/atm/fore200e.c -@@ -2414,10 +2414,9 @@ static int fore200e_load_and_start_fw(st - int err; - - sprintf(buf, "%s%s", fore200e->bus->proc_name, FW_EXT); -- if ((err = request_firmware(&firmware, buf, fore200e->dev)) < 0) { -- printk(FORE200E "problem loading firmware image %s\n", fore200e->bus->model_name); -+ err = request_firmware(&firmware, buf, fore200e->dev); -+ if (err) - return err; -- } - - fw_data = (const __le32 *)firmware->data; - fw_size = firmware->size / sizeof(u32); ---- a/drivers/bluetooth/ath3k.c -+++ b/drivers/bluetooth/ath3k.c -@@ -417,10 +417,8 @@ static int ath3k_load_patch(struct usb_d - le32_to_cpu(fw_version.rom_version)); - - ret = request_firmware(&firmware, filename, &udev->dev); -- if (ret < 0) { -- BT_ERR("Patch file not found %s", filename); -+ if (ret) - return ret; -- } - - pt_rom_version = get_unaligned_le32(firmware->data + - firmware->size - 8); -@@ -480,10 +478,8 @@ static int ath3k_load_syscfg(struct usb_ - le32_to_cpu(fw_version.rom_version), clk_value, ".dfu"); - - ret = request_firmware(&firmware, filename, &udev->dev); -- if (ret < 0) { -- BT_ERR("Configuration file not found %s", filename); -+ if (ret) - return ret; -- } - - ret = ath3k_load_fwfile(udev, firmware); - release_firmware(firmware); ---- a/drivers/bluetooth/bcm203x.c -+++ b/drivers/bluetooth/bcm203x.c -@@ -174,7 +174,6 @@ static int bcm203x_probe(struct usb_inte - return -ENOMEM; - - if (request_firmware(&firmware, "BCM2033-MD.hex", &udev->dev) < 0) { -- BT_ERR("Mini driver request failed"); - usb_free_urb(data->urb); - return -EIO; - } -@@ -199,7 +198,6 @@ static int bcm203x_probe(struct usb_inte - release_firmware(firmware); - - if (request_firmware(&firmware, "BCM2033-FW.bin", &udev->dev) < 0) { -- BT_ERR("Firmware request failed"); - usb_free_urb(data->urb); - kfree(data->buffer); - return -EIO; ---- a/drivers/bluetooth/bfusb.c -+++ b/drivers/bluetooth/bfusb.c -@@ -637,10 +637,8 @@ static int bfusb_probe(struct usb_interf - skb_queue_head_init(&data->pending_q); - skb_queue_head_init(&data->completed_q); - -- if (request_firmware(&firmware, "bfubase.frm", &udev->dev) < 0) { -- BT_ERR("Firmware request failed"); -+ if (request_firmware(&firmware, "bfubase.frm", &udev->dev)) - goto done; -- } - - BT_DBG("firmware data %p size %zu", firmware->data, firmware->size); - ---- a/drivers/bluetooth/bt3c_cs.c -+++ b/drivers/bluetooth/bt3c_cs.c -@@ -569,10 +569,8 @@ static int bt3c_open(struct bt3c_info *i - - /* Load firmware */ - err = request_firmware(&firmware, "BT3CPCC.bin", &info->p_dev->dev); -- if (err < 0) { -- BT_ERR("Firmware request failed"); -+ if (err) - goto error; -- } - - err = bt3c_load_firmware(info, firmware->data, firmware->size); - ---- a/drivers/bluetooth/btmrvl_sdio.c -+++ b/drivers/bluetooth/btmrvl_sdio.c -@@ -526,8 +526,6 @@ static int btmrvl_sdio_download_helper(s - ret = request_firmware(&fw_helper, card->helper, - &card->func->dev); - if ((ret < 0) || !fw_helper) { -- BT_ERR("request_firmware(helper) failed, error code = %d", -- ret); - ret = -ENOENT; - goto done; - } -@@ -626,8 +624,6 @@ static int btmrvl_sdio_download_fw_w_hel - ret = request_firmware(&fw_firmware, card->firmware, - &card->func->dev); - if ((ret < 0) || !fw_firmware) { -- BT_ERR("request_firmware(firmware) failed, error code = %d", -- ret); - ret = -ENOENT; - goto done; - } ---- a/drivers/char/dsp56k.c -+++ b/drivers/char/dsp56k.c -@@ -140,11 +140,8 @@ static int dsp56k_upload(u_char __user * - } - err = request_firmware(&fw, fw_name, &pdev->dev); - platform_device_unregister(pdev); -- if (err) { -- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", -- fw_name, err); -+ if (err) - return err; -- } - if (fw->size % 3) { - printk(KERN_ERR "Bogus length %d in image \"%s\"\n", - fw->size, fw_name); ---- a/drivers/dma/imx-sdma.c -+++ b/drivers/dma/imx-sdma.c -@@ -1719,11 +1719,8 @@ static void sdma_load_firmware(const str - const struct sdma_script_start_addrs *addr; - unsigned short *ram_code; - -- if (!fw) { -- dev_info(sdma->dev, "external firmware not found, using ROM firmware\n"); -- /* In this case we just use the ROM firmware. */ -+ if (!fw) - return; -- } - - if (fw->size < sizeof(*header)) - goto err_firmware; ---- a/drivers/gpu/drm/mga/mga_warp.c -+++ b/drivers/gpu/drm/mga/mga_warp.c -@@ -79,11 +79,8 @@ int mga_warp_install_microcode(drm_mga_p - } - rc = request_ihex_firmware(&fw, firmware_name, &pdev->dev); - platform_device_unregister(pdev); -- if (rc) { -- DRM_ERROR("mga: Failed to load microcode \"%s\"\n", -- firmware_name); -+ if (rc) - return rc; -- } - - size = 0; - where = 0; ---- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c -+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c -@@ -2099,10 +2099,8 @@ gf100_gr_ctor_fw_legacy(struct gf100_gr - if (ret) { - snprintf(f, sizeof(f), "nouveau/%s", fwname); - ret = request_firmware(&fw, f, device->dev); -- if (ret) { -- nvkm_error(subdev, "failed to load %s\n", fwname); -+ if (ret) - return ret; -- } - } - - fuc->size = fw->size; ---- a/drivers/gpu/drm/r128/r128_cce.c -+++ b/drivers/gpu/drm/r128/r128_cce.c -@@ -162,11 +162,8 @@ static int r128_cce_load_microcode(drm_r - } - rc = request_firmware(&fw, FIRMWARE_NAME, &pdev->dev); - platform_device_unregister(pdev); -- if (rc) { -- pr_err("r128_cce: Failed to load firmware \"%s\"\n", -- FIRMWARE_NAME); -+ if (rc) - return rc; -- } - - if (fw->size != 256 * 8) { - pr_err("r128_cce: Bogus length %zu in firmware \"%s\"\n", ---- a/drivers/gpu/drm/radeon/ni.c -+++ b/drivers/gpu/drm/radeon/ni.c -@@ -833,9 +833,6 @@ int ni_init_microcode(struct radeon_devi - - out: - if (err) { -- if (err != -EINVAL) -- pr_err("ni_cp: Failed to load firmware \"%s\"\n", -- fw_name); - release_firmware(rdev->pfp_fw); - rdev->pfp_fw = NULL; - release_firmware(rdev->me_fw); ---- a/drivers/gpu/drm/radeon/r100.c -+++ b/drivers/gpu/drm/radeon/r100.c -@@ -1047,9 +1047,7 @@ static int r100_cp_init_microcode(struct - } - - err = request_firmware(&rdev->me_fw, fw_name, rdev->dev); -- if (err) { -- pr_err("radeon_cp: Failed to load firmware \"%s\"\n", fw_name); -- } else if (rdev->me_fw->size % 8) { -+ if (err == 0 && rdev->me_fw->size % 8) { - pr_err("radeon_cp: Bogus length %zu in firmware \"%s\"\n", - rdev->me_fw->size, fw_name); - err = -EINVAL; ---- a/drivers/gpu/drm/radeon/r600.c -+++ b/drivers/gpu/drm/radeon/r600.c -@@ -2599,9 +2599,6 @@ int r600_init_microcode(struct radeon_de - - out: - if (err) { -- if (err != -EINVAL) -- pr_err("r600_cp: Failed to load firmware \"%s\"\n", -- fw_name); - release_firmware(rdev->pfp_fw); - rdev->pfp_fw = NULL; - release_firmware(rdev->me_fw); ---- a/drivers/infiniband/hw/qib/qib_sd7220.c -+++ b/drivers/infiniband/hw/qib/qib_sd7220.c -@@ -406,10 +406,8 @@ int qib_sd7220_init(struct qib_devdata * - } - - ret = request_firmware(&fw, SD7220_FW_NAME, &dd->pcidev->dev); -- if (ret) { -- qib_dev_err(dd, "Failed to load IB SERDES image\n"); -+ if (ret) - goto done; -- } - - /* Substitute our deduced value for was_reset */ - ret = qib_ibsd_ucode_loaded(dd->pport, fw); ---- a/drivers/input/touchscreen/atmel_mxt_ts.c -+++ b/drivers/input/touchscreen/atmel_mxt_ts.c -@@ -2778,10 +2778,8 @@ static int mxt_load_fw(struct device *de - int ret; - - ret = request_firmware(&fw, fn, dev); -- if (ret) { -- dev_err(dev, "Unable to open firmware %s\n", fn); -+ if (ret) - return ret; -- } - - /* Check for incorrect enc file */ - ret = mxt_check_firmware_format(dev, fw); ---- a/drivers/isdn/hardware/mISDN/speedfax.c -+++ b/drivers/isdn/hardware/mISDN/speedfax.c -@@ -379,11 +379,8 @@ setup_instance(struct sfax_hw *card) - card->isar.owner = THIS_MODULE; - - err = request_firmware(&firmware, "isdn/ISAR.BIN", &card->pdev->dev); -- if (err < 0) { -- pr_info("%s: firmware request failed %d\n", -- card->name, err); -+ if (err) - goto error_fw; -- } - if (debug & DEBUG_HW) - pr_notice("%s: got firmware %zu bytes\n", - card->name, firmware->size); ---- a/drivers/media/common/siano/smscoreapi.c -+++ b/drivers/media/common/siano/smscoreapi.c -@@ -1156,10 +1156,8 @@ static int smscore_load_firmware_from_fi - return -EINVAL; - - rc = request_firmware(&fw, fw_filename, coredev->device); -- if (rc < 0) { -- pr_err("failed to open firmware file '%s'\n", fw_filename); -+ if (rc < 0) - return rc; -- } - pr_debug("read fw %s, buffer size=0x%zx\n", fw_filename, fw->size); - fw_buf = kmalloc(ALIGN(fw->size + sizeof(struct sms_firmware), - SMS_ALLOC_ALIGNMENT), GFP_KERNEL | coredev->gfp_buf_flags); ---- a/drivers/media/dvb-frontends/af9013.c -+++ b/drivers/media/dvb-frontends/af9013.c -@@ -1049,14 +1049,8 @@ static int af9013_download_firmware(stru - - /* Request the firmware, will block and timeout */ - ret = request_firmware(&firmware, name, &client->dev); -- if (ret) { -- dev_info(&client->dev, "firmware file '%s' not found %d\n", -- name, ret); -+ if (ret) - goto err; -- } -- -- dev_info(&client->dev, "downloading firmware from file '%s'\n", -- name); - - /* Write firmware checksum & size */ - for (i = 0; i < firmware->size; i++) ---- a/drivers/media/dvb-frontends/bcm3510.c -+++ b/drivers/media/dvb-frontends/bcm3510.c -@@ -636,10 +636,9 @@ static int bcm3510_download_firmware(str - int ret,i; - - deb_info("requesting firmware\n"); -- if ((ret = st->config->request_firmware(fe, &fw, BCM3510_DEFAULT_FIRMWARE)) < 0) { -- err("could not load firmware (%s): %d",BCM3510_DEFAULT_FIRMWARE,ret); -+ ret = st->config->request_firmware(fe, &fw, BCM3510_DEFAULT_FIRMWARE); -+ if (ret) - return ret; -- } - deb_info("got firmware: %zu\n", fw->size); - - b = fw->data; ---- a/drivers/media/dvb-frontends/cx24116.c -+++ b/drivers/media/dvb-frontends/cx24116.c -@@ -479,13 +479,8 @@ static int cx24116_firmware_ondemand(str - __func__, CX24116_DEFAULT_FIRMWARE); - ret = request_firmware(&fw, CX24116_DEFAULT_FIRMWARE, - state->i2c->dev.parent); -- printk(KERN_INFO "%s: Waiting for firmware upload(2)...\n", -- __func__); -- if (ret) { -- printk(KERN_ERR "%s: No firmware uploaded (timeout or file not found?)\n", -- __func__); -+ if (ret) - return ret; -- } - - /* Make sure we don't recurse back through here - * during loading */ ---- a/drivers/media/dvb-frontends/drxd_hard.c -+++ b/drivers/media/dvb-frontends/drxd_hard.c -@@ -891,10 +891,8 @@ static int load_firmware(struct drxd_sta - { - const struct firmware *fw; - -- if (request_firmware(&fw, fw_name, state->dev) < 0) { -- printk(KERN_ERR "drxd: firmware load failure [%s]\n", fw_name); -+ if (request_firmware(&fw, fw_name, state->dev)) - return -EIO; -- } - - state->microcode = kmemdup(fw->data, fw->size, GFP_KERNEL); - if (!state->microcode) { ---- a/drivers/media/dvb-frontends/drxk_hard.c -+++ b/drivers/media/dvb-frontends/drxk_hard.c -@@ -6271,10 +6271,6 @@ static void load_firmware_cb(const struc - - dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded"); - if (!fw) { -- pr_err("Could not load firmware file %s.\n", -- state->microcode_name); -- pr_info("Copy %s to your hotplug directory!\n", -- state->microcode_name); - state->microcode_name = NULL; - - /* ---- a/drivers/media/dvb-frontends/ds3000.c -+++ b/drivers/media/dvb-frontends/ds3000.c -@@ -348,12 +348,8 @@ static int ds3000_firmware_ondemand(stru - DS3000_DEFAULT_FIRMWARE); - ret = request_firmware(&fw, DS3000_DEFAULT_FIRMWARE, - state->i2c->dev.parent); -- printk(KERN_INFO "%s: Waiting for firmware upload(2)...\n", __func__); -- if (ret) { -- printk(KERN_ERR "%s: No firmware uploaded (timeout or file not found?)\n", -- __func__); -+ if (ret) - return ret; -- } - - ret = ds3000_load_firmware(fe, fw); - if (ret) ---- a/drivers/media/dvb-frontends/nxt200x.c -+++ b/drivers/media/dvb-frontends/nxt200x.c -@@ -876,12 +876,8 @@ static int nxt2002_init(struct dvb_front - __func__, NXT2002_DEFAULT_FIRMWARE); - ret = request_firmware(&fw, NXT2002_DEFAULT_FIRMWARE, - state->i2c->dev.parent); -- pr_debug("%s: Waiting for firmware upload(2)...\n", __func__); -- if (ret) { -- pr_err("%s: No firmware uploaded (timeout or file not found?)\n", -- __func__); -+ if (ret) - return ret; -- } - - ret = nxt2002_load_firmware(fe, fw); - release_firmware(fw); -@@ -943,12 +939,8 @@ static int nxt2004_init(struct dvb_front - __func__, NXT2004_DEFAULT_FIRMWARE); - ret = request_firmware(&fw, NXT2004_DEFAULT_FIRMWARE, - state->i2c->dev.parent); -- pr_debug("%s: Waiting for firmware upload(2)...\n", __func__); -- if (ret) { -- pr_err("%s: No firmware uploaded (timeout or file not found?)\n", -- __func__); -+ if (ret) - return ret; -- } - - ret = nxt2004_load_firmware(fe, fw); - release_firmware(fw); ---- a/drivers/media/dvb-frontends/or51132.c -+++ b/drivers/media/dvb-frontends/or51132.c -@@ -326,10 +326,8 @@ static int or51132_set_parameters(struct - printk("or51132: Waiting for firmware upload(%s)...\n", - fwname); - ret = request_firmware(&fw, fwname, state->i2c->dev.parent); -- if (ret) { -- printk(KERN_WARNING "or51132: No firmware uploaded(timeout or file not found?)\n"); -+ if (ret) - return ret; -- } - ret = or51132_load_firmware(fe, fw); - release_firmware(fw); - if (ret) { ---- a/drivers/media/dvb-frontends/or51211.c -+++ b/drivers/media/dvb-frontends/or51211.c -@@ -361,11 +361,8 @@ static int or51211_init(struct dvb_front - OR51211_DEFAULT_FIRMWARE); - ret = config->request_firmware(fe, &fw, - OR51211_DEFAULT_FIRMWARE); -- pr_info("Got Hotplug firmware\n"); -- if (ret) { -- pr_warn("No firmware uploaded (timeout or file not found?)\n"); -+ if (ret) - return ret; -- } - - ret = or51211_load_firmware(fe, fw); - release_firmware(fw); ---- a/drivers/media/dvb-frontends/sp8870.c -+++ b/drivers/media/dvb-frontends/sp8870.c -@@ -304,10 +304,8 @@ static int sp8870_init (struct dvb_front - - /* request the firmware, this will block until someone uploads it */ - printk("sp8870: waiting for firmware upload (%s)...\n", SP8870_DEFAULT_FIRMWARE); -- if (state->config->request_firmware(fe, &fw, SP8870_DEFAULT_FIRMWARE)) { -- printk("sp8870: no firmware upload (timeout or file not found?)\n"); -+ if (state->config->request_firmware(fe, &fw, SP8870_DEFAULT_FIRMWARE)) - return -EIO; -- } - - if (sp8870_firmware_upload(state, fw)) { - printk("sp8870: writing firmware to device failed\n"); ---- a/drivers/media/dvb-frontends/sp887x.c -+++ b/drivers/media/dvb-frontends/sp887x.c -@@ -527,10 +527,8 @@ static int sp887x_init(struct dvb_fronte - /* request the firmware, this will block until someone uploads it */ - printk("sp887x: waiting for firmware upload (%s)...\n", SP887X_DEFAULT_FIRMWARE); - ret = state->config->request_firmware(fe, &fw, SP887X_DEFAULT_FIRMWARE); -- if (ret) { -- printk("sp887x: no firmware upload (timeout or file not found?)\n"); -+ if (ret) - return ret; -- } - - ret = sp887x_initial_setup(fe, fw); - release_firmware(fw); ---- a/drivers/media/dvb-frontends/tda10048.c -+++ b/drivers/media/dvb-frontends/tda10048.c -@@ -483,8 +483,6 @@ static int tda10048_firmware_upload(stru - ret = request_firmware(&fw, TDA10048_DEFAULT_FIRMWARE, - state->i2c->dev.parent); - if (ret) { -- printk(KERN_ERR "%s: Upload failed. (file not found?)\n", -- __func__); - return -EIO; - } else { - printk(KERN_INFO "%s: firmware read %zu bytes.\n", ---- a/drivers/media/dvb-frontends/tda1004x.c -+++ b/drivers/media/dvb-frontends/tda1004x.c -@@ -388,10 +388,8 @@ static int tda10045_fwupload(struct dvb_ - /* request the firmware, this will block until someone uploads it */ - printk(KERN_INFO "tda1004x: waiting for firmware upload (%s)...\n", TDA10045_DEFAULT_FIRMWARE); - ret = state->config->request_firmware(fe, &fw, TDA10045_DEFAULT_FIRMWARE); -- if (ret) { -- printk(KERN_ERR "tda1004x: no firmware upload (timeout or file not found?)\n"); -+ if (ret) - return ret; -- } - - /* reset chip */ - tda1004x_write_mask(state, TDA1004X_CONFC4, 0x10, 0); -@@ -532,7 +530,6 @@ static int tda10046_fwupload(struct dvb_ - /* remain compatible to old bug: try to load with tda10045 image name */ - ret = state->config->request_firmware(fe, &fw, TDA10045_DEFAULT_FIRMWARE); - if (ret) { -- printk(KERN_ERR "tda1004x: no firmware upload (timeout or file not found?)\n"); - return ret; - } else { - printk(KERN_INFO "tda1004x: please rename the firmware file to %s\n", ---- a/drivers/media/dvb-frontends/tda10071.c -+++ b/drivers/media/dvb-frontends/tda10071.c -@@ -837,12 +837,8 @@ static int tda10071_init(struct dvb_fron - - /* request the firmware, this will block and timeout */ - ret = request_firmware(&fw, fw_file, &client->dev); -- if (ret) { -- dev_err(&client->dev, -- "did not find the firmware file '%s' (status %d). You can use /scripts/get_dvb_firmware to get the firmware\n", -- fw_file, ret); -+ if (ret) - goto error; -- } - - /* init */ - for (i = 0; i < ARRAY_SIZE(tab2); i++) { ---- a/drivers/media/i2c/cx25840/cx25840-firmware.c -+++ b/drivers/media/i2c/cx25840/cx25840-firmware.c -@@ -113,10 +113,8 @@ int cx25840_loadfw(struct i2c_client *cl - if (is_cx231xx(state) && max_buf_size > 16) - max_buf_size = 16; - -- if (request_firmware(&fw, fwname, FWDEV(client)) != 0) { -- v4l_err(client, "unable to open firmware %s\n", fwname); -+ if (request_firmware(&fw, fwname, FWDEV(client)) != 0) - return -EINVAL; -- } - - start_fw_load(client); - ---- a/drivers/media/pci/bt8xx/bttv-cards.c -+++ b/drivers/media/pci/bt8xx/bttv-cards.c -@@ -3904,10 +3904,8 @@ static int pvr_boot(struct bttv *btv) - int rc; - - rc = request_firmware(&fw_entry, "hcwamc.rbf", &btv->c.pci->dev); -- if (rc != 0) { -- pr_warn("%d: no altera firmware [via hotplug]\n", btv->c.nr); -+ if (rc != 0) - return rc; -- } - rc = pvr_altera_load(btv, fw_entry->data, fw_entry->size); - pr_info("%d: altera firmware upload %s\n", - btv->c.nr, (rc < 0) ? "failed" : "ok"); ---- a/drivers/media/pci/cx18/cx18-av-firmware.c -+++ b/drivers/media/pci/cx18/cx18-av-firmware.c -@@ -70,10 +70,8 @@ int cx18_av_loadfw(struct cx18 *cx) - int i; - int retries1 = 0; - -- if (request_firmware(&fw, FWFILE, &cx->pci_dev->dev) != 0) { -- CX18_ERR_DEV(sd, "unable to open firmware %s\n", FWFILE); -+ if (request_firmware(&fw, FWFILE, &cx->pci_dev->dev) != 0) - return -EINVAL; -- } - - /* The firmware load often has byte errors, so allow for several - retries, both at byte level and at the firmware load level. */ ---- a/drivers/media/pci/cx18/cx18-dvb.c -+++ b/drivers/media/pci/cx18/cx18-dvb.c -@@ -127,9 +127,7 @@ static int yuan_mpc718_mt352_reqfw(struc - int ret; - - ret = request_firmware(fw, fn, &cx->pci_dev->dev); -- if (ret) -- CX18_ERR("Unable to open firmware file %s\n", fn); -- else { -+ if (!ret) { - size_t sz = (*fw)->size; - if (sz < 2 || sz > 64 || (sz % 2) != 0) { - CX18_ERR("Firmware %s has a bad size: %lu bytes\n", ---- a/drivers/media/pci/cx18/cx18-firmware.c -+++ b/drivers/media/pci/cx18/cx18-firmware.c -@@ -92,11 +92,8 @@ static int load_cpu_fw_direct(const char - u32 __iomem *dst = (u32 __iomem *)mem; - const u32 *src; - -- if (request_firmware(&fw, fn, &cx->pci_dev->dev)) { -- CX18_ERR("Unable to open firmware %s\n", fn); -- CX18_ERR("Did you put the firmware in the hotplug firmware directory?\n"); -+ if (request_firmware(&fw, fn, &cx->pci_dev->dev)) - return -ENOMEM; -- } - - src = (const u32 *)fw->data; - -@@ -137,8 +134,6 @@ static int load_apu_fw_direct(const char - int sz; - - if (request_firmware(&fw, fn, &cx->pci_dev->dev)) { -- CX18_ERR("unable to open firmware %s\n", fn); -- CX18_ERR("did you put the firmware in the hotplug firmware directory?\n"); - cx18_setup_page(cx, 0); - return -ENOMEM; - } ---- a/drivers/media/pci/cx23885/cx23885-417.c -+++ b/drivers/media/pci/cx23885/cx23885-417.c -@@ -920,12 +920,8 @@ static int cx23885_load_firmware(struct - retval = request_firmware(&firmware, CX23885_FIRM_IMAGE_NAME, - &dev->pci->dev); - -- if (retval != 0) { -- pr_err("ERROR: Hotplug firmware request failed (%s).\n", -- CX23885_FIRM_IMAGE_NAME); -- pr_err("Please fix your hotplug setup, the board will not work without firmware loaded!\n"); -+ if (retval != 0) - return -1; -- } - - if (firmware->size != CX23885_FIRM_IMAGE_SIZE) { - pr_err("ERROR: Firmware size mismatch (have %zu, expected %d)\n", ---- a/drivers/media/pci/cx23885/cx23885-cards.c -+++ b/drivers/media/pci/cx23885/cx23885-cards.c -@@ -2415,10 +2415,7 @@ void cx23885_card_setup(struct cx23885_d - cinfo.rev, filename); - - ret = request_firmware(&fw, filename, &dev->pci->dev); -- if (ret != 0) -- pr_err("did not find the firmware file '%s'. You can use /scripts/get_dvb_firmware to get the firmware.", -- filename); -- else -+ if (ret == 0) - altera_init(&netup_config, fw); - - release_firmware(fw); ---- a/drivers/media/pci/cx88/cx88-blackbird.c -+++ b/drivers/media/pci/cx88/cx88-blackbird.c -@@ -462,12 +462,8 @@ static int blackbird_load_firmware(struc - retval = request_firmware(&firmware, CX2341X_FIRM_ENC_FILENAME, - &dev->pci->dev); - -- if (retval != 0) { -- pr_err("Hotplug firmware request failed (%s).\n", -- CX2341X_FIRM_ENC_FILENAME); -- pr_err("Please fix your hotplug setup, the board will not work without firmware loaded!\n"); -+ if (retval != 0) - return -EIO; -- } - - if (firmware->size != BLACKBIRD_FIRM_IMAGE_SIZE) { - pr_err("Firmware size mismatch (have %zd, expected %d)\n", ---- a/drivers/media/pci/ivtv/ivtv-firmware.c -+++ b/drivers/media/pci/ivtv/ivtv-firmware.c -@@ -68,8 +68,6 @@ retry: - release_firmware(fw); - return size; - } -- IVTV_ERR("Unable to open firmware %s (must be %ld bytes)\n", fn, size); -- IVTV_ERR("Did you put the firmware in the hotplug firmware directory?\n"); - return -ENOMEM; - } - ---- a/drivers/media/pci/ngene/ngene-core.c -+++ b/drivers/media/pci/ngene/ngene-core.c -@@ -1240,19 +1240,14 @@ static int ngene_load_firm(struct ngene - break; - } - -- if (request_firmware(&fw, fw_name, &dev->pci_dev->dev) < 0) { -- dev_err(pdev, "Could not load firmware file %s.\n", fw_name); -- dev_info(pdev, "Copy %s to your hotplug directory!\n", -- fw_name); -+ if (request_firmware(&fw, fw_name, &dev->pci_dev->dev)) - return -1; -- } - if (size == 0) - size = fw->size; - if (size != fw->size) { - dev_err(pdev, "Firmware %s has invalid size!", fw_name); - err = -1; - } else { -- dev_info(pdev, "Loading firmware file %s.\n", fw_name); - ngene_fw = (u8 *) fw->data; - err = ngene_command_load_firmware(dev, ngene_fw, size); - } ---- a/drivers/media/pci/saa7164/saa7164-fw.c -+++ b/drivers/media/pci/saa7164/saa7164-fw.c -@@ -406,11 +406,8 @@ int saa7164_downloadfirmware(struct saa7 - __func__, fwname); - - ret = request_firmware(&fw, fwname, &dev->pci->dev); -- if (ret) { -- printk(KERN_ERR "%s() Upload failed. (file not found?)\n", -- __func__); -+ if (ret) - return -ENOMEM; -- } - - printk(KERN_INFO "%s() firmware read %zu bytes.\n", - __func__, fw->size); ---- a/drivers/media/pci/ttpci/av7110.c -+++ b/drivers/media/pci/ttpci/av7110.c -@@ -1500,13 +1500,8 @@ static int get_firmware(struct av7110* a - /* request the av7110 firmware, this will block until someone uploads it */ - ret = request_firmware(&fw, "dvb-ttpci-01.fw", &av7110->dev->pci->dev); - if (ret) { -- if (ret == -ENOENT) { -- printk(KERN_ERR "dvb-ttpci: could not load firmware, file not found: dvb-ttpci-01.fw\n"); -- printk(KERN_ERR "dvb-ttpci: usually this should be in /usr/lib/hotplug/firmware or /lib/firmware\n"); -- printk(KERN_ERR "dvb-ttpci: and can be downloaded from https://linuxtv.org/download/dvb/firmware/\n"); -- } else -- printk(KERN_ERR "dvb-ttpci: cannot request firmware (error %i)\n", -- ret); -+ if (ret == -ENOENT) -+ printk(KERN_ERR "dvb-ttpci: firmware can be downloaded from https://linuxtv.org/download/dvb/firmware/\n"); - return -EINVAL; - } - ---- a/drivers/media/pci/ttpci/av7110_hw.c -+++ b/drivers/media/pci/ttpci/av7110_hw.c -@@ -236,11 +236,8 @@ int av7110_bootarm(struct av7110 *av7110 - //saa7146_setgpio(dev, 3, SAA7146_GPIO_INPUT); - - ret = request_firmware(&fw, fw_name, &dev->pci->dev); -- if (ret) { -- printk(KERN_ERR "dvb-ttpci: Failed to load firmware \"%s\"\n", -- fw_name); -+ if (ret) - return ret; -- } - - mwdebi(av7110, DEBISWAB, DPRAM_BASE, fw->data, fw->size); - release_firmware(fw); ---- a/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c -+++ b/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c -@@ -65,10 +65,8 @@ int s5p_mfc_load_firmware(struct s5p_mfc - } - } - -- if (err != 0) { -- mfc_err("Firmware is not present in the /lib/firmware directory nor compiled in kernel\n"); -+ if (err != 0) - return -EINVAL; -- } - if (fw_blob->size > dev->fw_buf.size) { - mfc_err("MFC firmware is too big to be loaded\n"); - release_firmware(fw_blob); ---- a/drivers/media/radio/radio-wl1273.c -+++ b/drivers/media/radio/radio-wl1273.c -@@ -502,11 +502,8 @@ static int wl1273_fm_upload_firmware_pat - * Uploading the firmware patch is not always necessary, - * so we only print an info message. - */ -- if (request_firmware(&fw_p, fw_name, dev)) { -- dev_info(dev, "%s - %s not found\n", __func__, fw_name); -- -+ if (request_firmware(&fw_p, fw_name, dev)) - return 0; -- } - - ptr = (__u8 *) fw_p->data; - packet_num = ptr[0]; ---- a/drivers/media/radio/wl128x/fmdrv_common.c -+++ b/drivers/media/radio/wl128x/fmdrv_common.c -@@ -1236,10 +1236,8 @@ static int fm_download_firmware(struct f - - ret = request_firmware(&fw_entry, fw_name, - &fmdev->radio_dev->dev); -- if (ret < 0) { -- fmerr("Unable to read firmware(%s) content\n", fw_name); -+ if (ret) - return ret; -- } - fmdbg("Firmware(%s) length : %zu bytes\n", fw_name, fw_entry->size); - - fw_data = (void *)fw_entry->data; ---- a/drivers/media/tuners/tuner-xc2028.c -+++ b/drivers/media/tuners/tuner-xc2028.c -@@ -1367,7 +1367,6 @@ static void load_firmware_cb(const struc - - tuner_dbg("request_firmware_nowait(): %s\n", fw ? "OK" : "error"); - if (!fw) { -- tuner_err("Could not load firmware %s.\n", priv->fname); - priv->state = XC2028_NODEV; - return; - } ---- a/drivers/media/usb/cpia2/cpia2_core.c -+++ b/drivers/media/usb/cpia2/cpia2_core.c -@@ -912,11 +912,8 @@ static int apply_vp_patch(struct camera_ - struct cpia2_command cmd; - - ret = request_firmware(&fw, fw_name, &cam->dev->dev); -- if (ret) { -- printk(KERN_ERR "cpia2: failed to load VP patch \"%s\"\n", -- fw_name); -+ if (ret) - return ret; -- } - - cmd.req_mode = CAMERAACCESS_TYPE_REPEAT | CAMERAACCESS_VP; - cmd.direction = TRANSFER_WRITE; ---- a/drivers/media/usb/cx231xx/cx231xx-417.c -+++ b/drivers/media/usb/cx231xx/cx231xx-417.c -@@ -987,11 +987,6 @@ static int cx231xx_load_firmware(struct - dev->dev); - - if (retval != 0) { -- dev_err(dev->dev, -- "ERROR: Hotplug firmware request failed (%s).\n", -- CX231xx_FIRM_IMAGE_NAME); -- dev_err(dev->dev, -- "Please fix your hotplug setup, the board will not work without firmware loaded!\n"); - vfree(p_current_fw); - vfree(p_buffer); - return retval; ---- a/drivers/media/usb/dvb-usb/dib0700_devices.c -+++ b/drivers/media/usb/dvb-usb/dib0700_devices.c -@@ -2413,12 +2413,9 @@ static int stk9090m_frontend_attach(stru - - dib9000_i2c_enumeration(&adap->dev->i2c_adap, 1, 0x10, 0x80); - -- if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) { -- deb_info("%s: Upload failed. (file not found?)\n", __func__); -+ if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) - return -ENODEV; -- } else { -- deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); -- } -+ deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); - stk9090m_config.microcode_B_fe_size = state->frontend_firmware->size; - stk9090m_config.microcode_B_fe_buffer = state->frontend_firmware->data; - -@@ -2479,12 +2476,9 @@ static int nim9090md_frontend_attach(str - msleep(20); - dib0700_set_gpio(adap->dev, GPIO0, GPIO_OUT, 1); - -- if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) { -- deb_info("%s: Upload failed. (file not found?)\n", __func__); -+ if (request_firmware(&state->frontend_firmware, "dib9090.fw", &adap->dev->udev->dev)) - return -EIO; -- } else { -- deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); -- } -+ deb_info("%s: firmware read %zu bytes.\n", __func__, state->frontend_firmware->size); - nim9090md_config[0].microcode_B_fe_size = state->frontend_firmware->size; - nim9090md_config[0].microcode_B_fe_buffer = state->frontend_firmware->data; - nim9090md_config[1].microcode_B_fe_size = state->frontend_firmware->size; ---- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c -+++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c -@@ -89,13 +89,9 @@ int dvb_usb_download_firmware(struct usb - int ret; - const struct firmware *fw = NULL; - -- if ((ret = request_firmware(&fw, props->firmware, &udev->dev)) != 0) { -- err("did not find the firmware file '%s' (status %d). You can use /scripts/get_dvb_firmware to get the firmware", -- props->firmware,ret); -+ ret = request_firmware(&fw, props->firmware, &udev->dev); -+ if (ret) - return ret; -- } -- -- info("downloading firmware from file '%s'",props->firmware); - - switch (props->usb_ctrl) { - case CYPRESS_AN2135: ---- a/drivers/media/usb/dvb-usb/gp8psk.c -+++ b/drivers/media/usb/dvb-usb/gp8psk.c -@@ -131,19 +131,14 @@ static int gp8psk_load_bcm4500fw(struct - const u8 *ptr; - u8 *buf; - if ((ret = request_firmware(&fw, bcm4500_firmware, -- &d->udev->dev)) != 0) { -- err("did not find the bcm4500 firmware file '%s' (status %d). You can use /scripts/get_dvb_firmware to get the firmware", -- bcm4500_firmware,ret); -+ &d->udev->dev)) != 0) - return ret; -- } - - ret = -EINVAL; - - if (gp8psk_usb_out_op(d, LOAD_BCM4500,1,0,NULL, 0)) - goto out_rel_fw; - -- info("downloading bcm4500 firmware from file '%s'",bcm4500_firmware); -- - ptr = fw->data; - buf = kmalloc(64, GFP_KERNEL); - if (!buf) { ---- a/drivers/media/usb/dvb-usb/opera1.c -+++ b/drivers/media/usb/dvb-usb/opera1.c -@@ -450,8 +450,6 @@ static int opera1_xilinx_load_firmware(s - info("start downloading fpga firmware %s",filename); - - if ((ret = request_firmware(&fw, filename, &dev->dev)) != 0) { -- err("did not find the firmware file '%s'. You can use /scripts/get_dvb_firmware to get the firmware", -- filename); - return ret; - } else { - p = kmalloc(fw->size, GFP_KERNEL); ---- a/drivers/media/usb/go7007/go7007-driver.c -+++ b/drivers/media/usb/go7007/go7007-driver.c -@@ -84,10 +84,8 @@ static int go7007_load_encoder(struct go - u16 intr_val, intr_data; - - if (go->boot_fw == NULL) { -- if (request_firmware(&fw_entry, fw_name, go->dev)) { -- v4l2_err(go, "unable to load firmware from file \"%s\"\n", fw_name); -+ if (request_firmware(&fw_entry, fw_name, go->dev)) - return -1; -- } - if (fw_entry->size < 16 || memcmp(fw_entry->data, "WISGO7007FW", 11)) { - v4l2_err(go, "file \"%s\" does not appear to be go7007 firmware\n", fw_name); - release_firmware(fw_entry); ---- a/drivers/media/usb/go7007/go7007-fw.c -+++ b/drivers/media/usb/go7007/go7007-fw.c -@@ -1565,12 +1565,8 @@ int go7007_construct_fw_image(struct go7 - default: - return -1; - } -- if (request_firmware(&fw_entry, GO7007_FW_NAME, go->dev)) { -- dev_err(go->dev, -- "unable to load firmware from file \"%s\"\n", -- GO7007_FW_NAME); -+ if (request_firmware(&fw_entry, GO7007_FW_NAME, go->dev)) - return -1; -- } - code = kcalloc(codespace, 2, GFP_KERNEL); - if (code == NULL) - goto fw_failed; ---- a/drivers/media/usb/go7007/go7007-loader.c -+++ b/drivers/media/usb/go7007/go7007-loader.c -@@ -67,11 +67,8 @@ static int go7007_loader_probe(struct us - - dev_info(&interface->dev, "loading firmware %s\n", fw1); - -- if (request_firmware(&fw, fw1, &usbdev->dev)) { -- dev_err(&interface->dev, -- "unable to load firmware from file \"%s\"\n", fw1); -+ if (request_firmware(&fw, fw1, &usbdev->dev)) - goto failed2; -- } - ret = cypress_load_firmware(usbdev, fw, CYPRESS_FX2); - release_firmware(fw); - if (0 != ret) { -@@ -82,11 +79,8 @@ static int go7007_loader_probe(struct us - if (fw2 == NULL) - return 0; - -- if (request_firmware(&fw, fw2, &usbdev->dev)) { -- dev_err(&interface->dev, -- "unable to load firmware from file \"%s\"\n", fw2); -+ if (request_firmware(&fw, fw2, &usbdev->dev)) - goto failed2; -- } - ret = cypress_load_firmware(usbdev, fw, CYPRESS_FX2); - release_firmware(fw); - if (0 != ret) { ---- a/drivers/media/usb/gspca/vicam.c -+++ b/drivers/media/usb/gspca/vicam.c -@@ -230,10 +230,8 @@ static int sd_init(struct gspca_dev *gsp - - ret = request_ihex_firmware(&fw, VICAM_FIRMWARE, - &gspca_dev->dev->dev); -- if (ret) { -- pr_err("Failed to load \"vicam/firmware.fw\": %d\n", ret); -+ if (ret) - return ret; -- } - - firmware_buf = kmalloc(PAGE_SIZE, GFP_KERNEL); - if (!firmware_buf) { ---- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c -+++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c -@@ -1371,25 +1371,6 @@ static int pvr2_locate_firmware(struct p - "request_firmware fatal error with code=%d",ret); - return ret; - } -- pvr2_trace(PVR2_TRACE_ERROR_LEGS, -- "***WARNING*** Device %s firmware seems to be missing.", -- fwtypename); -- pvr2_trace(PVR2_TRACE_ERROR_LEGS, -- "Did you install the pvrusb2 firmware files in their proper location?"); -- if (fwcount == 1) { -- pvr2_trace(PVR2_TRACE_ERROR_LEGS, -- "request_firmware unable to locate %s file %s", -- fwtypename,fwnames[0]); -- } else { -- pvr2_trace(PVR2_TRACE_ERROR_LEGS, -- "request_firmware unable to locate one of the following %s files:", -- fwtypename); -- for (idx = 0; idx < fwcount; idx++) { -- pvr2_trace(PVR2_TRACE_ERROR_LEGS, -- "request_firmware: Failed to find %s", -- fwnames[idx]); -- } -- } - return ret; - } - ---- a/drivers/media/usb/s2255/s2255drv.c -+++ b/drivers/media/usb/s2255/s2255drv.c -@@ -2288,10 +2288,8 @@ static int s2255_probe(struct usb_interf - } - /* load the first chunk */ - if (request_firmware(&dev->fw_data->fw, -- FIRMWARE_FILE_NAME, &dev->udev->dev)) { -- dev_err(&interface->dev, "sensoray 2255 failed to get firmware\n"); -+ FIRMWARE_FILE_NAME, &dev->udev->dev)) - goto errorREQFW; -- } - /* check the firmware is valid */ - fw_size = dev->fw_data->fw->size; - pdata = (__le32 *) &dev->fw_data->fw->data[fw_size - 8]; ---- a/drivers/media/usb/ttusb-budget/dvb-ttusb-budget.c -+++ b/drivers/media/usb/ttusb-budget/dvb-ttusb-budget.c -@@ -291,10 +291,8 @@ static int ttusb_boot_dsp(struct ttusb * - - err = request_firmware(&fw, "ttusb-budget/dspbootcode.bin", - &ttusb->dev->dev); -- if (err) { -- printk(KERN_ERR "ttusb-budget: failed to request firmware\n"); -+ if (err) - return err; -- } - - /* BootBlock */ - b[0] = 0xaa; ---- a/drivers/media/usb/ttusb-dec/ttusb_dec.c -+++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c -@@ -1324,11 +1324,8 @@ static int ttusb_dec_boot_dsp(struct ttu - dprintk("%s\n", __func__); - - result = request_firmware(&fw_entry, dec->firmware_name, &dec->udev->dev); -- if (result) { -- printk(KERN_ERR "%s: Firmware (%s) unavailable.\n", -- __func__, dec->firmware_name); -+ if (result) - return result; -- } - - firmware = fw_entry->data; - firmware_size = fw_entry->size; ---- a/drivers/misc/ti-st/st_kim.c -+++ b/drivers/misc/ti-st/st_kim.c -@@ -288,11 +288,8 @@ static long download_firmware(struct kim - request_firmware(&kim_gdata->fw_entry, bts_scr_name, - &kim_gdata->kim_pdev->dev); - if (unlikely((err != 0) || (kim_gdata->fw_entry->data == NULL) || -- (kim_gdata->fw_entry->size == 0))) { -- pr_err(" request_firmware failed(errno %ld) for %s", err, -- bts_scr_name); -+ (kim_gdata->fw_entry->size == 0))) - return -EINVAL; -- } - ptr = (void *)kim_gdata->fw_entry->data; - len = kim_gdata->fw_entry->size; - /* bts_header to remove out magic number and ---- a/drivers/net/can/softing/softing_fw.c -+++ b/drivers/net/can/softing/softing_fw.c -@@ -226,11 +226,8 @@ int softing_load_app_fw(const char *file - int8_t type_end = 0, type_entrypoint = 0; - - ret = request_firmware(&fw, file, &card->pdev->dev); -- if (ret) { -- dev_alert(&card->pdev->dev, "request_firmware(%s) got %i\n", -- file, ret); -+ if (ret) - return ret; -- } - dev_dbg(&card->pdev->dev, "firmware(%s) got %lu bytes\n", - file, (unsigned long)fw->size); - /* parse the firmware */ ---- a/drivers/net/ethernet/3com/typhoon.c -+++ b/drivers/net/ethernet/3com/typhoon.c -@@ -1283,11 +1283,8 @@ typhoon_request_firmware(struct typhoon - return 0; - - err = request_firmware(&typhoon_fw, FIRMWARE_NAME, &tp->pdev->dev); -- if (err) { -- netdev_err(tp->dev, "Failed to load firmware \"%s\"\n", -- FIRMWARE_NAME); -+ if (err) - return err; -- } - - image_data = typhoon_fw->data; - remaining = typhoon_fw->size; ---- a/drivers/net/ethernet/adaptec/starfire.c -+++ b/drivers/net/ethernet/adaptec/starfire.c -@@ -1015,11 +1015,8 @@ static int netdev_open(struct net_device - #endif /* VLAN_SUPPORT */ - - retval = request_firmware(&fw_rx, FIRMWARE_RX, &np->pci_dev->dev); -- if (retval) { -- printk(KERN_ERR "starfire: Failed to load firmware \"%s\"\n", -- FIRMWARE_RX); -+ if (retval) - goto out_init; -- } - if (fw_rx->size % 4) { - printk(KERN_ERR "starfire: bogus length %zu in \"%s\"\n", - fw_rx->size, FIRMWARE_RX); -@@ -1027,11 +1024,8 @@ static int netdev_open(struct net_device - goto out_rx; - } - retval = request_firmware(&fw_tx, FIRMWARE_TX, &np->pci_dev->dev); -- if (retval) { -- printk(KERN_ERR "starfire: Failed to load firmware \"%s\"\n", -- FIRMWARE_TX); -+ if (retval) - goto out_rx; -- } - if (fw_tx->size % 4) { - printk(KERN_ERR "starfire: bogus length %zu in \"%s\"\n", - fw_tx->size, FIRMWARE_TX); ---- a/drivers/net/ethernet/alacritech/slicoss.c -+++ b/drivers/net/ethernet/alacritech/slicoss.c -@@ -1052,11 +1052,8 @@ static int slic_load_rcvseq_firmware(str - file = (sdev->model == SLIC_MODEL_OASIS) ? SLIC_RCV_FIRMWARE_OASIS : - SLIC_RCV_FIRMWARE_MOJAVE; - err = request_firmware(&fw, file, &sdev->pdev->dev); -- if (err) { -- dev_err(&sdev->pdev->dev, -- "failed to load receive sequencer firmware %s\n", file); -+ if (err) - return err; -- } - /* Do an initial sanity check concerning firmware size now. A further - * check follows below. - */ -@@ -1127,10 +1124,8 @@ static int slic_load_firmware(struct sli - file = (sdev->model == SLIC_MODEL_OASIS) ? SLIC_FIRMWARE_OASIS : - SLIC_FIRMWARE_MOJAVE; - err = request_firmware(&fw, file, &sdev->pdev->dev); -- if (err) { -- dev_err(&sdev->pdev->dev, "failed to load firmware %s\n", file); -+ if (err) - return err; -- } - /* Do an initial sanity check concerning firmware size now. A further - * check follows below. - */ ---- a/drivers/net/ethernet/alteon/acenic.c -+++ b/drivers/net/ethernet/alteon/acenic.c -@@ -2886,11 +2886,8 @@ static int ace_load_firmware(struct net_ - fw_name = "acenic/tg1.bin"; - - ret = request_firmware(&fw, fw_name, &ap->pdev->dev); -- if (ret) { -- printk(KERN_ERR "%s: Failed to load firmware \"%s\"\n", -- ap->name, fw_name); -+ if (ret) - return ret; -- } - - fw_data = (void *)fw->data; - ---- a/drivers/net/ethernet/broadcom/bnx2.c -+++ b/drivers/net/ethernet/broadcom/bnx2.c -@@ -3718,16 +3718,13 @@ static int bnx2_request_uncached_firmwar - } - - rc = request_firmware(&bp->mips_firmware, mips_fw_file, &bp->pdev->dev); -- if (rc) { -- pr_err("Can't load firmware file \"%s\"\n", mips_fw_file); -+ if (rc) - goto out; -- } - - rc = request_firmware(&bp->rv2p_firmware, rv2p_fw_file, &bp->pdev->dev); -- if (rc) { -- pr_err("Can't load firmware file \"%s\"\n", rv2p_fw_file); -+ if (rc) - goto err_release_mips_firmware; -- } -+ - mips_fw = (const struct bnx2_mips_fw_file *) bp->mips_firmware->data; - rv2p_fw = (const struct bnx2_rv2p_fw_file *) bp->rv2p_firmware->data; - if (bp->mips_firmware->size < sizeof(*mips_fw) || ---- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -@@ -13537,11 +13537,8 @@ static int bnx2x_init_firmware(struct bn - BNX2X_DEV_INFO("Loading %s\n", fw_file_name); - - rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev); -- if (rc) { -- BNX2X_ERR("Can't load firmware file %s\n", -- fw_file_name); -+ if (rc) - goto request_firmware_exit; -- } - - rc = bnx2x_check_firmware(bp); - if (rc) { ---- a/drivers/net/ethernet/broadcom/tg3.c -+++ b/drivers/net/ethernet/broadcom/tg3.c -@@ -11410,11 +11410,8 @@ static int tg3_request_firmware(struct t - { - const struct tg3_firmware_hdr *fw_hdr; - -- if (request_firmware(&tp->fw, tp->fw_needed, &tp->pdev->dev)) { -- netdev_err(tp->dev, "Failed to load firmware \"%s\"\n", -- tp->fw_needed); -+ if (request_firmware(&tp->fw, tp->fw_needed, &tp->pdev->dev)) - return -ENOENT; -- } - - fw_hdr = (struct tg3_firmware_hdr *)tp->fw->data; - ---- a/drivers/net/ethernet/brocade/bna/cna_fwimg.c -+++ b/drivers/net/ethernet/brocade/bna/cna_fwimg.c -@@ -24,10 +24,8 @@ cna_read_firmware(struct pci_dev *pdev, - const struct firmware *fw; - u32 n; - -- if (request_firmware(&fw, fw_name, &pdev->dev)) { -- dev_alert(&pdev->dev, "can't load firmware %s\n", fw_name); -+ if (request_firmware(&fw, fw_name, &pdev->dev)) - goto error; -- } - - *bfi_image = (u32 *)fw->data; - *bfi_image_size = fw->size/sizeof(u32); ---- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c -+++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c -@@ -1037,12 +1037,8 @@ int t3_get_edc_fw(struct cphy *phy, int - fw_name = get_edc_fw_name(edc_idx); - if (fw_name) - ret = request_firmware(&fw, fw_name, &adapter->pdev->dev); -- if (ret < 0) { -- dev_err(&adapter->pdev->dev, -- "could not upgrade firmware: unable to load %s\n", -- fw_name); -+ if (ret) - return ret; -- } - - /* check size, take checksum in account */ - if (fw->size > size + 4) { -@@ -1079,11 +1075,8 @@ static int upgrade_fw(struct adapter *ad - struct device *dev = &adap->pdev->dev; - - ret = request_firmware(&fw, FW_FNAME, dev); -- if (ret < 0) { -- dev_err(dev, "could not upgrade firmware: unable to load %s\n", -- FW_FNAME); -+ if (ret) - return ret; -- } - ret = t3_load_fw(adap, fw->data, fw->size); - release_firmware(fw); - -@@ -1128,11 +1121,8 @@ static int update_tpsram(struct adapter - snprintf(buf, sizeof(buf), TPSRAM_NAME, rev); - - ret = request_firmware(&tpsram, buf, dev); -- if (ret < 0) { -- dev_err(dev, "could not load TP SRAM: unable to load %s\n", -- buf); -+ if (ret) - return ret; -- } - - ret = t3_check_tpsram(adap, tpsram->data, tpsram->size); - if (ret) ---- a/drivers/net/ethernet/intel/e100.c -+++ b/drivers/net/ethernet/intel/e100.c -@@ -1265,9 +1265,6 @@ static const struct firmware *e100_reque - - if (err) { - if (required) { -- netif_err(nic, probe, nic->netdev, -- "Failed to load firmware \"%s\": %d\n", -- fw_name, err); - return ERR_PTR(err); - } else { - netif_info(nic, probe, nic->netdev, ---- a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c -+++ b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c -@@ -580,8 +580,6 @@ static int myri10ge_load_hotplug_firmwar - unsigned i; - - if ((status = request_firmware(&fw, mgp->fw_name, dev)) < 0) { -- dev_err(dev, "Unable to load %s firmware image via hotplug\n", -- mgp->fw_name); - status = -EINVAL; - goto abort_with_nothing; - } ---- a/drivers/net/ethernet/smsc/smc91c92_cs.c -+++ b/drivers/net/ethernet/smsc/smc91c92_cs.c -@@ -647,10 +647,8 @@ static int osi_load_firmware(struct pcmc - int i, err; - - err = request_firmware(&fw, FIRMWARE_NAME, &link->dev); -- if (err) { -- pr_err("Failed to load firmware \"%s\"\n", FIRMWARE_NAME); -+ if (err) - return err; -- } - - /* Download the Seven of Diamonds firmware */ - for (i = 0; i < fw->size; i++) { ---- a/drivers/net/ethernet/sun/cassini.c -+++ b/drivers/net/ethernet/sun/cassini.c -@@ -805,11 +805,8 @@ static void cas_saturn_firmware_init(str - return; - - err = request_firmware(&fw, fw_name, &cp->pdev->dev); -- if (err) { -- pr_err("Failed to load firmware \"%s\"\n", -- fw_name); -+ if (err) - return; -- } - if (fw->size < 2) { - pr_err("bogus length %zu in \"%s\"\n", - fw->size, fw_name); ---- a/drivers/net/hamradio/yam.c -+++ b/drivers/net/hamradio/yam.c -@@ -357,11 +357,8 @@ static unsigned char *add_mcs(unsigned c - } - err = request_firmware(&fw, fw_name[predef], &pdev->dev); - platform_device_unregister(pdev); -- if (err) { -- printk(KERN_ERR "Failed to load firmware \"%s\"\n", -- fw_name[predef]); -+ if (err) - return NULL; -- } - if (fw->size != YAM_FPGA_SIZE) { - printk(KERN_ERR "Bogus length %zu in firmware \"%s\"\n", - fw->size, fw_name[predef]); ---- a/drivers/net/usb/kaweth.c -+++ b/drivers/net/usb/kaweth.c -@@ -378,10 +378,8 @@ static int kaweth_download_firmware(stru - int ret; - - ret = request_firmware(&fw, fwname, &kaweth->dev->dev); -- if (ret) { -- dev_err(&kaweth->intf->dev, "Firmware request failed\n"); -+ if (ret) - return ret; -- } - - if (fw->size > KAWETH_FIRMWARE_BUF_SIZE) { - dev_err(&kaweth->intf->dev, "Firmware too big: %zu\n", ---- a/drivers/net/wimax/i2400m/fw.c -+++ b/drivers/net/wimax/i2400m/fw.c -@@ -1581,11 +1581,8 @@ int i2400m_dev_bootstrap(struct i2400m * - } - d_printf(1, dev, "trying firmware %s (%d)\n", fw_name, itr); - ret = request_firmware(&fw, fw_name, dev); -- if (ret < 0) { -- dev_err(dev, "fw %s: cannot load file: %d\n", -- fw_name, ret); -+ if (ret) - continue; -- } - i2400m->fw_name = fw_name; - ret = i2400m_fw_bootstrap(i2400m, fw, flags); - release_firmware(fw); -@@ -1628,8 +1625,6 @@ void i2400m_fw_cache(struct i2400m *i240 - kref_init(&i2400m_fw->kref); - result = request_firmware(&i2400m_fw->fw, i2400m->fw_name, dev); - if (result < 0) { -- dev_err(dev, "firmware %s: failed to cache: %d\n", -- i2400m->fw_name, result); - kfree(i2400m_fw); - i2400m_fw = (void *) ~0; - } else ---- a/drivers/net/wireless/ath/ath9k/hif_usb.c -+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c -@@ -1164,9 +1164,6 @@ static void ath9k_hif_usb_firmware_cb(co - if (!ret) - return; - -- dev_err(&hif_dev->udev->dev, -- "ath9k_htc: Failed to get firmware %s\n", -- hif_dev->fw_name); - goto err_fw; - } - ---- a/drivers/net/wireless/ath/carl9170/usb.c -+++ b/drivers/net/wireless/ath/carl9170/usb.c -@@ -1029,7 +1029,6 @@ static void carl9170_usb_firmware_step2( - return; - } - -- dev_err(&ar->udev->dev, "firmware not found.\n"); - carl9170_usb_firmware_failed(ar); - } - ---- a/drivers/net/wireless/atmel/at76c50x-usb.c -+++ b/drivers/net/wireless/atmel/at76c50x-usb.c -@@ -1617,13 +1617,8 @@ static struct fwentry *at76_load_firmwar - - at76_dbg(DBG_FW, "downloading firmware %s", fwe->fwname); - ret = request_firmware(&fwe->fw, fwe->fwname, &udev->dev); -- if (ret < 0) { -- dev_err(&udev->dev, "firmware %s not found!\n", -- fwe->fwname); -- dev_err(&udev->dev, -- "you may need to download the firmware from http://developer.berlios.de/projects/at76c503a/\n"); -+ if (ret) - goto exit; -- } - - at76_dbg(DBG_FW, "got it."); - fwh = (struct at76_fw_header *)(fwe->fw->data); ---- a/drivers/net/wireless/atmel/atmel.c -+++ b/drivers/net/wireless/atmel/atmel.c -@@ -3893,12 +3893,8 @@ static int reset_atmel_card(struct net_d - strcpy(priv->firmware_id, "atmel_at76c502.bin"); - } - err = request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev); -- if (err != 0) { -- printk(KERN_ALERT -- "%s: firmware %s is missing, cannot continue.\n", -- dev->name, priv->firmware_id); -+ if (err != 0) - return err; -- } - } else { - int fw_index = 0; - int success = 0; ---- a/drivers/net/wireless/broadcom/b43/main.c -+++ b/drivers/net/wireless/broadcom/b43/main.c -@@ -2243,19 +2243,8 @@ int b43_do_request_fw(struct b43_request - } - err = request_firmware(&ctx->blob, ctx->fwname, - ctx->dev->dev->dev); -- if (err == -ENOENT) { -- snprintf(ctx->errors[ctx->req_type], -- sizeof(ctx->errors[ctx->req_type]), -- "Firmware file \"%s\" not found\n", -- ctx->fwname); -+ if (err) - return err; -- } else if (err) { -- snprintf(ctx->errors[ctx->req_type], -- sizeof(ctx->errors[ctx->req_type]), -- "Firmware file \"%s\" request failed (err=%d)\n", -- ctx->fwname, err); -- return err; -- } - fw_ready: - if (ctx->blob->size < sizeof(struct b43_fw_header)) - goto err_format; ---- a/drivers/net/wireless/broadcom/b43legacy/main.c -+++ b/drivers/net/wireless/broadcom/b43legacy/main.c -@@ -1522,11 +1522,8 @@ static int do_request_fw(struct b43legac - } else { - err = request_firmware(fw, path, dev->dev->dev); - } -- if (err) { -- b43legacyerr(dev->wl, "Firmware file \"%s\" not found " -- "or load failed.\n", path); -+ if (err) - return err; -- } - if ((*fw)->size < sizeof(struct b43legacy_fw_header)) - goto err_format; - hdr = (struct b43legacy_fw_header *)((*fw)->data); ---- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c -+++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c -@@ -378,19 +378,13 @@ static int brcms_request_fw(struct brcms - sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i], - UCODE_LOADER_API_VER); - status = request_firmware(&wl->fw.fw_bin[i], fw_name, device); -- if (status) { -- wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n", -- KBUILD_MODNAME, fw_name); -+ if (status) - return status; -- } - sprintf(fw_name, "%s_hdr-%d.fw", brcms_firmwares[i], - UCODE_LOADER_API_VER); - status = request_firmware(&wl->fw.fw_hdr[i], fw_name, device); -- if (status) { -- wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n", -- KBUILD_MODNAME, fw_name); -+ if (status) - return status; -- } - wl->fw.hdr_num_entries[i] = - wl->fw.fw_hdr[i]->size / (sizeof(struct firmware_hdr)); - } ---- a/drivers/net/wireless/intel/ipw2x00/ipw2100.c -+++ b/drivers/net/wireless/intel/ipw2x00/ipw2100.c -@@ -8392,12 +8392,8 @@ static int ipw2100_get_firmware(struct i - - rc = request_firmware(&fw->fw_entry, fw_name, &priv->pci_dev->dev); - -- if (rc < 0) { -- printk(KERN_ERR DRV_NAME ": " -- "%s: Firmware '%s' not available or load failed.\n", -- priv->net_dev->name, fw_name); -+ if (rc) - return rc; -- } - IPW_DEBUG_INFO("firmware data %p size %zd\n", fw->fw_entry->data, - fw->fw_entry->size); - ---- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c -+++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c -@@ -3396,10 +3396,8 @@ static int ipw_get_fw(struct ipw_priv *p - - /* ask firmware_class module to get the boot firmware off disk */ - rc = request_firmware(raw, name, &priv->pci_dev->dev); -- if (rc < 0) { -- IPW_ERROR("%s request_firmware failed: Reason %d\n", name, rc); -+ if (rc) - return rc; -- } - - if ((*raw)->size < sizeof(*fw)) { - IPW_ERROR("%s is too small (%zd)\n", name, (*raw)->size); ---- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c -+++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c -@@ -1839,7 +1839,6 @@ il3945_read_ucode(struct il_priv *il) - sprintf(buf, "%s%u%s", name_pre, idx, ".ucode"); - ret = request_firmware(&ucode_raw, buf, &il->pci_dev->dev); - if (ret < 0) { -- IL_ERR("%s firmware file req failed: %d\n", buf, ret); - if (ret == -ENOENT) - continue; - else ---- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c -+++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c -@@ -233,8 +233,6 @@ static int iwl_request_firmware(struct i - } - - if (drv->fw_index < cfg->ucode_api_min) { -- IWL_ERR(drv, "no suitable firmware found!\n"); -- - if (cfg->ucode_api_min == cfg->ucode_api_max) { - IWL_ERR(drv, "%s%d is required\n", cfg->fw_name_pre, - cfg->ucode_api_max); ---- a/drivers/net/wireless/intersil/orinoco/fw.c -+++ b/drivers/net/wireless/intersil/orinoco/fw.c -@@ -132,7 +132,6 @@ orinoco_dl_firmware(struct orinoco_priva - err = request_firmware(&fw_entry, firmware, priv->dev); - - if (err) { -- dev_err(dev, "Cannot find firmware %s\n", firmware); - err = -ENOENT; - goto free; - } -@@ -292,10 +291,8 @@ symbol_dl_firmware(struct orinoco_privat - const struct firmware *fw_entry; - - if (!orinoco_cached_fw_get(priv, true)) { -- if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) { -- dev_err(dev, "Cannot find firmware: %s\n", fw->pri_fw); -+ if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) - return -ENOENT; -- } - } else - fw_entry = orinoco_cached_fw_get(priv, true); - -@@ -311,10 +308,8 @@ symbol_dl_firmware(struct orinoco_privat - } - - if (!orinoco_cached_fw_get(priv, false)) { -- if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) { -- dev_err(dev, "Cannot find firmware: %s\n", fw->sta_fw); -+ if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) - return -ENOENT; -- } - } else - fw_entry = orinoco_cached_fw_get(priv, false); - ---- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -@@ -1674,7 +1674,6 @@ static int ezusb_probe(struct usb_interf - if (ezusb_firmware_download(upriv, &firmware) < 0) - goto error; - } else { -- err("No firmware to download"); - goto error; - } - ---- a/drivers/net/wireless/intersil/p54/p54pci.c -+++ b/drivers/net/wireless/intersil/p54/p54pci.c -@@ -496,7 +496,6 @@ static void p54p_firmware_step2(const st - int err; - - if (!fw) { -- dev_err(&pdev->dev, "Cannot find firmware (isl3886pci)\n"); - err = -ENOENT; - goto out; - } ---- a/drivers/net/wireless/intersil/p54/p54spi.c -+++ b/drivers/net/wireless/intersil/p54/p54spi.c -@@ -157,10 +157,8 @@ static int p54spi_request_firmware(struc - /* FIXME: should driver use it's own struct device? */ - ret = request_firmware(&priv->firmware, "3826.arm", &priv->spi->dev); - -- if (ret < 0) { -- dev_err(&priv->spi->dev, "request_firmware() failed: %d", ret); -+ if (ret) - return ret; -- } - - ret = p54_parse_firmware(dev, priv->firmware); - if (ret) { ---- a/drivers/net/wireless/intersil/p54/p54usb.c -+++ b/drivers/net/wireless/intersil/p54/p54usb.c -@@ -928,7 +928,6 @@ static void p54u_load_firmware_cb(const - err = p54u_start_ops(priv); - } else { - err = -ENOENT; -- dev_err(&udev->dev, "Firmware not found.\n"); - } - - complete(&priv->fw_wait_load); ---- a/drivers/net/wireless/intersil/prism54/islpci_dev.c -+++ b/drivers/net/wireless/intersil/prism54/islpci_dev.c -@@ -80,12 +80,9 @@ isl_upload_firmware(islpci_private *priv - const u32 *fw_ptr; - - rc = request_firmware(&fw_entry, priv->firmware, PRISM_FW_PDEV); -- if (rc) { -- printk(KERN_ERR -- "%s: request_firmware() failed for '%s'\n", -- "prism54", priv->firmware); -+ if (rc) - return rc; -- } -+ - /* prepare the Direct Memory Base register */ - reg = ISL38XX_DEV_FIRMWARE_ADDRES; - ---- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c -+++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c -@@ -817,8 +817,6 @@ static int if_usb_prog_firmware(struct l - kernel_param_lock(THIS_MODULE); - ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev); - if (ret < 0) { -- pr_err("request_firmware() failed with %#x\n", ret); -- pr_err("firmware %s not found\n", lbtf_fw_name); - kernel_param_unlock(THIS_MODULE); - goto done; - } ---- a/drivers/net/wireless/marvell/mwifiex/main.c -+++ b/drivers/net/wireless/marvell/mwifiex/main.c -@@ -525,11 +525,8 @@ static int _mwifiex_fw_dpc(const struct - struct wireless_dev *wdev; - struct completion *fw_done = adapter->fw_done; - -- if (!firmware) { -- mwifiex_dbg(adapter, ERROR, -- "Failed to get firmware %s\n", adapter->fw_name); -+ if (!firmware) - goto err_dnld_fw; -- } - - memset(&fw, 0, sizeof(struct mwifiex_fw_image)); - adapter->firmware = firmware; ---- a/drivers/net/wireless/marvell/mwl8k.c -+++ b/drivers/net/wireless/marvell/mwl8k.c -@@ -5727,16 +5727,12 @@ static int mwl8k_firmware_load_success(s - static void mwl8k_fw_state_machine(const struct firmware *fw, void *context) - { - struct mwl8k_priv *priv = context; -- struct mwl8k_device_info *di = priv->device_info; - int rc; - - switch (priv->fw_state) { - case FW_STATE_INIT: -- if (!fw) { -- printk(KERN_ERR "%s: Error requesting helper fw %s\n", -- pci_name(priv->pdev), di->helper_image); -+ if (!fw) - goto fail; -- } - priv->fw_helper = fw; - rc = mwl8k_request_fw(priv, priv->fw_pref, &priv->fw_ucode, - true); -@@ -5771,11 +5767,8 @@ static void mwl8k_fw_state_machine(const - break; - - case FW_STATE_LOADING_ALT: -- if (!fw) { -- printk(KERN_ERR "%s: Error requesting alt fw %s\n", -- pci_name(priv->pdev), di->helper_image); -+ if (!fw) - goto fail; -- } - priv->fw_ucode = fw; - rc = mwl8k_firmware_load_success(priv); - if (rc) -@@ -5813,10 +5806,8 @@ retry: - - /* Ask userland hotplug daemon for the device firmware */ - rc = mwl8k_request_firmware(priv, fw_image, nowait); -- if (rc) { -- wiphy_err(hw->wiphy, "Firmware files not found\n"); -+ if (rc) - return rc; -- } - - if (nowait) - return rc; ---- a/drivers/net/wireless/ralink/rt2x00/rt2x00firmware.c -+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00firmware.c -@@ -38,10 +38,8 @@ static int rt2x00lib_request_firmware(st - rt2x00_info(rt2x00dev, "Loading firmware file '%s'\n", fw_name); - - retval = request_firmware(&fw, fw_name, device); -- if (retval) { -- rt2x00_err(rt2x00dev, "Failed to request Firmware\n"); -+ if (retval) - return retval; -- } - - if (!fw || !fw->size || !fw->data) { - rt2x00_err(rt2x00dev, "Failed to read Firmware\n"); ---- a/drivers/net/wireless/realtek/rtlwifi/core.c -+++ b/drivers/net/wireless/realtek/rtlwifi/core.c -@@ -89,7 +89,6 @@ static void rtl_fw_do_work(const struct - if (!err) - goto found_alt; - } -- pr_err("Selected firmware is not available\n"); - rtlpriv->max_fw_size = 0; - return; - } ---- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c -+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c -@@ -64,13 +64,11 @@ static void rtl92se_fw_cb(const struct f - struct ieee80211_hw *hw = context; - struct rtl_priv *rtlpriv = rtl_priv(hw); - struct rt_firmware *pfirmware = NULL; -- char *fw_name = "rtlwifi/rtl8192sefw.bin"; - - RT_TRACE(rtlpriv, COMP_ERR, DBG_LOUD, - "Firmware callback routine entered!\n"); - complete(&rtlpriv->firmware_loading_complete); - if (!firmware) { -- pr_err("Firmware %s not available\n", fw_name); - rtlpriv->max_fw_size = 0; - return; - } ---- a/drivers/net/wireless/ti/wl1251/main.c -+++ b/drivers/net/wireless/ti/wl1251/main.c -@@ -57,10 +57,8 @@ static int wl1251_fetch_firmware(struct - - ret = request_firmware(&fw, WL1251_FW_NAME, dev); - -- if (ret < 0) { -- wl1251_error("could not get firmware: %d", ret); -+ if (ret) - return ret; -- } - - if (fw->size % 4) { - wl1251_error("firmware size is not multiple of 32 bits: %zu", -@@ -96,10 +94,8 @@ static int wl1251_fetch_nvs(struct wl125 - - ret = request_firmware(&fw, WL1251_NVS_NAME, dev); - -- if (ret < 0) { -- wl1251_error("could not get nvs file: %d", ret); -+ if (ret) - return ret; -- } - - if (fw->size % 4) { - wl1251_error("nvs size is not multiple of 32 bits: %zu", ---- a/drivers/net/wireless/ti/wlcore/main.c -+++ b/drivers/net/wireless/ti/wlcore/main.c -@@ -755,10 +755,8 @@ static int wl12xx_fetch_firmware(struct - - ret = request_firmware(&fw, fw_name, wl->dev); - -- if (ret < 0) { -- wl1271_error("could not get firmware %s: %d", fw_name, ret); -+ if (ret) - return ret; -- } - - if (fw->size % 4) { - wl1271_error("firmware size is not multiple of 32 bits: %zu", ---- a/drivers/net/wireless/zydas/zd1201.c -+++ b/drivers/net/wireless/zydas/zd1201.c -@@ -62,8 +62,6 @@ static int zd1201_fw_upload(struct usb_d - - err = request_firmware(&fw_entry, fwfile, &dev->dev); - if (err) { -- dev_err(&dev->dev, "Failed to load %s firmware file!\n", fwfile); -- dev_err(&dev->dev, "Make sure the hotplug firmware loader is installed.\n"); - dev_err(&dev->dev, "Goto http://linux-lc100020.sourceforge.net for more info.\n"); - return err; - } ---- a/drivers/net/wireless/zydas/zd1211rw/zd_usb.c -+++ b/drivers/net/wireless/zydas/zd1211rw/zd_usb.c -@@ -108,16 +108,9 @@ static void int_urb_complete(struct urb - static int request_fw_file( - const struct firmware **fw, const char *name, struct device *device) - { -- int r; -- - dev_dbg_f(device, "fw name %s\n", name); - -- r = request_firmware(fw, name, device); -- if (r) -- dev_err(device, -- "Could not load firmware file %s. Error number %d\n", -- name, r); -- return r; -+ return request_firmware(fw, name, device); - } - - static inline u16 get_bcdDevice(const struct usb_device *udev) ---- a/drivers/scsi/advansys.c -+++ b/drivers/scsi/advansys.c -@@ -4103,8 +4103,6 @@ static int AscInitAsc1000Driver(ASC_DVC_ - - err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); - if (err) { -- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", -- fwname, err); - asc_dvc->err_code |= ASC_IERR_MCODE_CHKSUM; - return err; - } -@@ -4469,8 +4467,6 @@ static int AdvInitAsc3550Driver(ADV_DVC_ - - err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); - if (err) { -- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", -- fwname, err); - asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; - return err; - } -@@ -4969,8 +4965,6 @@ static int AdvInitAsc38C0800Driver(ADV_D - - err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); - if (err) { -- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", -- fwname, err); - asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; - return err; - } -@@ -5457,8 +5451,6 @@ static int AdvInitAsc38C1600Driver(ADV_D - - err = request_firmware(&fw, fwname, asc_dvc->drv_ptr->dev); - if (err) { -- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", -- fwname, err); - asc_dvc->err_code = ASC_IERR_MCODE_CHKSUM; - return err; - } ---- a/drivers/scsi/aic94xx/aic94xx_init.c -+++ b/drivers/scsi/aic94xx/aic94xx_init.c -@@ -365,8 +365,6 @@ static ssize_t asd_store_update_bios(str - filename_ptr, - &asd_ha->pcidev->dev); - if (err) { -- asd_printk("Failed to load bios image file %s, error %d\n", -- filename_ptr, err); - err = FAIL_OPEN_BIOS_FILE; - goto out1; - } ---- a/drivers/scsi/aic94xx/aic94xx_seq.c -+++ b/drivers/scsi/aic94xx/aic94xx_seq.c -@@ -1299,11 +1299,8 @@ int asd_init_seqs(struct asd_ha_struct * - - err = asd_request_firmware(asd_ha); - -- if (err) { -- asd_printk("Failed to load sequencer firmware file %s, error %d\n", -- SAS_RAZOR_SEQUENCER_FW_FILE, err); -+ if (err) - return err; -- } - - err = asd_seq_download_seqs(asd_ha); - if (err) { ---- a/drivers/scsi/bfa/bfad.c -+++ b/drivers/scsi/bfa/bfad.c -@@ -1749,7 +1749,6 @@ bfad_read_firmware(struct pci_dev *pdev, - const struct firmware *fw; - - if (request_firmware(&fw, fw_name, &pdev->dev)) { -- printk(KERN_ALERT "Can't locate firmware %s\n", fw_name); - *bfi_image = NULL; - goto out; - } ---- a/drivers/scsi/ipr.c -+++ b/drivers/scsi/ipr.c -@@ -4091,10 +4091,8 @@ static ssize_t ipr_store_update_fw(struc - if (endline) - *endline = '\0'; - -- if (request_firmware(&fw_entry, fname, &ioa_cfg->pdev->dev)) { -- dev_err(&ioa_cfg->pdev->dev, "Firmware file %s not found\n", fname); -+ if (request_firmware(&fw_entry, fname, &ioa_cfg->pdev->dev)) - return -EIO; -- } - - image_hdr = (struct ipr_ucode_image_header *)fw_entry->data; - ---- a/drivers/scsi/pm8001/pm8001_ctl.c -+++ b/drivers/scsi/pm8001/pm8001_ctl.c -@@ -756,10 +756,6 @@ static ssize_t pm8001_store_update_fw(st - pm8001_ha->dev); - - if (ret) { -- PM8001_FAIL_DBG(pm8001_ha, -- pm8001_printk( -- "Failed to load firmware image file %s, error %d\n", -- filename_ptr, ret)); - pm8001_ha->fw_status = FAIL_OPEN_BIOS_FILE; - goto out; - } ---- a/drivers/scsi/qla1280.c -+++ b/drivers/scsi/qla1280.c -@@ -1533,8 +1533,6 @@ qla1280_request_firmware(struct scsi_qla - err = request_firmware(&fw, fwname, &ha->pdev->dev); - - if (err) { -- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", -- fwname, err); - fw = ERR_PTR(err); - goto unlock; - } ---- a/drivers/scsi/qla2xxx/qla_init.c -+++ b/drivers/scsi/qla2xxx/qla_init.c -@@ -7780,10 +7780,6 @@ qla2x00_load_risc(scsi_qla_host_t *vha, - /* Load firmware blob. */ - blob = qla2x00_request_firmware(vha); - if (!blob) { -- ql_log(ql_log_info, vha, 0x0083, -- "Firmware image unavailable.\n"); -- ql_log(ql_log_info, vha, 0x0084, -- "Firmware images can be retrieved from: "QLA_FW_URL ".\n"); - return QLA_FUNCTION_FAILED; - } - -@@ -7886,9 +7882,6 @@ qla24xx_load_risc_blob(scsi_qla_host_t * - - blob = qla2x00_request_firmware(vha); - if (!blob) { -- ql_log(ql_log_warn, vha, 0x0092, -- "-> Firmware file not found.\n"); -- - return QLA_FUNCTION_FAILED; - } - ---- a/drivers/scsi/qla2xxx/qla_nx.c -+++ b/drivers/scsi/qla2xxx/qla_nx.c -@@ -2475,11 +2475,8 @@ try_blob_fw: - - /* Load firmware blob. */ - blob = ha->hablob = qla2x00_request_firmware(vha); -- if (!blob) { -- ql_log(ql_log_fatal, vha, 0x00a3, -- "Firmware image not present.\n"); -+ if (!blob) - goto fw_load_failed; -- } - - /* Validating firmware blob */ - if (qla82xx_validate_firmware_blob(vha, ---- a/drivers/scsi/qla2xxx/qla_os.c -+++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -6803,8 +6803,6 @@ qla2x00_request_firmware(scsi_qla_host_t - goto out; - - if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) { -- ql_log(ql_log_warn, vha, 0x0063, -- "Failed to load firmware image (%s).\n", blob->name); - blob->fw = NULL; - blob = NULL; - } ---- a/drivers/scsi/qlogicpti.c -+++ b/drivers/scsi/qlogicpti.c -@@ -476,11 +476,8 @@ static int qlogicpti_load_firmware(struc - int i, timeout; - - err = request_firmware(&fw, fwname, &qpti->op->dev); -- if (err) { -- printk(KERN_ERR "Failed to load image \"%s\" err %d\n", -- fwname, err); -+ if (err) - return err; -- } - if (fw->size % 2) { - printk(KERN_ERR "Bogus length %zu in image \"%s\"\n", - fw->size, fwname); ---- a/drivers/staging/rtl8192u/r819xU_firmware.c -+++ b/drivers/staging/rtl8192u/r819xU_firmware.c -@@ -245,10 +245,8 @@ bool init_firmware(struct net_device *de - */ - if (rst_opt == OPT_SYSTEM_RESET) { - rc = request_firmware(&fw_entry, fw_name[init_step], &priv->udev->dev); -- if (rc < 0) { -- RT_TRACE(COMP_ERR, "request firmware fail!\n"); -+ if (rc) - goto download_firmware_fail; -- } - - if (fw_entry->size > sizeof(pfirmware->firmware_buf)) { - RT_TRACE(COMP_ERR, "img file size exceed the container buffer fail!\n"); ---- a/drivers/staging/rtl8712/hal_init.c -+++ b/drivers/staging/rtl8712/hal_init.c -@@ -59,8 +59,6 @@ int rtl871x_load_fw(struct _adapter *pad - dev_info(dev, "r8712u: Loading firmware from \"%s\"\n", firmware_file); - rc = request_firmware_nowait(THIS_MODULE, 1, firmware_file, dev, - GFP_KERNEL, padapter, rtl871x_load_fw_cb); -- if (rc) -- dev_err(dev, "r8712u: Firmware request error %d\n", rc); - return rc; - } - MODULE_FIRMWARE("rtlwifi/rtl8712u.bin"); ---- a/drivers/staging/vt6656/firmware.c -+++ b/drivers/staging/vt6656/firmware.c -@@ -38,11 +38,8 @@ int vnt_download_firmware(struct vnt_pri - dev_dbg(dev, "---->Download firmware\n"); - - ret = request_firmware(&fw, FIRMWARE_NAME, dev); -- if (ret) { -- dev_err(dev, "firmware file %s request failed (%d)\n", -- FIRMWARE_NAME, ret); -+ if (ret) - goto end; -- } - - buffer = kmalloc(FIRMWARE_CHUNK_SIZE, GFP_KERNEL); - if (!buffer) { ---- a/drivers/tty/cyclades.c -+++ b/drivers/tty/cyclades.c -@@ -3484,10 +3484,8 @@ static int cyz_load_fw(struct pci_dev *p - int retval; - - retval = request_firmware(&fw, "cyzfirm.bin", &pdev->dev); -- if (retval) { -- dev_err(&pdev->dev, "can't get firmware\n"); -+ if (retval) - goto err; -- } - - /* Check whether the firmware is already loaded and running. If - positive, skip this board */ ---- a/drivers/tty/moxa.c -+++ b/drivers/tty/moxa.c -@@ -854,13 +854,8 @@ static int moxa_init_board(struct moxa_b - } - - ret = request_firmware(&fw, file, dev); -- if (ret) { -- printk(KERN_ERR "MOXA: request_firmware failed. Make sure " -- "you've placed '%s' file into your firmware " -- "loader directory (e.g. /lib/firmware)\n", -- file); -+ if (ret) - goto err_free; -- } - - ret = moxa_load_fw(brd, fw); - ---- a/drivers/tty/serial/icom.c -+++ b/drivers/tty/serial/icom.c -@@ -360,7 +360,6 @@ static void load_code(struct icom_port * - - /* Load Call Setup into Adapter */ - if (request_firmware(&fw, "icom_call_setup.bin", &dev->dev) < 0) { -- dev_err(&dev->dev,"Unable to load icom_call_setup.bin firmware image\n"); - status = -1; - goto load_code_exit; - } -@@ -380,7 +379,6 @@ static void load_code(struct icom_port * - - /* Load Resident DCE portion of Adapter */ - if (request_firmware(&fw, "icom_res_dce.bin", &dev->dev) < 0) { -- dev_err(&dev->dev,"Unable to load icom_res_dce.bin firmware image\n"); - status = -1; - goto load_code_exit; - } -@@ -425,7 +423,6 @@ static void load_code(struct icom_port * - } - - if (request_firmware(&fw, "icom_asc.bin", &dev->dev) < 0) { -- dev_err(&dev->dev,"Unable to load icom_asc.bin firmware image\n"); - status = -1; - goto load_code_exit; - } ---- a/drivers/tty/serial/ucc_uart.c -+++ b/drivers/tty/serial/ucc_uart.c -@@ -1165,10 +1165,8 @@ static void uart_firmware_cont(const str - struct device *dev = context; - int ret; - -- if (!fw) { -- dev_err(dev, "firmware not found\n"); -+ if (!fw) - return; -- } - - firmware = (struct qe_firmware *) fw->data; - ---- a/drivers/usb/atm/cxacru.c -+++ b/drivers/usb/atm/cxacru.c -@@ -1080,8 +1080,6 @@ static int cxacru_find_firmware(struct c - return -ENOENT; - } - -- usb_info(usbatm, "found firmware %s\n", buf); -- - return 0; - } - ---- a/drivers/usb/atm/ueagle-atm.c -+++ b/drivers/usb/atm/ueagle-atm.c -@@ -606,10 +606,8 @@ static void uea_upload_pre_firmware(cons - int ret, size; - - uea_enters(usb); -- if (!fw_entry) { -- uea_err(usb, "firmware is not available\n"); -+ if (!fw_entry) - goto err; -- } - - pfw = fw_entry->data; - size = fw_entry->size; -@@ -704,10 +702,6 @@ static int uea_load_firmware(struct usb_ - ret = request_firmware_nowait(THIS_MODULE, 1, fw_name, &usb->dev, - GFP_KERNEL, usb, - uea_upload_pre_firmware); -- if (ret) -- uea_err(usb, "firmware %s is not available\n", fw_name); -- else -- uea_info(usb, "loading firmware %s\n", fw_name); - - uea_leaves(usb); - return ret; -@@ -869,12 +863,8 @@ static int request_dsp(struct uea_softc - } - - ret = request_firmware(&sc->dsp_firm, dsp_name, &sc->usb_dev->dev); -- if (ret < 0) { -- uea_err(INS_TO_USBDEV(sc), -- "requesting firmware %s failed with error %d\n", -- dsp_name, ret); -+ if (ret) - return ret; -- } - - if (UEA_CHIP_VERSION(sc) == EAGLE_IV) - ret = check_dsp_e4(sc->dsp_firm->data, sc->dsp_firm->size); -@@ -1587,12 +1577,8 @@ static int request_cmvs_old(struct uea_s - - cmvs_file_name(sc, cmv_name, 1); - ret = request_firmware(fw, cmv_name, &sc->usb_dev->dev); -- if (ret < 0) { -- uea_err(INS_TO_USBDEV(sc), -- "requesting firmware %s failed with error %d\n", -- cmv_name, ret); -+ if (ret) - return ret; -- } - - data = (u8 *) (*fw)->data; - size = (*fw)->size; -@@ -1629,9 +1615,6 @@ static int request_cmvs(struct uea_softc - "try to get older cmvs\n", cmv_name); - return request_cmvs_old(sc, cmvs, fw); - } -- uea_err(INS_TO_USBDEV(sc), -- "requesting firmware %s failed with error %d\n", -- cmv_name, ret); - return ret; - } - -@@ -1914,11 +1897,8 @@ static int load_XILINX_firmware(struct u - uea_enters(INS_TO_USBDEV(sc)); - - ret = request_firmware(&fw_entry, fw_name, &sc->usb_dev->dev); -- if (ret) { -- uea_err(INS_TO_USBDEV(sc), "firmware %s is not available\n", -- fw_name); -+ if (ret) - goto err0; -- } - - pfw = fw_entry->data; - size = fw_entry->size; ---- a/drivers/usb/misc/emi26.c -+++ b/drivers/usb/misc/emi26.c -@@ -85,21 +85,17 @@ static int emi26_load_firmware (struct u - - err = request_ihex_firmware(&loader_fw, "emi26/loader.fw", &dev->dev); - if (err) -- goto nofw; -+ goto wraperr; - - err = request_ihex_firmware(&bitstream_fw, "emi26/bitstream.fw", - &dev->dev); - if (err) -- goto nofw; -+ goto wraperr; - - err = request_ihex_firmware(&firmware_fw, "emi26/firmware.fw", - &dev->dev); -- if (err) { -- nofw: -- dev_err(&dev->dev, "%s - request_firmware() failed\n", -- __func__); -+ if (err) - goto wraperr; -- } - - /* Assert reset (stop the CPU in the EMI) */ - err = emi26_set_reset(dev,1); ---- a/drivers/usb/misc/ezusb.c -+++ b/drivers/usb/misc/ezusb.c -@@ -76,12 +76,8 @@ static int ezusb_ihex_firmware_download( - const struct ihex_binrec *record; - - if (request_ihex_firmware(&firmware, firmware_path, -- &dev->dev)) { -- dev_err(&dev->dev, -- "%s - request \"%s\" failed\n", -- __func__, firmware_path); -+ &dev->dev)) - goto out; -- } - - ret = ezusb_set_reset(dev, fx.cpucs_reg, 0); - if (ret < 0) ---- a/drivers/usb/misc/isight_firmware.c -+++ b/drivers/usb/misc/isight_firmware.c -@@ -45,7 +45,6 @@ static int isight_firmware_load(struct u - return -ENOMEM; - - if (request_firmware(&firmware, "isight.fw", &dev->dev) != 0) { -- printk(KERN_ERR "Unable to load isight firmware\n"); - ret = -ENODEV; - goto out; - } ---- a/drivers/usb/serial/io_edgeport.c -+++ b/drivers/usb/serial/io_edgeport.c -@@ -375,11 +375,8 @@ static void update_edgeport_E2PROM(struc - - response = request_ihex_firmware(&fw, fw_name, - &edge_serial->serial->dev->dev); -- if (response) { -- dev_err(dev, "Failed to load image \"%s\" err %d\n", -- fw_name, response); -+ if (response) - return; -- } - - rec = (const struct ihex_binrec *)fw->data; - BootMajorVersion = rec->data[0]; ---- a/drivers/usb/serial/io_ti.c -+++ b/drivers/usb/serial/io_ti.c -@@ -1010,8 +1010,6 @@ static int download_fw(struct edgeport_s - - status = request_firmware(&fw, fw_name, dev); - if (status) { -- dev_err(dev, "Failed to load image \"%s\" err %d\n", -- fw_name, status); - return status; - } - ---- a/drivers/usb/serial/ti_usb_3410_5052.c -+++ b/drivers/usb/serial/ti_usb_3410_5052.c -@@ -1667,10 +1667,8 @@ static int ti_download_firmware(struct t - } - - check_firmware: -- if (status) { -- dev_err(&dev->dev, "%s - firmware not found\n", __func__); -+ if (status) - return -ENOENT; -- } - if (fw_p->size > TI_FIRMWARE_BUF_SIZE) { - dev_err(&dev->dev, "%s - firmware too large %zu\n", __func__, fw_p->size); - release_firmware(fw_p); ---- a/drivers/video/fbdev/broadsheetfb.c -+++ b/drivers/video/fbdev/broadsheetfb.c -@@ -743,10 +743,8 @@ static ssize_t broadsheet_loadstore_wave - return -EINVAL; - - err = request_firmware(&fw_entry, "broadsheet.wbf", dev); -- if (err < 0) { -- dev_err(dev, "Failed to get broadsheet waveform\n"); -+ if (err) - goto err_failed; -- } - - /* try to enforce reasonable min max on waveform */ - if ((fw_entry->size < 8*1024) || (fw_entry->size > 64*1024)) { ---- a/drivers/video/fbdev/metronomefb.c -+++ b/drivers/video/fbdev/metronomefb.c -@@ -679,10 +679,8 @@ static int metronomefb_probe(struct plat - a) request the waveform file from userspace - b) process waveform and decode into metromem */ - retval = request_firmware(&fw_entry, "metronome.wbf", &dev->dev); -- if (retval < 0) { -- dev_err(&dev->dev, "Failed to get waveform\n"); -+ if (retval) - goto err_csum_table; -- } - - retval = load_waveform((u8 *) fw_entry->data, fw_entry->size, 3, 31, - par); ---- a/sound/drivers/vx/vx_hwdep.c -+++ b/sound/drivers/vx/vx_hwdep.c -@@ -58,10 +58,8 @@ int snd_vx_setup_firmware(struct vx_core - if (! fw_files[chip->type][i]) - continue; - sprintf(path, "vx/%s", fw_files[chip->type][i]); -- if (request_firmware(&fw, path, chip->dev)) { -- snd_printk(KERN_ERR "vx: can't load firmware %s\n", path); -+ if (request_firmware(&fw, path, chip->dev)) - return -ENOENT; -- } - err = chip->ops->load_dsp(chip, i, fw); - if (err < 0) { - release_firmware(fw); ---- a/sound/isa/msnd/msnd_pinnacle.c -+++ b/sound/isa/msnd/msnd_pinnacle.c -@@ -376,15 +376,11 @@ static int upload_dsp_code(struct snd_ca - outb(HPBLKSEL_0, chip->io + HP_BLKS); - - err = request_firmware(&init_fw, INITCODEFILE, card->dev); -- if (err < 0) { -- printk(KERN_ERR LOGNAME ": Error loading " INITCODEFILE); -+ if (err) - goto cleanup1; -- } - err = request_firmware(&perm_fw, PERMCODEFILE, card->dev); -- if (err < 0) { -- printk(KERN_ERR LOGNAME ": Error loading " PERMCODEFILE); -+ if (err) - goto cleanup; -- } - - memcpy_toio(chip->mappedbase, perm_fw->data, perm_fw->size); - if (snd_msnd_upload_host(chip, init_fw->data, init_fw->size) < 0) { ---- a/sound/isa/sscape.c -+++ b/sound/isa/sscape.c -@@ -531,10 +531,8 @@ static int sscape_upload_bootblock(struc - int ret; - - ret = request_firmware(&init_fw, "scope.cod", card->dev); -- if (ret < 0) { -- snd_printk(KERN_ERR "sscape: Error loading scope.cod"); -+ if (ret) - return ret; -- } - ret = upload_dma_data(sscape, init_fw->data, init_fw->size); - - release_firmware(init_fw); -@@ -571,11 +569,8 @@ static int sscape_upload_microcode(struc - snprintf(name, sizeof(name), "sndscape.co%d", version); - - err = request_firmware(&init_fw, name, card->dev); -- if (err < 0) { -- snd_printk(KERN_ERR "sscape: Error loading sndscape.co%d", -- version); -+ if (err) - return err; -- } - err = upload_dma_data(sscape, init_fw->data, init_fw->size); - if (err == 0) - snd_printk(KERN_INFO "sscape: MIDI firmware loaded %zu KBs\n", ---- a/sound/isa/wavefront/wavefront_synth.c -+++ b/sound/isa/wavefront/wavefront_synth.c -@@ -1954,10 +1954,8 @@ wavefront_download_firmware (snd_wavefro - const struct firmware *firmware; - - err = request_firmware(&firmware, path, dev->card->dev); -- if (err < 0) { -- snd_printk(KERN_ERR "firmware (%s) download failed!!!\n", path); -+ if (err) - return 1; -- } - - len = 0; - buf = firmware->data; ---- a/sound/pci/asihpi/hpidspcd.c -+++ b/sound/pci/asihpi/hpidspcd.c -@@ -35,8 +35,6 @@ short hpi_dsp_code_open(u32 adapter, voi - err = request_firmware(&firmware, fw_name, &dev->dev); - - if (err || !firmware) { -- dev_err(&dev->dev, "%d, request_firmware failed for %s\n", -- err, fw_name); - goto error1; - } - if (firmware->size < sizeof(header)) { ---- a/sound/pci/cs46xx/cs46xx_lib.c -+++ b/sound/pci/cs46xx/cs46xx_lib.c -@@ -3241,11 +3241,8 @@ int snd_cs46xx_start_dsp(struct snd_cs46 - #ifdef CONFIG_SND_CS46XX_NEW_DSP - for (i = 0; i < CS46XX_DSP_MODULES; i++) { - err = load_firmware(chip, &chip->modules[i], module_names[i]); -- if (err < 0) { -- dev_err(chip->card->dev, "firmware load error [%s]\n", -- module_names[i]); -+ if (err < 0) - return err; -- } - err = cs46xx_dsp_load_module(chip, chip->modules[i]); - if (err < 0) { - dev_err(chip->card->dev, "image download error [%s]\n", ---- a/sound/pci/echoaudio/echoaudio.c -+++ b/sound/pci/echoaudio/echoaudio.c -@@ -48,11 +48,8 @@ static int get_firmware(const struct fir - "firmware requested: %s\n", card_fw[fw_index].data); - snprintf(name, sizeof(name), "ea/%s", card_fw[fw_index].data); - err = request_firmware(fw_entry, name, &chip->pci->dev); -- if (err < 0) -- dev_err(chip->card->dev, -- "get_firmware(): Firmware not available (%d)\n", err); - #ifdef CONFIG_PM_SLEEP -- else -+ if (!err) - chip->fw_cache[fw_index] = *fw_entry; - #endif - return err; ---- a/sound/pci/emu10k1/emu10k1_main.c -+++ b/sound/pci/emu10k1/emu10k1_main.c -@@ -873,10 +873,8 @@ static int snd_emu10k1_emu1010_init(stru - dev_info(emu->card->dev, "emu1010: EMU_HANA_ID = 0x%x\n", reg); - - err = snd_emu1010_load_firmware(emu, 0, &emu->firmware); -- if (err < 0) { -- dev_info(emu->card->dev, "emu1010: Loading Firmware failed\n"); -+ if (err < 0) - return err; -- } - - /* ID, should read & 0x7f = 0x55 when FPGA programmed. */ - snd_emu1010_fpga_read(emu, EMU_HANA_ID, ®); ---- a/sound/pci/hda/hda_intel.c -+++ b/sound/pci/hda/hda_intel.c -@@ -1908,10 +1908,8 @@ static void azx_firmware_cb(const struct - struct azx *chip = card->private_data; - struct pci_dev *pci = chip->pci; - -- if (!fw) { -- dev_err(card->dev, "Cannot load firmware, aborting\n"); -+ if (!fw) - goto error; -- } - - chip->fw = fw; - if (!chip->disabled) { ---- a/sound/pci/korg1212/korg1212.c -+++ b/sound/pci/korg1212/korg1212.c -@@ -2332,7 +2332,6 @@ static int snd_korg1212_create(struct sn - - err = request_firmware(&dsp_code, "korg/k1212.dsp", &pci->dev); - if (err < 0) { -- snd_printk(KERN_ERR "firmware not available\n"); - snd_korg1212_free(korg1212); - return err; - } ---- a/sound/pci/mixart/mixart_hwdep.c -+++ b/sound/pci/mixart/mixart_hwdep.c -@@ -558,11 +558,8 @@ int snd_mixart_setup_firmware(struct mix - - for (i = 0; i < 3; i++) { - sprintf(path, "mixart/%s", fw_files[i]); -- if (request_firmware(&fw_entry, path, &mgr->pci->dev)) { -- dev_err(&mgr->pci->dev, -- "miXart: can't load firmware %s\n", path); -+ if (request_firmware(&fw_entry, path, &mgr->pci->dev)) - return -ENOENT; -- } - /* fake hwdep dsp record */ - err = mixart_dsp_load(mgr, i, fw_entry); - release_firmware(fw_entry); ---- a/sound/pci/pcxhr/pcxhr_hwdep.c -+++ b/sound/pci/pcxhr/pcxhr_hwdep.c -@@ -372,12 +372,8 @@ int pcxhr_setup_firmware(struct pcxhr_mg - if (!fw_files[fw_set][i]) - continue; - sprintf(path, "pcxhr/%s", fw_files[fw_set][i]); -- if (request_firmware(&fw_entry, path, &mgr->pci->dev)) { -- dev_err(&mgr->pci->dev, -- "pcxhr: can't load firmware %s\n", -- path); -+ if (request_firmware(&fw_entry, path, &mgr->pci->dev)) - return -ENOENT; -- } - /* fake hwdep dsp record */ - err = pcxhr_dsp_load(mgr, i, fw_entry); - release_firmware(fw_entry); ---- a/sound/pci/riptide/riptide.c -+++ b/sound/pci/riptide/riptide.c -@@ -1216,11 +1216,8 @@ static int try_to_load_firmware(struct c - if (!chip->fw_entry) { - err = request_firmware(&chip->fw_entry, "riptide.hex", - &chip->pci->dev); -- if (err) { -- snd_printk(KERN_ERR -- "Riptide: Firmware not available %d\n", err); -+ if (err) - return -EIO; -- } - } - err = loadfirmware(cif, chip->fw_entry->data, chip->fw_entry->size); - if (err) { ---- a/sound/pci/rme9652/hdsp.c -+++ b/sound/pci/rme9652/hdsp.c -@@ -5117,11 +5117,8 @@ static int hdsp_request_fw_loader(struct - return -EINVAL; - } - -- if (request_firmware(&fw, fwfile, &hdsp->pci->dev)) { -- dev_err(hdsp->card->dev, -- "cannot load firmware %s\n", fwfile); -+ if (request_firmware(&fw, fwfile, &hdsp->pci->dev)) - return -ENOENT; -- } - if (fw->size < HDSP_FIRMWARE_SIZE) { - dev_err(hdsp->card->dev, - "too short firmware size %d (expected %d)\n", ---- a/sound/soc/codecs/wm2000.c -+++ b/sound/soc/codecs/wm2000.c -@@ -894,10 +894,8 @@ static int wm2000_i2c_probe(struct i2c_c - } - - ret = request_firmware(&fw, filename, &i2c->dev); -- if (ret != 0) { -- dev_err(&i2c->dev, "Failed to acquire ANC data: %d\n", ret); -+ if (ret != 0) - goto err_supplies; -- } - - /* Pre-cook the concatenation of the register address onto the image */ - wm2000->anc_download_size = fw->size + 2; ---- a/sound/usb/6fire/firmware.c -+++ b/sound/usb/6fire/firmware.c -@@ -215,8 +215,6 @@ static int usb6fire_fw_ezusb_upload( - ret = request_firmware(&fw, fwname, &device->dev); - if (ret < 0) { - kfree(rec); -- dev_err(&intf->dev, -- "error requesting ezusb firmware %s.\n", fwname); - return ret; - } - ret = usb6fire_fw_ihex_init(fw, rec); -@@ -292,8 +290,6 @@ static int usb6fire_fw_fpga_upload( - - ret = request_firmware(&fw, fwname, &device->dev); - if (ret < 0) { -- dev_err(&intf->dev, "unable to get fpga firmware %s.\n", -- fwname); - kfree(buffer); - return -EIO; - } diff --git a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch deleted file mode 100644 index 5541f3ee7966..000000000000 --- a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch +++ /dev/null @@ -1,79 +0,0 @@ -From: Ben Hutchings -Subject: firmware_class: Log every success and failure against given device -Date: Sun, 09 Dec 2012 16:02:00 +0000 -Forwarded: no - -The hundreds of users of request_firmware() have nearly as many -different log formats for reporting failures. They also have only the -vaguest hint as to what went wrong; only firmware_class really knows -that. Therefore, add specific log messages for the failure modes that -aren't currently logged. - -In case of a driver that tries multiple names, this may result in the -impression that it failed to initialise. Therefore, also log successes. - -This makes many error messages in drivers redundant, which will be -removed in later patches. - -This does not cover the case where we fall back to a user-mode helper -(which is no longer enabled in Debian). - -NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n" -format to detect missing firmware. ---- - drivers/base/firmware_loader/fallback.c | 2 +- - drivers/base/firmware_loader/main.c | 15 ++++++++------- - 2 files changed, 9 insertions(+), 8 deletions(-) - ---- a/drivers/base/firmware_loader/fallback.c -+++ b/drivers/base/firmware_loader/fallback.c -@@ -557,7 +557,7 @@ static int fw_load_from_user_helper(stru - if (opt_flags & FW_OPT_NOWAIT) { - timeout = usermodehelper_read_lock_wait(timeout); - if (!timeout) { -- dev_dbg(device, "firmware: %s loading timed out\n", -+ dev_err(device, "firmware: %s loading timed out\n", - name); - return -EBUSY; - } ---- a/drivers/base/firmware_loader/main.c -+++ b/drivers/base/firmware_loader/main.c -@@ -496,14 +496,12 @@ fw_get_filesystem_firmware(struct device - rc = kernel_read_file_from_path(path, &buffer, &size, - msize, id); - if (rc) { -- if (rc != -ENOENT) -- dev_warn(device, "loading %s failed with error %d\n", -- path, rc); -- else -- dev_dbg(device, "loading %s failed for no such file or directory.\n", -- path); -+ dev_dbg(device, "loading %s failed with error %d\n", -+ path, rc); - continue; - } -+ dev_info(device, "firmware: direct-loading firmware %s\n", -+ fw_priv->fw_name); - if (decompress) { - dev_dbg(device, "f/w decompressing %s\n", - fw_priv->fw_name); -@@ -516,8 +514,6 @@ fw_get_filesystem_firmware(struct device - continue; - } - } else { -- dev_dbg(device, "direct-loading %s\n", -- fw_priv->fw_name); - if (!fw_priv->data) - fw_priv->data = buffer; - fw_priv->size = size; -@@ -527,6 +523,10 @@ fw_get_filesystem_firmware(struct device - } - __putname(path); - -+ if (rc) -+ dev_err(device, "firmware: failed to load %s (%d)\n", -+ fw_priv->fw_name, rc); -+ - return rc; - } - diff --git a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch deleted file mode 100644 index 6a58c734f521..000000000000 --- a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch +++ /dev/null @@ -1,69 +0,0 @@ -From: Ben Hutchings -Date: Wed, 13 Apr 2016 21:48:06 +0100 -Subject: fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers -Bug-Debian: https://bugs.debian.org/819725 -Forwarded: http://mid.gmane.org/20160517133631.GF7555@decadent.org.uk - -This helps initramfs builders and other tools to find the full -dependencies of a module. - -Signed-off-by: Ben Hutchings -[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] ---- -Index: debian-kernel/fs/btrfs/super.c -=================================================================== ---- debian-kernel.orig/fs/btrfs/super.c -+++ debian-kernel/fs/btrfs/super.c -@@ -2455,4 +2455,4 @@ late_initcall(init_btrfs_fs); - module_exit(exit_btrfs_fs) - - MODULE_LICENSE("GPL"); --MODULE_SOFTDEP("pre: crc32c"); -+MODULE_SOFTDEP("pre: crypto-crc32c"); -Index: debian-kernel/fs/ext4/super.c -=================================================================== ---- debian-kernel.orig/fs/ext4/super.c -+++ debian-kernel/fs/ext4/super.c -@@ -6199,6 +6199,6 @@ static void __exit ext4_exit_fs(void) - MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others"); - MODULE_DESCRIPTION("Fourth Extended Filesystem"); - MODULE_LICENSE("GPL"); --MODULE_SOFTDEP("pre: crc32c"); -+MODULE_SOFTDEP("pre: crypto-crc32c"); - module_init(ext4_init_fs) - module_exit(ext4_exit_fs) -Index: debian-kernel/fs/f2fs/super.c -=================================================================== ---- debian-kernel.orig/fs/f2fs/super.c -+++ debian-kernel/fs/f2fs/super.c -@@ -3784,4 +3784,5 @@ module_exit(exit_f2fs_fs) - MODULE_AUTHOR("Samsung Electronics's Praesto Team"); - MODULE_DESCRIPTION("Flash Friendly File System"); - MODULE_LICENSE("GPL"); -+MODULE_SOFTDEP("pre: crypto-crc32c"); - -Index: debian-kernel/fs/jbd2/journal.c -=================================================================== ---- debian-kernel.orig/fs/jbd2/journal.c -+++ debian-kernel/fs/jbd2/journal.c -@@ -2726,6 +2726,7 @@ static void __exit journal_exit(void) - } - - MODULE_LICENSE("GPL"); -+MODULE_SOFTDEP("pre: crypto-crc32c"); - module_init(journal_init); - module_exit(journal_exit); - -Index: debian-kernel/fs/nfsd/nfsctl.c -=================================================================== ---- debian-kernel.orig/fs/nfsd/nfsctl.c -+++ debian-kernel/fs/nfsd/nfsctl.c -@@ -1574,5 +1574,8 @@ static void __exit exit_nfsd(void) - - MODULE_AUTHOR("Olaf Kirch "); - MODULE_LICENSE("GPL"); -+#ifdef CONFIG_NFSD_V4 -+MODULE_SOFTDEP("pre: crypto-md5"); -+#endif - module_init(init_nfsd) - module_exit(exit_nfsd) diff --git a/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch b/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch deleted file mode 100644 index 820479896eee..000000000000 --- a/debian/patches/bugfix/all/kbuild-fix-recordmcount-dependency.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Ben Hutchings -Subject: kbuild: Fix recordmcount dependency for OOT modules -Date: Mon, 08 Sep 2014 18:31:24 +0100 -Forwarded: no - -We never rebuild anything in-tree when building an out-of-tree -modules, so external modules should not depend on the recordmcount -sources. - ---- a/scripts/Makefile.build -+++ b/scripts/Makefile.build -@@ -232,6 +232,11 @@ cmd_record_mcount = \ - endif # CC_USING_RECORD_MCOUNT - endif # CONFIG_FTRACE_MCOUNT_RECORD - -+# Don't require recordmcount source for an OOT build. -+ifdef KBUILD_EXTMOD -+recordmcount_source := -+endif -+ - ifdef CONFIG_STACK_VALIDATION - ifneq ($(SKIP_STACK_VALIDATION),1) - diff --git a/debian/patches/bugfix/all/libcpupower-hide-private-function.patch b/debian/patches/bugfix/all/libcpupower-hide-private-function.patch deleted file mode 100644 index ac76e638eab2..000000000000 --- a/debian/patches/bugfix/all/libcpupower-hide-private-function.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Ben Hutchings -Date: Sat, 01 Dec 2018 19:22:50 +0000 -Subject: libcpupower: Hide private function - -cpupower_read_sysfs() (previously known as sysfs_read_file()) is an -internal function in libcpupower and should not be exported when -libcpupower is a shared library. Change its visibility to "hidden". - -Signed-off-by: Ben Hutchings ---- ---- a/tools/power/cpupower/lib/cpupower.c -+++ b/tools/power/cpupower/lib/cpupower.c -@@ -15,6 +15,7 @@ - #include "cpupower.h" - #include "cpupower_intern.h" - -+__attribute__((visibility("hidden"))) - unsigned int cpupower_read_sysfs(const char *path, char *buf, size_t buflen) - { - int fd; diff --git a/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch b/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch deleted file mode 100644 index 2ab62688a76f..000000000000 --- a/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Ben Hutchings -Date: Fri, 02 Dec 2016 23:06:18 +0000 -Subject: module: Disable matching missing version CRC -Forwarded: not-needed - -This partly reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061. -We want to fail closed if a symbol version CRC is missing, as the -alternative may allow subverting module signing. ---- ---- a/kernel/module.c -+++ b/kernel/module.c -@@ -1313,9 +1313,8 @@ static int check_version(const struct lo - goto bad_version; - } - -- /* Broken toolchain. Warn once, then let it go.. */ -- pr_warn_once("%s: no symbol version for %s\n", info->name, symname); -- return 1; -+ pr_warn("%s: no symbol version for %s\n", info->name, symname); -+ return 0; - - bad_version: - pr_warn("%s: disagrees about version of symbol %s\n", diff --git a/debian/patches/bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch b/debian/patches/bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch deleted file mode 100644 index 0cd066e73896..000000000000 --- a/debian/patches/bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch +++ /dev/null @@ -1,140 +0,0 @@ -From: Ben Hutchings -Date: Tue, 20 Aug 2019 18:12:35 +0100 -Subject: Partially revert "net: socket: implement 64-bit timestamps" - -The introduction of SIOCGSTAMP{,NS}_OLD and move of SICOGSTAMP{,NS} to -a different header has caused build failures for various user-space -programs including qemu and suricata. It also causes a test failure -for glibc. - -For now, remove the _OLD suffix on the old ioctl numbers and require -programs using 64-bit timestamps to explicitly use SIOCGSTAMP{,NS}_NEW. - -References: https://lore.kernel.org/lkml/af0eb47a-5b98-1bd9-3e8d-652e7f28b01f@de.ibm.com/ -References: https://bugs.debian.org/934316 -References: https://ci.debian.net/data/autopkgtest/testing/amd64/g/glibc/2772289/log.gz -Signed-off-by: Ben Hutchings ---- ---- a/arch/alpha/include/uapi/asm/sockios.h -+++ b/arch/alpha/include/uapi/asm/sockios.h -@@ -11,7 +11,7 @@ - #define SIOCSPGRP _IOW('s', 8, pid_t) - #define SIOCGPGRP _IOR('s', 9, pid_t) - --#define SIOCGSTAMP_OLD 0x8906 /* Get stamp (timeval) */ --#define SIOCGSTAMPNS_OLD 0x8907 /* Get stamp (timespec) */ -+#define SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ -+#define SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ - - #endif /* _ASM_ALPHA_SOCKIOS_H */ ---- a/arch/mips/include/uapi/asm/sockios.h -+++ b/arch/mips/include/uapi/asm/sockios.h -@@ -21,7 +21,7 @@ - #define SIOCSPGRP _IOW('s', 8, pid_t) - #define SIOCGPGRP _IOR('s', 9, pid_t) - --#define SIOCGSTAMP_OLD 0x8906 /* Get stamp (timeval) */ --#define SIOCGSTAMPNS_OLD 0x8907 /* Get stamp (timespec) */ -+#define SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ -+#define SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ - - #endif /* _ASM_SOCKIOS_H */ ---- a/arch/sh/include/uapi/asm/sockios.h -+++ b/arch/sh/include/uapi/asm/sockios.h -@@ -10,7 +10,6 @@ - #define SIOCSPGRP _IOW('s', 8, pid_t) - #define SIOCGPGRP _IOR('s', 9, pid_t) - --#define SIOCGSTAMP_OLD _IOR('s', 100, struct timeval) /* Get stamp (timeval) */ --#define SIOCGSTAMPNS_OLD _IOR('s', 101, struct timespec) /* Get stamp (timespec) */ -- -+#define SIOCGSTAMP _IOR('s', 100, struct timeval) /* Get stamp (timeval) */ -+#define SIOCGSTAMPNS _IOR('s', 101, struct timespec) /* Get stamp (timespec) */ - #endif /* __ASM_SH_SOCKIOS_H */ ---- a/arch/xtensa/include/uapi/asm/sockios.h -+++ b/arch/xtensa/include/uapi/asm/sockios.h -@@ -26,7 +26,7 @@ - #define SIOCSPGRP _IOW('s', 8, pid_t) - #define SIOCGPGRP _IOR('s', 9, pid_t) - --#define SIOCGSTAMP_OLD 0x8906 /* Get stamp (timeval) */ --#define SIOCGSTAMPNS_OLD 0x8907 /* Get stamp (timespec) */ -+#define SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ -+#define SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ - - #endif /* _XTENSA_SOCKIOS_H */ ---- a/include/uapi/asm-generic/sockios.h -+++ b/include/uapi/asm-generic/sockios.h -@@ -8,7 +8,7 @@ - #define FIOGETOWN 0x8903 - #define SIOCGPGRP 0x8904 - #define SIOCATMARK 0x8905 --#define SIOCGSTAMP_OLD 0x8906 /* Get stamp (timeval) */ --#define SIOCGSTAMPNS_OLD 0x8907 /* Get stamp (timespec) */ -+#define SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ -+#define SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ - - #endif /* __ASM_GENERIC_SOCKIOS_H */ ---- a/include/uapi/linux/sockios.h -+++ b/include/uapi/linux/sockios.h -@@ -19,7 +19,6 @@ - #ifndef _LINUX_SOCKIOS_H - #define _LINUX_SOCKIOS_H - --#include - #include - - /* Linux-specific socket ioctls */ -@@ -37,17 +36,6 @@ - /* Get stamp (timespec) */ - #define SIOCGSTAMPNS_NEW _IOR(SOCK_IOC_TYPE, 0x07, long long[2]) - --#if __BITS_PER_LONG == 64 || (defined(__x86_64__) && defined(__ILP32__)) --/* on 64-bit and x32, avoid the ?: operator */ --#define SIOCGSTAMP SIOCGSTAMP_OLD --#define SIOCGSTAMPNS SIOCGSTAMPNS_OLD --#else --#define SIOCGSTAMP ((sizeof(struct timeval)) == 8 ? \ -- SIOCGSTAMP_OLD : SIOCGSTAMP_NEW) --#define SIOCGSTAMPNS ((sizeof(struct timespec)) == 8 ? \ -- SIOCGSTAMPNS_OLD : SIOCGSTAMPNS_NEW) --#endif -- - /* Routing table calls. */ - #define SIOCADDRT 0x890B /* add routing table entry */ - #define SIOCDELRT 0x890C /* delete routing table entry */ ---- a/net/socket.c -+++ b/net/socket.c -@@ -1170,14 +1170,14 @@ static long sock_ioctl(struct file *file - - err = open_related_ns(&net->ns, get_net_ns); - break; -- case SIOCGSTAMP_OLD: -- case SIOCGSTAMPNS_OLD: -+ case SIOCGSTAMP: -+ case SIOCGSTAMPNS: - if (!sock->ops->gettstamp) { - err = -ENOIOCTLCMD; - break; - } - err = sock->ops->gettstamp(sock, argp, -- cmd == SIOCGSTAMP_OLD, -+ cmd == SIOCGSTAMP, - !IS_ENABLED(CONFIG_64BIT)); - break; - case SIOCGSTAMP_NEW: -@@ -3341,11 +3341,11 @@ static int compat_sock_ioctl_trans(struc - case SIOCADDRT: - case SIOCDELRT: - return routing_ioctl(net, sock, cmd, argp); -- case SIOCGSTAMP_OLD: -- case SIOCGSTAMPNS_OLD: -+ case SIOCGSTAMP: -+ case SIOCGSTAMPNS: - if (!sock->ops->gettstamp) - return -ENOIOCTLCMD; -- return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP_OLD, -+ return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP, - !COMPAT_USE_64BIT_TIME); - - case SIOCBONDSLAVEINFOQUERY: diff --git a/debian/patches/bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch b/debian/patches/bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch deleted file mode 100644 index 268c99151827..000000000000 --- a/debian/patches/bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Ben Hutchings -Date: Wed, 11 Jan 2017 04:30:40 +0000 -Subject: Partially revert "usb: Kconfig: using select for USB_COMMON dependency" -Forwarded: https://marc.info/?l=linux-usb&m=149248300414300 - -This reverts commit cb9c1cfc86926d0e86d19c8e34f6c23458cd3478 for -USB_LED_TRIG. This config symbol has bool type and enables extra code -in usb_common itself, not a separate driver. Enabling it should not -force usb_common to be built-in! - -Fixes: cb9c1cfc8692 ("usb: Kconfig: using select for USB_COMMON dependency") -Signed-off-by: Ben Hutchings ---- - drivers/usb/common/Kconfig | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/drivers/usb/common/Kconfig b/drivers/usb/common/Kconfig -index d611477aae41..196f4a397587 100644 ---- a/drivers/usb/common/Kconfig -+++ b/drivers/usb/common/Kconfig -@@ -6,8 +6,7 @@ config USB_COMMON - - config USB_LED_TRIG - bool "USB LED Triggers" -- depends on LEDS_CLASS && LEDS_TRIGGERS -- select USB_COMMON -+ depends on LEDS_CLASS && USB_COMMON && LEDS_TRIGGERS - help - This option adds LED triggers for USB host and/or gadget activity. - diff --git a/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch b/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch deleted file mode 100644 index 98aab274824c..000000000000 --- a/debian/patches/bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch +++ /dev/null @@ -1,139 +0,0 @@ -From: Ben Hutchings -Subject: radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward -Date: Tue, 08 Jan 2013 03:25:52 +0000 -Bug-Debian: https://bugs.debian.org/607194 -Bug-Debian: https://bugs.debian.org/607471 -Bug-Debian: https://bugs.debian.org/610851 -Bug-Debian: https://bugs.debian.org/627497 -Bug-Debian: https://bugs.debian.org/632212 -Bug-Debian: https://bugs.debian.org/637943 -Bug-Debian: https://bugs.debian.org/649448 -Bug-Debian: https://bugs.debian.org/697229 -Forwarded: no - -radeon requires firmware/microcode for the GPU in all chips, but for -newer chips (apparently R600 'Evergreen' onward) it also expects -firmware for the memory controller and other sub-blocks. - -radeon attempts to gracefully fall back and disable some features if -the firmware is not available, but becomes unstable - the framebuffer -and/or system memory may be corrupted, or the display may stay black. - -Therefore, perform a basic check for the existence of -/lib/firmware/{radeon,amdgpu} when a device is probed, and abort if it -is missing, except for the pre-R600 case. - ---- - drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 29 ++++++++++++++++++++++++ - drivers/gpu/drm/radeon/radeon_drv.c | 30 +++++++++++++++++++++++++ - 2 files changed, 59 insertions(+) - -Index: debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c -=================================================================== ---- debian-kernel.orig/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c -+++ debian-kernel/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c -@@ -36,6 +36,8 @@ - #include - #include - #include -+#include -+#include - - #include "amdgpu.h" - #include "amdgpu_irq.h" -@@ -1030,6 +1032,28 @@ MODULE_DEVICE_TABLE(pci, pciidlist); - - static struct drm_driver kms_driver; - -+/* Test that /lib/firmware/amdgpu is a directory (or symlink to a -+ * directory). We could try to match the udev search path, but let's -+ * keep it simple. -+ */ -+static bool amdgpu_firmware_installed(void) -+{ -+#if IS_BUILTIN(CONFIG_DRM_AMDGPU) -+ /* It may be too early to tell. Assume it's there. */ -+ return true; -+#else -+ struct path path; -+ -+ if (kern_path("/lib/firmware/amdgpu", LOOKUP_DIRECTORY | LOOKUP_FOLLOW, -+ &path) == 0) { -+ path_put(&path); -+ return true; -+ } -+ -+ return false; -+#endif -+} -+ - static int amdgpu_pci_probe(struct pci_dev *pdev, - const struct pci_device_id *ent) - { -@@ -1083,6 +1107,11 @@ static int amdgpu_pci_probe(struct pci_d - } - #endif - -+ if (!amdgpu_firmware_installed()) { -+ DRM_ERROR("amdgpu requires firmware installed\n"); -+ return -ENODEV; -+ } -+ - /* Get rid of things like offb */ - ret = drm_fb_helper_remove_conflicting_pci_framebuffers(pdev, 0, "amdgpudrmfb"); - if (ret) -Index: debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c -=================================================================== ---- debian-kernel.orig/drivers/gpu/drm/radeon/radeon_drv.c -+++ debian-kernel/drivers/gpu/drm/radeon/radeon_drv.c -@@ -48,6 +48,8 @@ - #include - #include - #include -+#include -+#include - - #include "radeon_drv.h" - -@@ -321,6 +323,28 @@ static struct drm_driver kms_driver; - - bool radeon_device_is_virtual(void); - -+/* Test that /lib/firmware/radeon is a directory (or symlink to a -+ * directory). We could try to match the udev search path, but let's -+ * keep it simple. -+ */ -+static bool radeon_firmware_installed(void) -+{ -+#if IS_BUILTIN(CONFIG_DRM_RADEON) -+ /* It may be too early to tell. Assume it's there. */ -+ return true; -+#else -+ struct path path; -+ -+ if (kern_path("/lib/firmware/radeon", LOOKUP_DIRECTORY | LOOKUP_FOLLOW, -+ &path) == 0) { -+ path_put(&path); -+ return true; -+ } -+ -+ return false; -+#endif -+} -+ - static int radeon_pci_probe(struct pci_dev *pdev, - const struct pci_device_id *ent) - { -@@ -360,6 +384,12 @@ static int radeon_pci_probe(struct pci_d - if (vga_switcheroo_client_probe_defer(pdev)) - return -EPROBE_DEFER; - -+ if ((ent->driver_data & RADEON_FAMILY_MASK) >= CHIP_R600 && -+ !radeon_firmware_installed()) { -+ DRM_ERROR("radeon kernel modesetting for R600 or later requires firmware installed\n"); -+ return -ENODEV; -+ } -+ - /* Get rid of things like offb */ - ret = drm_fb_helper_remove_conflicting_pci_framebuffers(pdev, 0, "radeondrmfb"); - if (ret) diff --git a/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch b/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch deleted file mode 100644 index 3818dbb1720d..000000000000 --- a/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Ben Hutchings -Date: Sun, 21 Feb 2016 15:33:15 +0000 -Subject: tools/build: Remove bpf() run-time check at build time -Forwarded: no - -It is not correct to test that a syscall works on the build system's -kernel. We might be building on an earlier kernel version or with -security restrictions that block bpf(). - -Signed-off-by: Ben Hutchings ---- ---- a/tools/build/feature/test-bpf.c -+++ b/tools/build/feature/test-bpf.c -@@ -35,8 +35,10 @@ int main(void) - attr.prog_flags = 0; - - /* -- * Test existence of __NR_bpf and BPF_PROG_LOAD. -- * This call should fail if we run the testcase. -+ * bwh: Don't use the bpf() syscall as we might be building on a -+ * much older kernel. Do "use" the attr structure here to avoid -+ * a "set but not used" warning. - */ -- return syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr)); -+ (void)&attr; -+ return 0; - } diff --git a/debian/patches/bugfix/all/tools-lib-api-fs-fs.c-fix-misuse-of-strncpy.patch b/debian/patches/bugfix/all/tools-lib-api-fs-fs.c-fix-misuse-of-strncpy.patch deleted file mode 100644 index 80383f7c0b3a..000000000000 --- a/debian/patches/bugfix/all/tools-lib-api-fs-fs.c-fix-misuse-of-strncpy.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Ben Hutchings -Date: Thu, 19 Jul 2018 23:36:52 +0100 -Subject: tools/lib/api/fs/fs.c: Fix misuse of strncpy() -Bug-Debian: https://bugs.debian.org/897802 -Forwarded: https://lore.kernel.org/lkml/20180721021026.GQ14131@decadent.org.uk/T/ - -gcc 8 reports: - -In function 'fs__env_override', - inlined from 'fs__get_mountpoint' at fs/fs.c:228:6: -fs/fs.c:222:2: error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation] - strncpy(fs->path, override_path, sizeof(fs->path)); - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -I'm not convinced it makes sense to truncate the copied string here, -but since we're already doing so let's ensure it's still null- -terminated. Use strlcpy() instead. - -Signed-off-by: Ben Hutchings ---- ---- a/tools/lib/api/fs/fs.c -+++ b/tools/lib/api/fs/fs.c -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include - - #include "fs.h" - #include "debug-internal.h" -@@ -219,7 +220,7 @@ static bool fs__env_override(struct fs * - return false; - - fs->found = true; -- strncpy(fs->path, override_path, sizeof(fs->path)); -+ strlcpy(fs->path, override_path, sizeof(fs->path)); - return true; - } - diff --git a/debian/patches/bugfix/all/tools-perf-man-date.patch b/debian/patches/bugfix/all/tools-perf-man-date.patch deleted file mode 100644 index 80a19b55405a..000000000000 --- a/debian/patches/bugfix/all/tools-perf-man-date.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Ben Hutchings -Date: Mon, 13 Jul 2015 20:29:20 +0100 -Subject: perf tools: Use $KBUILD_BUILD_TIMESTAMP as man page date -Forwarded: http://mid.gmane.org/20160517132809.GE7555@decadent.org.uk - -This allows man pages to be built reproducibly. - -Signed-off-by: Ben Hutchings ---- - tools/perf/Documentation/Makefile | 3 +++ - tools/perf/Documentation/asciidoc.conf | 3 +++ - 2 files changed, 6 insertions(+) - -diff --git a/tools/perf/Documentation/Makefile b/tools/perf/Documentation/Makefile -index adc5a7e44b98..2161b2e838b7 100644 ---- a/tools/perf/Documentation/Makefile -+++ b/tools/perf/Documentation/Makefile -@@ -132,6 +132,9 @@ endif - ifdef DOCBOOK_SUPPRESS_SP - XMLTO_EXTRA += -m manpage-suppress-sp.xsl - endif -+ifdef KBUILD_BUILD_TIMESTAMP -+ASCIIDOC_EXTRA += -a revdate=$(shell date -u -d '$(KBUILD_BUILD_TIMESTAMP)' +%Y-%m-%d) -+endif - - SHELL_PATH ?= $(SHELL) - # Shell quote; -diff --git a/tools/perf/Documentation/asciidoc.conf b/tools/perf/Documentation/asciidoc.conf -index 2b62ba1e72b7..82d3060177ba 100644 ---- a/tools/perf/Documentation/asciidoc.conf -+++ b/tools/perf/Documentation/asciidoc.conf -@@ -71,6 +71,9 @@ ifdef::backend-docbook[] - [header] - template::[header-declarations] - -+ -+template::[docinfo] -+ - ifdef::perf_date[] - {perf_date} - endif::perf_date[] --- -2.23.0 - diff --git a/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch b/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch deleted file mode 100644 index 66366eb08afd..000000000000 --- a/debian/patches/bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch +++ /dev/null @@ -1,165 +0,0 @@ -From: Ben Hutchings -Date: Sun, 25 Aug 2019 13:49:41 +0100 -Subject: tools/perf: pmu-events: Fix reproducibility -Forwarded: https://lore.kernel.org/lkml/20190825131329.naqzd5kwg7mw5d3f@decadent.org.uk/T/#u - -jevents.c uses nftw() to enumerate files and outputs the corresponding -C structs in the order they are found. This makes it sensitive to -directory ordering, so that the perf executable is not reproducible. - -To avoid this, store all the files and directories found and then sort -them by their (relative) path. (This maintains the parent-first -ordering that nftw() promises.) Then apply the existing callbacks to -them in the sorted order. - -Don't both storing the stat buffers as we don't need them. - -References: https://tests.reproducible-builds.org/debian/dbdtxt/bullseye/i386/linux_4.19.37-6.diffoscope.txt.gz -Signed-off-by: Ben Hutchings ---- ---- a/tools/perf/pmu-events/jevents.c -+++ b/tools/perf/pmu-events/jevents.c -@@ -50,6 +50,12 @@ - #include "json.h" - #include "jevents.h" - -+struct found_file { -+ const char *fpath; -+ int typeflag; -+ struct FTW ftwbuf; -+}; -+ - int verbose; - char *prog; - -@@ -865,6 +871,44 @@ static int get_maxfds(void) - * nftw() doesn't let us pass an argument to the processing function, - * so use a global variables. - */ -+static struct found_file *found_files; -+static size_t n_found_files; -+static size_t max_found_files; -+ -+static int add_one_file(const char *fpath, const struct stat *sb, -+ int typeflag, struct FTW *ftwbuf) -+{ -+ struct found_file *file; -+ -+ if (ftwbuf->level == 0 || ftwbuf->level > 3) -+ return 0; -+ -+ /* Grow array if necessary */ -+ if (n_found_files >= max_found_files) { -+ if (max_found_files == 0) -+ max_found_files = 16; -+ else -+ max_found_files *= 2; -+ found_files = realloc(found_files, -+ max_found_files * sizeof(*found_files)); -+ } -+ -+ file = &found_files[n_found_files++]; -+ file->fpath = strdup(fpath); -+ file->typeflag = typeflag; -+ file->ftwbuf = *ftwbuf; -+ -+ return 0; -+} -+ -+static int compare_files(const void *left, const void *right) -+{ -+ const struct found_file *left_file = left; -+ const struct found_file *right_file = right; -+ -+ return strcmp(left_file->fpath, right_file->fpath); -+} -+ - static FILE *eventsfp; - static char *mapfile; - -@@ -919,19 +963,19 @@ static int is_json_file(const char *name - return 0; - } - --static int preprocess_arch_std_files(const char *fpath, const struct stat *sb, -+static int preprocess_arch_std_files(const char *fpath, - int typeflag, struct FTW *ftwbuf) - { - int level = ftwbuf->level; - int is_file = typeflag == FTW_F; - - if (level == 1 && is_file && is_json_file(fpath)) -- return json_events(fpath, save_arch_std_events, (void *)sb); -+ return json_events(fpath, save_arch_std_events, NULL); - - return 0; - } - --static int process_one_file(const char *fpath, const struct stat *sb, -+static int process_one_file(const char *fpath, - int typeflag, struct FTW *ftwbuf) - { - char *tblname, *bname; -@@ -956,9 +1000,9 @@ static int process_one_file(const char * - } else - bname = (char *) fpath + ftwbuf->base; - -- pr_debug("%s %d %7jd %-20s %s\n", -+ pr_debug("%s %d %-20s %s\n", - is_file ? "f" : is_dir ? "d" : "x", -- level, sb->st_size, bname, fpath); -+ level, bname, fpath); - - /* base dir or too deep */ - if (level == 0 || level > 3) -@@ -1070,6 +1114,7 @@ int main(int argc, char *argv[]) - const char *output_file; - const char *start_dirname; - struct stat stbuf; -+ size_t i; - - prog = basename(argv[0]); - if (argc < 4) { -@@ -1113,8 +1158,26 @@ int main(int argc, char *argv[]) - */ - - maxfds = get_maxfds(); -+ rc = nftw(ldirname, add_one_file, maxfds, 0); -+ if (rc < 0) { -+ /* Make build fail */ -+ free_arch_std_events(); -+ return 1; -+ } else if (rc) { -+ goto empty_map; -+ } -+ -+ /* Sort file names to ensure reproduciblity */ -+ qsort(found_files, n_found_files, sizeof(*found_files), compare_files); -+ - mapfile = NULL; -- rc = nftw(ldirname, preprocess_arch_std_files, maxfds, 0); -+ for (i = 0; i < n_found_files; i++) { -+ rc = preprocess_arch_std_files(found_files[i].fpath, -+ found_files[i].typeflag, -+ &found_files[i].ftwbuf); -+ if (rc) -+ break; -+ } - if (rc && verbose) { - pr_info("%s: Error preprocessing arch standard files %s\n", - prog, ldirname); -@@ -1127,7 +1190,13 @@ int main(int argc, char *argv[]) - goto empty_map; - } - -- rc = nftw(ldirname, process_one_file, maxfds, 0); -+ for (i = 0; i < n_found_files; i++) { -+ rc = process_one_file(found_files[i].fpath, -+ found_files[i].typeflag, -+ &found_files[i].ftwbuf); -+ if (rc) -+ break; -+ } - if (rc && verbose) { - pr_info("%s: Error walking file tree %s\n", prog, ldirname); - goto empty_map; diff --git a/debian/patches/bugfix/all/tools-perf-remove-shebangs.patch b/debian/patches/bugfix/all/tools-perf-remove-shebangs.patch deleted file mode 100644 index 9766e0e4a51a..000000000000 --- a/debian/patches/bugfix/all/tools-perf-remove-shebangs.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Ben Hutchings -Date: Fri, 25 Sep 2015 20:09:23 +0100 -Subject: tools/perf: Remove shebang lines from perf scripts -Forwarded: no - -perf scripts need to be invoked through perf, not directly through -perl (or other language interpreter). So including shebang lines in -them is useless and possibly misleading. - -Signed-off-by: Ben Hutchings ---- ---- a/tools/perf/scripts/perl/rw-by-file.pl -+++ b/tools/perf/scripts/perl/rw-by-file.pl -@@ -1,4 +1,3 @@ --#!/usr/bin/perl -w - # SPDX-License-Identifier: GPL-2.0-only - # (c) 2009, Tom Zanussi - ---- a/tools/perf/scripts/perl/rw-by-pid.pl -+++ b/tools/perf/scripts/perl/rw-by-pid.pl -@@ -1,4 +1,3 @@ --#!/usr/bin/perl -w - # SPDX-License-Identifier: GPL-2.0-only - # (c) 2009, Tom Zanussi - ---- a/tools/perf/scripts/perl/rwtop.pl -+++ b/tools/perf/scripts/perl/rwtop.pl -@@ -1,4 +1,3 @@ --#!/usr/bin/perl -w - # SPDX-License-Identifier: GPL-2.0-only - # (c) 2010, Tom Zanussi - ---- a/tools/perf/scripts/perl/wakeup-latency.pl -+++ b/tools/perf/scripts/perl/wakeup-latency.pl -@@ -1,4 +1,3 @@ --#!/usr/bin/perl -w - # SPDX-License-Identifier: GPL-2.0-only - # (c) 2009, Tom Zanussi - diff --git a/debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch b/debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch deleted file mode 100644 index d9d7b301dd39..000000000000 --- a/debian/patches/bugfix/all/usbip-document-tcp-wrappers.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Ben Hutchings -Date: Sun, 24 Jun 2012 02:51:39 +0100 -Subject: usbip: Document TCP wrappers -Forwarded: no - -Add references to TCP wrappers configuration in the manual page. - ---- a/tools/usb/usbip/doc/usbipd.8 -+++ b/tools/usb/usbip/doc/usbipd.8 -@@ -14,7 +14,8 @@ Devices have to explicitly be exported u - before usbipd makes them available to other hosts. - - The daemon accepts connections from USB/IP clients --on TCP port 3240 by default. -+on TCP port 3240 by default. The clients authorised to connect may be -+configured as documented in hosts_access(5). - - .SH OPTIONS - .HP -@@ -69,7 +70,8 @@ Show version. - - .B usbipd - offers no authentication or authorization for USB/IP. Any --USB/IP client can connect and use exported devices. -+USB/IP client running on an authorised host can connect and -+use exported devices. - - .SH EXAMPLES - diff --git a/debian/patches/bugfix/all/usbip-fix-misuse-of-strncpy.patch b/debian/patches/bugfix/all/usbip-fix-misuse-of-strncpy.patch deleted file mode 100644 index 90c9af038ab6..000000000000 --- a/debian/patches/bugfix/all/usbip-fix-misuse-of-strncpy.patch +++ /dev/null @@ -1,72 +0,0 @@ -From: Ben Hutchings -Date: Fri, 20 Jul 2018 01:30:24 +0100 -Subject: usbip: Fix misuse of strncpy() -Bug-Debian: https://bugs.debian.org/897802 -Forwarded: https://marc.info/?l=linux-usb&m=153213915806258 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -gcc 8 reports: - -usbip_device_driver.c: In function ‘read_usb_vudc_device’: -usbip_device_driver.c:106:2: error: ‘strncpy’ specified bound 256 equals destination size [-Werror=stringop-truncation] - strncpy(dev->path, path, SYSFS_PATH_MAX); - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -usbip_device_driver.c:125:2: error: ‘strncpy’ specified bound 32 equals destination size [-Werror=stringop-truncation] - strncpy(dev->busid, name, SYSFS_BUS_ID_SIZE); - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -I'm not convinced it makes sense to truncate the copied strings here, -but since we're already doing so let's ensure they're still null- -terminated. We can't easily use strlcpy() here, so use snprintf(). - -usbip_common.c has the same problem. - -Signed-off-by: Ben Hutchings ---- - tools/usb/usbip/libsrc/usbip_common.c | 4 ++-- - tools/usb/usbip/libsrc/usbip_device_driver.c | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/tools/usb/usbip/libsrc/usbip_common.c b/tools/usb/usbip/libsrc/usbip_common.c -index b8d7d480595a..02aae7cccb2d 100644 ---- a/tools/usb/usbip/libsrc/usbip_common.c -+++ b/tools/usb/usbip/libsrc/usbip_common.c -@@ -226,9 +226,9 @@ int read_usb_device(struct udev_device *sdev, struct usbip_usb_device *udev) - path = udev_device_get_syspath(sdev); - name = udev_device_get_sysname(sdev); - -- strncpy(udev->path, path, SYSFS_PATH_MAX - 1); -+ snprintf(udev->path, SYSFS_PATH_MAX - 1, "%s", path); - udev->path[SYSFS_PATH_MAX - 1] = '\0'; -- strncpy(udev->busid, name, SYSFS_BUS_ID_SIZE - 1); -+ snprintf(udev->busid, SYSFS_BUS_ID_SIZE - 1, "%s", name); - udev->busid[SYSFS_BUS_ID_SIZE - 1] = '\0'; - - sscanf(name, "%u-%u", &busnum, &devnum); -diff --git a/tools/usb/usbip/libsrc/usbip_device_driver.c b/tools/usb/usbip/libsrc/usbip_device_driver.c -index 051d7d3f443b..1487770603a8 100644 ---- a/tools/usb/usbip/libsrc/usbip_device_driver.c -+++ b/tools/usb/usbip/libsrc/usbip_device_driver.c -@@ -91,7 +91,7 @@ int read_usb_vudc_device(struct udev_device *sdev, struct usbip_usb_device *dev) - copy_descr_attr16(dev, &descr, idProduct); - copy_descr_attr16(dev, &descr, bcdDevice); - -- strncpy(dev->path, path, SYSFS_PATH_MAX - 1); -+ snprintf(dev->path, SYSFS_PATH_MAX - 1, "%s", path); - dev->path[SYSFS_PATH_MAX - 1] = '\0'; - - dev->speed = USB_SPEED_UNKNOWN; -@@ -111,7 +111,7 @@ int read_usb_vudc_device(struct udev_device *sdev, struct usbip_usb_device *dev) - dev->busnum = 0; - - name = udev_device_get_sysname(plat); -- strncpy(dev->busid, name, SYSFS_BUS_ID_SIZE - 1); -+ snprintf(dev->busid, SYSFS_BUS_ID_SIZE - 1, "%s", name); - dev->busid[SYSFS_BUS_ID_SIZE - 1] = '\0'; - return 0; - err: --- -2.23.0 - diff --git a/debian/patches/bugfix/all/usbip-network-fix-unaligned-member-access.patch b/debian/patches/bugfix/all/usbip-network-fix-unaligned-member-access.patch deleted file mode 100644 index 059eba8c92c4..000000000000 --- a/debian/patches/bugfix/all/usbip-network-fix-unaligned-member-access.patch +++ /dev/null @@ -1,79 +0,0 @@ -From: Ben Hutchings -Date: Sun, 18 Aug 2019 16:15:26 +0100 -Subject: usbip: network: Fix unaligned member access -Bug-Debian: https://bugs.debian.org/925766 - -gcc 9 warns: - -usbip_network.c: In function ‘usbip_net_pack_usb_device’: -usbip_network.c:79:32: error: taking address of packed member of ‘struct usbip_usb_device’ may result in an unaligned pointer value [-Werror=address-of-packed-member] - 79 | usbip_net_pack_uint32_t(pack, &udev->busnum); - | ^~~~~~~~~~~~~ - -and similarly for other calls to usbip_net_pack_uint{16,32}_t(). - -These fields are unaligned because they are declared as part of a -packed structure. Functions operating on the structure will use the -appropriate accessors for unaligned data if necessary, but there -doesn't seem to be a way to declare functions as taking a pointer -to a unaligned scalar. - -Instead, change these functions to take a pointer of type void * and -to memcpy() the unaligned value in and out of a local variable. - -Signed-off-by: Ben Hutchings ---- ---- a/tools/usb/usbip/src/usbip_network.c -+++ b/tools/usb/usbip/src/usbip_network.c -@@ -50,28 +50,30 @@ void usbip_setup_port_number(char *arg) - info("using port %d (\"%s\")", usbip_port, usbip_port_string); - } - --void usbip_net_pack_uint32_t(int pack, uint32_t *num) -+void usbip_net_pack_uint32_t(int pack, void *num) - { - uint32_t i; - -+ memcpy(&i, num, sizeof(i)); - if (pack) -- i = htonl(*num); -+ i = htonl(i); - else -- i = ntohl(*num); -+ i = ntohl(i); - -- *num = i; -+ memcpy(num, &i, sizeof(i)); - } - --void usbip_net_pack_uint16_t(int pack, uint16_t *num) -+void usbip_net_pack_uint16_t(int pack, void *num) - { - uint16_t i; - -+ memcpy(&i, num, sizeof(i)); - if (pack) -- i = htons(*num); -+ i = htons(i); - else -- i = ntohs(*num); -+ i = ntohs(i); - -- *num = i; -+ memcpy(num, &i, sizeof(i)); - } - - void usbip_net_pack_usb_device(int pack, struct usbip_usb_device *udev) ---- a/tools/usb/usbip/src/usbip_network.h -+++ b/tools/usb/usbip/src/usbip_network.h -@@ -166,8 +166,8 @@ struct op_devlist_reply_extra { - usbip_net_pack_uint32_t(pack, &(reply)->ndev);\ - } while (0) - --void usbip_net_pack_uint32_t(int pack, uint32_t *num); --void usbip_net_pack_uint16_t(int pack, uint16_t *num); -+void usbip_net_pack_uint32_t(int pack, void *num); -+void usbip_net_pack_uint16_t(int pack, void *num); - void usbip_net_pack_usb_device(int pack, struct usbip_usb_device *udev); - void usbip_net_pack_usb_interface(int pack, struct usbip_usb_interface *uinf); - diff --git a/debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch b/debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch deleted file mode 100644 index 9e6622fb039e..000000000000 --- a/debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Ben Hutchings -Date: Fri, 17 Feb 2017 01:30:30 +0000 -Subject: ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419 -Forwarded: https://www.spinics.net/lists/arm-kernel/msg563610.html -Bug-Debian: https://bugs.debian.org/855017 - -The old board code for the TS419 assigns MPP pins 15 and 16 as SATA -activity signals (and none as SATA presence signals). Currently the -device tree assigns the SoC's default pinmux groups for SATA, which -conflict with the second Ethernet port. - -Reported-by: gmbh@gazeta.pl -Tested-by: gmbh@gazeta.pl -References: https://bugs.debian.org/855017 -Cc: stable@vger.kernel.org # 3.15+ -Fixes: 934b524b3f49 ("ARM: Kirkwood: Add DT description of QNAP 419") -Signed-off-by: Ben Hutchings ---- - arch/arm/boot/dts/kirkwood-ts419.dtsi | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/arch/arm/boot/dts/kirkwood-ts419.dtsi b/arch/arm/boot/dts/kirkwood-ts419.dtsi -index 02bd53762705..532506cb0f4a 100644 ---- a/arch/arm/boot/dts/kirkwood-ts419.dtsi -+++ b/arch/arm/boot/dts/kirkwood-ts419.dtsi -@@ -73,3 +73,11 @@ - phy-handle = <ðphy1>; - }; - }; -+ -+&pmx_sata0 { -+ marvell,pins = "mpp15"; -+}; -+ -+&pmx_sata1 { -+ marvell,pins = "mpp16"; -+}; diff --git a/debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch b/debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch deleted file mode 100644 index 1bdd37fbe466..000000000000 --- a/debian/patches/bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Ben Hutchings -Date: Wed, 11 Jul 2018 23:40:55 +0100 -Subject: ARM: mm: Export __sync_icache_dcache() for xen-privcmd -Forwarded: https://marc.info/?l=linux-arm-kernel&m=153134944429241 - -The xen-privcmd driver, which can be modular, calls set_pte_at() -which in turn may call __sync_icache_dcache(). - -The call to __sync_icache_dcache() may be optimised out because it is -conditional on !pte_special(), and xen-privcmd calls pte_mkspecial(). -However, in a non-LPAE configuration there is no "special" bit and the -call is really unconditional. - -Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE") -Signed-off-by: Ben Hutchings ---- - arch/arm/mm/flush.c | 1 + - 1 file changed, 1 insertion(+) - -Index: debian-kernel/arch/arm/mm/flush.c -=================================================================== ---- debian-kernel.orig/arch/arm/mm/flush.c -+++ debian-kernel/arch/arm/mm/flush.c -@@ -292,6 +292,7 @@ void __sync_icache_dcache(pte_t pteval) - if (pte_exec(pteval)) - __flush_icache_all(); - } -+EXPORT_SYMBOL_GPL(__sync_icache_dcache); - #endif - - /* diff --git a/debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch b/debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch deleted file mode 100644 index 5ca50d2e9332..000000000000 --- a/debian/patches/bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch +++ /dev/null @@ -1,90 +0,0 @@ -From: Geoff Levand -Date: Wed, 13 Jun 2018 10:56:08 -0700 -Subject: arm64/acpi: Add fixup for HPE m400 quirks -Forwarded: https://patchwork.codeaurora.org/patch/547277/ - -Adds a new ACPI init routine acpi_fixup_m400_quirks that adds -a work-around for HPE ProLiant m400 APEI firmware problems. - -The work-around disables APEI when CONFIG_ACPI_APEI is set and -m400 firmware is detected. Without this fixup m400 systems -experience errors like these on startup: - - [Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 2 - [Hardware Error]: event severity: fatal - [Hardware Error]: Error 0, type: fatal - [Hardware Error]: section_type: memory error - [Hardware Error]: error_status: 0x0000000000001300 - [Hardware Error]: error_type: 10, invalid address - Kernel panic - not syncing: Fatal hardware error! - -Signed-off-by: Geoff Levand -[bwh: Adjust context to apply to Linux 4.19] ---- - arch/arm64/kernel/acpi.c | 40 ++++++++++++++++++++++++++++++++++++---- - 1 file changed, 36 insertions(+), 4 deletions(-) - ---- a/arch/arm64/kernel/acpi.c -+++ b/arch/arm64/kernel/acpi.c -@@ -33,6 +33,8 @@ - #include - #include - -+#include -+ - int acpi_noirq = 1; /* skip ACPI IRQ initialization */ - int acpi_disabled = 1; - EXPORT_SYMBOL(acpi_disabled); -@@ -175,6 +177,33 @@ out: - } - - /* -+ * acpi_fixup_m400_quirks - Work-around for HPE ProLiant m400 APEI firmware -+ * problems. -+ */ -+static void __init acpi_fixup_m400_quirks(void) -+{ -+ acpi_status status; -+ struct acpi_table_header *header; -+#if !defined(CONFIG_ACPI_APEI) -+ int hest_disable = HEST_DISABLED; -+#endif -+ -+ if (!IS_ENABLED(CONFIG_ACPI_APEI) || hest_disable != HEST_ENABLED) -+ return; -+ -+ status = acpi_get_table(ACPI_SIG_HEST, 0, &header); -+ -+ if (ACPI_SUCCESS(status) && !strncmp(header->oem_id, "HPE ", 6) && -+ !strncmp(header->oem_table_id, "ProLiant", 8) && -+ MIDR_IMPLEMENTOR(read_cpuid_id()) == ARM_CPU_IMP_APM) { -+ hest_disable = HEST_DISABLED; -+ pr_info("Disabled APEI for m400.\n"); -+ } -+ -+ acpi_put_table(header); -+} -+ -+/* - * acpi_boot_table_init() called from setup_arch(), always. - * 1. find RSDP and get its address, and then find XSDT - * 2. extract all tables and checksums them all -@@ -229,11 +258,14 @@ done: - if (acpi_disabled) { - if (earlycon_acpi_spcr_enable) - early_init_dt_scan_chosen_stdout(); -- } else { -- acpi_parse_spcr(earlycon_acpi_spcr_enable, true); -- if (IS_ENABLED(CONFIG_ACPI_BGRT)) -- acpi_table_parse(ACPI_SIG_BGRT, acpi_parse_bgrt); -+ return; - } -+ -+ acpi_parse_spcr(earlycon_acpi_spcr_enable, true); -+ if (IS_ENABLED(CONFIG_ACPI_BGRT)) -+ acpi_table_parse(ACPI_SIG_BGRT, acpi_parse_bgrt); -+ -+ acpi_fixup_m400_quirks(); - } - - pgprot_t __acpi_get_mem_attribute(phys_addr_t addr) diff --git a/debian/patches/bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch b/debian/patches/bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch deleted file mode 100644 index 2d568d35ef24..000000000000 --- a/debian/patches/bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Heinrich Schuchardt -Date: Mon, 4 Jun 2018 19:15:23 +0200 -Subject: arm64: dts: rockchip: correct voltage selector on Firefly-RK3399 -Bug-Debian: https://bugs.debian.org/900799 -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git/patch/?id=710e8c4a54be82ee8a97324e7b4330bf191e08bf - -Without this patch the Firefly-RK3399 board boot process hangs after these -lines: - - fan53555-regulator 0-0040: FAN53555 Option[8] Rev[1] Detected! - fan53555-reg: supplied by vcc_sys - vcc1v8_s3: supplied by vcc_1v8 - -Blacklisting driver fan53555 allows booting. - -The device tree uses a value of fcs,suspend-voltage-selector different to -any other board. - -Changing this setting to the usual value is sufficient to enable booting -and also matches the value used in the vendor kernel. - -Fixes: 171582e00db1 ("arm64: dts: rockchip: add support for firefly-rk3399 board") -Cc: stable@vger.kernel.org -Signed-off-by: Heinrich Schuchardt -Signed-off-by: Heiko Stuebner ---- - arch/arm64/boot/dts/rockchip/rk3399-firefly.dts | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/arm64/boot/dts/rockchip/rk3399-firefly.dts b/arch/arm64/boot/dts/rockchip/rk3399-firefly.dts -index 86ff1eb..d8a2f0b 100644 ---- a/arch/arm64/boot/dts/rockchip/rk3399-firefly.dts -+++ b/arch/arm64/boot/dts/rockchip/rk3399-firefly.dts -@@ -421,7 +421,7 @@ - vdd_cpu_b: regulator@40 { - compatible = "silergy,syr827"; - reg = <0x40>; -- fcs,suspend-voltage-selector = <0>; -+ fcs,suspend-voltage-selector = <1>; - regulator-name = "vdd_cpu_b"; - regulator-min-microvolt = <712500>; - regulator-max-microvolt = <1500000>; --- -cgit v1.1 - diff --git a/debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch b/debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch deleted file mode 100644 index 0b3acfadbe05..000000000000 --- a/debian/patches/bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Krzysztof Kozlowski -Date: Wed, 29 Aug 2018 09:32:23 +0200 -Subject: powerpc/boot: Fix missing crc32poly.h when building with KERNEL_XZ -Origin: https://patchwork.ozlabs.org/patch/963258/ - -After commit faa16bc404d7 ("lib: Use existing define with -polynomial") the lib/xz/xz_crc32.c includes a header from include/linux -directory thus any other user of this code should define proper include -path. - -This fixes the build error on powerpc with CONFIG_KERNEL_XZ: - - In file included from ../arch/powerpc/boot/../../../lib/decompress_unxz.c:233:0, - from ../arch/powerpc/boot/decompress.c:42: - ../arch/powerpc/boot/../../../lib/xz/xz_crc32.c:18:29: fatal error: linux/crc32poly.h: No such file or directory - -Reported-by: Michal Kubecek -Fixes: faa16bc404d7 ("lib: Use existing define with polynomial") -Signed-off-by: Krzysztof Kozlowski -Reported-by: kbuild test robot -Reported-by: Meelis Roos -Tested-by: Michal Kubecek ---- - arch/powerpc/boot/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/powerpc/boot/Makefile b/arch/powerpc/boot/Makefile -index 0fb96c26136f..ba4182fb185d 100644 ---- a/arch/powerpc/boot/Makefile -+++ b/arch/powerpc/boot/Makefile -@@ -63,7 +63,7 @@ ifeq ($(call cc-option-yn, -fstack-protector),y) - BOOTCFLAGS += -fno-stack-protector - endif - --BOOTCFLAGS += -I$(objtree)/$(obj) -I$(srctree)/$(obj) -+BOOTCFLAGS += -I$(objtree)/$(obj) -I$(srctree)/$(obj) -I$(srctree)/include - - DTC_FLAGS ?= -p 1024 - diff --git a/debian/patches/bugfix/ppc64el/libbpf-fix-readelf-output-parsing-on-powerpc-with-re.patch b/debian/patches/bugfix/ppc64el/libbpf-fix-readelf-output-parsing-on-powerpc-with-re.patch deleted file mode 100644 index a4bb5d1fc298..000000000000 --- a/debian/patches/bugfix/ppc64el/libbpf-fix-readelf-output-parsing-on-powerpc-with-re.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Aurelien Jarno -Date: Sun, 1 Dec 2019 20:35:55 +0100 -Subject: libbpf: fix readelf output parsing on powerpc with recent binutils -Origin: https://lore.kernel.org/patchwork/patch/1161149/ - -On powerpc with recent versions of binutils, readelf outputs an extra -field when dumping the symbols of an object file. For example: - - 35: 0000000000000838 96 FUNC LOCAL DEFAULT [: 8] 1 btf_is_struct - -The extra "[: 8]" prevents the GLOBAL_SYM_COUNT variable to -be computed correctly and causes the checkabi target to fail. - -Fix that by looking for the symbol name in the last field instead of the -8th one. This way it should also cope with future extra fields. - -Signed-off-by: Aurelien Jarno ---- - tools/lib/bpf/Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tools/lib/bpf/Makefile b/tools/lib/bpf/Makefile -index 99425d0be6ff..333900cf3f4f 100644 ---- a/tools/lib/bpf/Makefile -+++ b/tools/lib/bpf/Makefile -@@ -147,7 +147,7 @@ TAGS_PROG := $(if $(shell which etags 2>/dev/null),etags,ctags) - - GLOBAL_SYM_COUNT = $(shell readelf -s --wide $(BPF_IN_SHARED) | \ - cut -d "@" -f1 | sed 's/_v[0-9]_[0-9]_[0-9].*//' | \ -- awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$8}' | \ -+ awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$NF}' | \ - sort -u | wc -l) - VERSIONED_SYM_COUNT = $(shell readelf -s --wide $(OUTPUT)libbpf.so | \ - grep -Eo '[^ ]+@LIBBPF_' | cut -d@ -f1 | sort -u | wc -l) -@@ -216,7 +216,7 @@ check_abi: $(OUTPUT)libbpf.so - "versioned in $(VERSION_SCRIPT)." >&2; \ - readelf -s --wide $(OUTPUT)libbpf-in.o | \ - cut -d "@" -f1 | sed 's/_v[0-9]_[0-9]_[0-9].*//' | \ -- awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$8}'| \ -+ awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$NF}'| \ - sort -u > $(OUTPUT)libbpf_global_syms.tmp; \ - readelf -s --wide $(OUTPUT)libbpf.so | \ - grep -Eo '[^ ]+@LIBBPF_' | cut -d@ -f1 | \ --- -2.24.0 - diff --git a/debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch b/debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch deleted file mode 100644 index d10177b4bc92..000000000000 --- a/debian/patches/bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch +++ /dev/null @@ -1,124 +0,0 @@ -From: Ben Hutchings -Date: Sat, 19 Aug 2017 21:42:09 +0100 -Subject: sh: Do not use hyphen in exported variable names -Forwarded: https://marc.info/?l=linux-sh&m=150317827322995&w=2 - -arch/sh/Makefile defines and exports ld-bfd to be used by -arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile. Similarly -arch/sh/boot/Makefile defines and exports suffix-y to be used by -arch/sh/boot/compressed/Makefile. However some shells, including -dash, will not pass through environment variables whose name includes -a hyphen. Usually GNU make does not use a shell to recurse, but if -e.g. $(srctree) contains '~' it will use a shell here. - -Rename these variables to ld_bfd and suffix_y. - -References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=4.13%7Erc5-1%7Eexp1&stamp=1502943967&raw=0 -Fixes: ef9b542fce00 ("sh: bzip2/lzma uImage support.") -Signed-off-by: Ben Hutchings ---- - arch/sh/Makefile | 10 +++++----- - arch/sh/boot/Makefile | 16 ++++++++-------- - arch/sh/boot/compressed/Makefile | 6 +++--- - arch/sh/boot/romimage/Makefile | 4 ++-- - 4 files changed, 18 insertions(+), 18 deletions(-) - ---- a/arch/sh/Makefile -+++ b/arch/sh/Makefile -@@ -119,16 +119,16 @@ LDFLAGS_vmlinux += --defsym phys_stext= - endif - - ifdef CONFIG_CPU_LITTLE_ENDIAN --ld-bfd := elf32-$(UTS_MACHINE)-linux --LDFLAGS_vmlinux += --defsym jiffies=jiffies_64 --oformat $(ld-bfd) -+ld_bfd := elf32-$(UTS_MACHINE)-linux -+LDFLAGS_vmlinux += --defsym jiffies=jiffies_64 --oformat $(ld_bfd) - KBUILD_LDFLAGS += -EL - else --ld-bfd := elf32-$(UTS_MACHINE)big-linux --LDFLAGS_vmlinux += --defsym jiffies=jiffies_64+4 --oformat $(ld-bfd) -+ld_bfd := elf32-$(UTS_MACHINE)big-linux -+LDFLAGS_vmlinux += --defsym jiffies=jiffies_64+4 --oformat $(ld_bfd) - KBUILD_LDFLAGS += -EB - endif - --export ld-bfd BITS -+export ld_bfd BITS - - head-y := arch/sh/kernel/head_$(BITS).o - ---- a/arch/sh/boot/Makefile -+++ b/arch/sh/boot/Makefile -@@ -19,12 +19,12 @@ CONFIG_ZERO_PAGE_OFFSET ?= 0x00001000 - CONFIG_ENTRY_OFFSET ?= 0x00001000 - CONFIG_PHYSICAL_START ?= $(CONFIG_MEMORY_START) - --suffix-y := bin --suffix-$(CONFIG_KERNEL_GZIP) := gz --suffix-$(CONFIG_KERNEL_BZIP2) := bz2 --suffix-$(CONFIG_KERNEL_LZMA) := lzma --suffix-$(CONFIG_KERNEL_XZ) := xz --suffix-$(CONFIG_KERNEL_LZO) := lzo -+suffix_y := bin -+suffix_$(CONFIG_KERNEL_GZIP) := gz -+suffix_$(CONFIG_KERNEL_BZIP2) := bz2 -+suffix_$(CONFIG_KERNEL_LZMA) := lzma -+suffix_$(CONFIG_KERNEL_XZ) := xz -+suffix_$(CONFIG_KERNEL_LZO) := lzo - - targets := zImage vmlinux.srec romImage uImage uImage.srec uImage.gz \ - uImage.bz2 uImage.lzma uImage.xz uImage.lzo uImage.bin -@@ -106,10 +106,10 @@ OBJCOPYFLAGS_uImage.srec := -I binary -O - $(obj)/uImage.srec: $(obj)/uImage - $(call if_changed,objcopy) - --$(obj)/uImage: $(obj)/uImage.$(suffix-y) -+$(obj)/uImage: $(obj)/uImage.$(suffix_y) - @ln -sf $(notdir $<) $@ - @echo ' Image $@ is ready' - - export CONFIG_PAGE_OFFSET CONFIG_MEMORY_START CONFIG_BOOT_LINK_OFFSET \ - CONFIG_PHYSICAL_START CONFIG_ZERO_PAGE_OFFSET CONFIG_ENTRY_OFFSET \ -- KERNEL_MEMORY suffix-y -+ KERNEL_MEMORY suffix_y ---- a/arch/sh/boot/compressed/Makefile -+++ b/arch/sh/boot/compressed/Makefile -@@ -33,7 +33,7 @@ ORIG_CFLAGS := $(KBUILD_CFLAGS) - KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS)) - endif - --LDFLAGS_vmlinux := --oformat $(ld-bfd) -Ttext $(IMAGE_OFFSET) -e startup \ -+LDFLAGS_vmlinux := --oformat $(ld_bfd) -Ttext $(IMAGE_OFFSET) -e startup \ - -T $(obj)/../../kernel/vmlinux.lds - - # -@@ -75,7 +75,7 @@ $(obj)/vmlinux.bin.lzo: $(vmlinux.bin.al - - OBJCOPYFLAGS += -R .empty_zero_page - --LDFLAGS_piggy.o := -r --format binary --oformat $(ld-bfd) -T -+LDFLAGS_piggy.o := -r --format binary --oformat $(ld_bfd) -T - --$(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/vmlinux.bin.$(suffix-y) FORCE -+$(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/vmlinux.bin.$(suffix_y) FORCE - $(call if_changed,ld) ---- a/arch/sh/boot/romimage/Makefile -+++ b/arch/sh/boot/romimage/Makefile -@@ -13,7 +13,7 @@ mmcif-obj-$(CONFIG_CPU_SUBTYPE_SH7724) : - load-$(CONFIG_ROMIMAGE_MMCIF) := $(mmcif-load-y) - obj-$(CONFIG_ROMIMAGE_MMCIF) := $(mmcif-obj-y) - --LDFLAGS_vmlinux := --oformat $(ld-bfd) -Ttext $(load-y) -e romstart \ -+LDFLAGS_vmlinux := --oformat $(ld_bfd) -Ttext $(load-y) -e romstart \ - -T $(obj)/../../kernel/vmlinux.lds - - $(obj)/vmlinux: $(obj)/head.o $(obj-y) $(obj)/piggy.o FORCE -@@ -24,7 +24,7 @@ OBJCOPYFLAGS += -j .empty_zero_page - $(obj)/zeropage.bin: vmlinux FORCE - $(call if_changed,objcopy) - --LDFLAGS_piggy.o := -r --format binary --oformat $(ld-bfd) -T -+LDFLAGS_piggy.o := -r --format binary --oformat $(ld_bfd) -T - - $(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/zeropage.bin arch/sh/boot/zImage FORCE - $(call if_changed,ld) diff --git a/debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch b/debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch deleted file mode 100644 index f9baa7bd3c19..000000000000 --- a/debian/patches/bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Ben Hutchings -Date: Sat, 22 Jul 2017 17:37:33 +0100 -Subject: perf tools: Fix unwind build on i386 -Forwarded: no - -EINVAL may not be defined when building unwind-libunwind.c with -REMOTE_UNWIND_LIBUNWIND, resulting in a compiler error in -LIBUNWIND__ARCH_REG_ID(). Its only caller, access_reg(), only checks -for a negative return value and doesn't care what it is. So change --EINVAL to -1. - -Fixes: 52ffe0ff02fc ("Support x86(32-bit) cross platform callchain unwind.") -Signed-off-by: Ben Hutchings ---- - ---- a/tools/perf/arch/x86/util/unwind-libunwind.c -+++ b/tools/perf/arch/x86/util/unwind-libunwind.c -@@ -66,7 +66,7 @@ int LIBUNWIND__ARCH_REG_ID(int regnum) - break; - default: - pr_err("unwind: invalid reg id %d\n", regnum); -- return -EINVAL; -+ return -1; - } - - return id; -@@ -106,7 +106,7 @@ int LIBUNWIND__ARCH_REG_ID(int regnum) - break; - default: - pr_err("unwind: invalid reg id %d\n", regnum); -- return -EINVAL; -+ return -1; - } - - return id; diff --git a/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch b/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch deleted file mode 100644 index cfbf98e82453..000000000000 --- a/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Ben Hutchings -Date: Fri, 25 Sep 2015 22:50:50 +0100 -Subject: Revert "perf build: Fix libunwind feature detection on 32-bit x86" -Forwarded: no - -This reverts commit 05b41775e2edd69a83f592e3534930c934d4038e. -It broke feature detection that was working just fine for us. ---- - tools/perf/Makefile.config | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/tools/perf/Makefile.config -+++ b/tools/perf/Makefile.config -@@ -38,7 +38,7 @@ ifeq ($(SRCARCH),x86) - LIBUNWIND_LIBS = -lunwind-x86_64 -lunwind -llzma - $(call detected,CONFIG_X86_64) - else -- LIBUNWIND_LIBS = -lunwind-x86 -llzma -lunwind -+ LIBUNWIND_LIBS = -lunwind -lunwind-x86 - endif - NO_PERF_REGS := 0 - endif diff --git a/debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch b/debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch deleted file mode 100644 index d3957338f853..000000000000 --- a/debian/patches/bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Ben Hutchings -Date: Sat, 20 Apr 2013 15:52:02 +0100 -Subject: viafb: Autoload on OLPC XO 1.5 only -Bug-Debian: https://bugs.debian.org/705788 -Forwarded: no - -It appears that viafb won't work automatically on all the boards for -which it has a PCI device ID match. Currently, it is blacklisted by -udev along with most other framebuffer drivers, so this doesn't matter -much. - -However, this driver is required for console support on the XO 1.5. -We need to allow it to be autoloaded on this model only, and then -un-blacklist it in udev. - ---- ---- a/drivers/video/fbdev/via/via-core.c -+++ b/drivers/video/fbdev/via/via-core.c -@@ -753,7 +753,14 @@ static struct pci_device_id via_pci_tabl - .driver_data = UNICHROME_VX900 }, - { } - }; --MODULE_DEVICE_TABLE(pci, via_pci_table); -+ -+static const struct pci_device_id via_pci_autoload_table[] __initconst = { -+ /* OLPC XO 1.5 */ -+ { PCI_DEVICE(PCI_VENDOR_ID_VIA, UNICHROME_VX855_DID), -+ .subvendor = 0x152d, .subdevice = 0x0833 }, -+ { } -+}; -+MODULE_DEVICE_TABLE(pci, via_pci_autoload_table); - - static struct pci_driver via_driver = { - .name = "viafb", diff --git a/debian/patches/bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch b/debian/patches/bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch deleted file mode 100644 index 074c856bef4c..000000000000 --- a/debian/patches/bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Ben Hutchings -Date: Tue, 25 Sep 2018 19:44:13 +0100 -Subject: x86-32: Disable 3D-Now in generic config - -We want the 686 flavour to run on Geode LX and similar AMD family 5 -CPUs as well as family 6 and higher CPUs. This used to work with -CONFIG_M686=y. However commit 25d76ac88821 "x86/Kconfig: Explicitly -enumerate i686-class CPUs in Kconfig" in Linux 4.16 has made the -kernel require family 6 or higher. - -It looks like a sensible choice would be to enable CONFIG_MGEODE_LX -and CONFIG_X86_GENERIC (for more generic optimisations), but this -currently enables CONFIG_X86_USE_3D_NOW which will cause the kernel to -crash on CPUs without the AMD-specific 3D-Now instructions. - -Make CONFIG_X86_USE_3DNOW depend on CONFIG_X86_GENERIC being disabled. - ---- ---- a/arch/x86/Kconfig.cpu -+++ b/arch/x86/Kconfig.cpu -@@ -337,7 +337,7 @@ config X86_USE_PPRO_CHECKSUM - - config X86_USE_3DNOW - def_bool y -- depends on (MCYRIXIII || MK7 || MGEODE_LX) && !UML -+ depends on (MCYRIXIII || MK7 || MGEODE_LX) && !X86_GENERIC && !UML - - # - # P6_NOPs are a relatively minor optimization that require a family >= diff --git a/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch b/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch deleted file mode 100644 index 55edbc75c0b4..000000000000 --- a/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch +++ /dev/null @@ -1,93 +0,0 @@ -From: Serge Hallyn -Date: Fri, 31 May 2013 19:12:12 +0000 (+0100) -Subject: add sysctl to disallow unprivileged CLONE_NEWUSER by default -Origin: http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=5c847404dcb2e3195ad0057877e1422ae90892b8 - -add sysctl to disallow unprivileged CLONE_NEWUSER by default - -This is a short-term patch. Unprivileged use of CLONE_NEWUSER -is certainly an intended feature of user namespaces. However -for at least saucy we want to make sure that, if any security -issues are found, we have a fail-safe. - -Signed-off-by: Serge Hallyn -[bwh: Remove unneeded binary sysctl bits] ---- ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -102,6 +102,11 @@ - - #define CREATE_TRACE_POINTS - #include -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#else -+#define unprivileged_userns_clone 0 -+#endif - - /* - * Minimum number of threads to boot the kernel -@@ -1550,6 +1555,10 @@ static __latent_entropy struct task_stru - if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) - return ERR_PTR(-EINVAL); - -+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) -+ if (!capable(CAP_SYS_ADMIN)) -+ return ERR_PTR(-EPERM); -+ - /* - * Thread groups must share signals as well, and detached threads - * can only be started up within the thread group. -@@ -2343,6 +2352,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, - if (unshare_flags & CLONE_NEWNS) - unshare_flags |= CLONE_FS; - -+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { -+ err = -EPERM; -+ if (!capable(CAP_SYS_ADMIN)) -+ goto bad_unshare_out; -+ } -+ - err = check_unshare_flags(unshare_flags); - if (err) - goto bad_unshare_out; ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -105,6 +105,9 @@ extern int core_uses_pid; - extern char core_pattern[]; - extern unsigned int core_pipe_limit; - #endif -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#endif - extern int pid_max; - extern int pid_max_min, pid_max_max; - extern int percpu_pagelist_fraction; -@@ -512,6 +515,15 @@ static struct ctl_table kern_table[] = { - .mode = 0644, - .proc_handler = proc_dointvec, - }, -+#endif -+#ifdef CONFIG_USER_NS -+ { -+ .procname = "unprivileged_userns_clone", -+ .data = &unprivileged_userns_clone, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec, -+ }, - #endif - #ifdef CONFIG_PROC_SYSCTL - { ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -26,6 +26,9 @@ - #include - #include - -+/* sysctl */ -+int unprivileged_userns_clone; -+ - static struct kmem_cache *user_ns_cachep __read_mostly; - static DEFINE_MUTEX(userns_state_mutex); - diff --git a/debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch b/debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch deleted file mode 100644 index 3b33f845ab4d..000000000000 --- a/debian/patches/debian/af_802154-Disable-auto-loading-as-mitigation-against.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Ben Hutchings -Date: Fri, 19 Nov 2010 02:12:48 +0000 -Subject: [PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits -Forwarded: not-needed - -Recent review has revealed several bugs in obscure protocol -implementations that can be exploited by local users for denial of -service or privilege escalation. We can mitigate the effect of any -remaining vulnerabilities in such protocols by preventing unprivileged -users from loading the modules, so that they are only exploitable on -systems where the administrator has chosen to load the protocol. - -The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was -not present in the 'lenny' kernel, and seems to receive only sporadic -maintenance. Therefore disable auto-loading. - -Signed-off-by: Ben Hutchings ---- - net/ieee802154/socket.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - ---- a/net/ieee802154/socket.c -+++ b/net/ieee802154/socket.c -@@ -1122,4 +1122,4 @@ module_init(af_ieee802154_init); - module_exit(af_ieee802154_remove); - - MODULE_LICENSE("GPL"); --MODULE_ALIAS_NETPROTO(PF_IEEE802154); -+/* MODULE_ALIAS_NETPROTO(PF_IEEE802154); */ diff --git a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch deleted file mode 100644 index 115ec809439c..000000000000 --- a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch +++ /dev/null @@ -1,110 +0,0 @@ -From: Ben Hutchings -Date: Fri, 22 Jun 2018 17:27:00 +0100 -Subject: android: Enable building ashmem and binder as modules -Bug-Debian: https://bugs.debian.org/901492 - -We want to enable use of the Android ashmem and binder drivers to -support Anbox, but they should not be built-in as that would waste -resources and increase security attack surface on systems that don't -need them. - -- Add a MODULE_LICENSE declaration to ashmem -- Change the Makefiles to build each driver as an object with the - "_linux" suffix (which is what Anbox expects) -- Change config symbol types to tristate ---- - drivers/android/Kconfig | 2 +- - drivers/android/Makefile | 7 ++++--- - drivers/android/binder_alloc.c | 2 +- - drivers/staging/android/Kconfig | 2 +- - drivers/staging/android/Makefile | 3 ++- - drivers/staging/android/ashmem.c | 3 +++ - 6 files changed, 12 insertions(+), 7 deletions(-) - -diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig -index 6fdf2abe4598..329ec9941fbf 100644 ---- a/drivers/android/Kconfig -+++ b/drivers/android/Kconfig -@@ -9,7 +9,7 @@ config ANDROID - if ANDROID - - config ANDROID_BINDER_IPC -- bool "Android Binder IPC Driver" -+ tristate "Android Binder IPC Driver" - depends on MMU - default n - ---help--- -diff --git a/drivers/android/Makefile b/drivers/android/Makefile -index c9d3d0c99c25..55411d9a9c2a 100644 ---- a/drivers/android/Makefile -+++ b/drivers/android/Makefile -@@ -1,6 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0-only - ccflags-y += -I$(src) # needed for trace events - --obj-$(CONFIG_ANDROID_BINDERFS) += binderfs.o --obj-$(CONFIG_ANDROID_BINDER_IPC) += binder.o binder_alloc.o --obj-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o -+obj-$(CONFIG_ANDROID_BINDER_IPC) += binder_linux.o -+binder_linux-y := binder.o binder_alloc.o -+binder_linux-$(CONFIG_ANDROID_BINDERFS) += binderfs.o -+binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o -diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c -index ce5603c2291c..099fef731148 100644 ---- a/drivers/android/binder_alloc.c -+++ b/drivers/android/binder_alloc.c -@@ -37,7 +37,7 @@ enum { - }; - static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR; - --module_param_named(debug_mask, binder_alloc_debug_mask, -+module_param_named(alloc_debug_mask, binder_alloc_debug_mask, - uint, 0644); - - #define binder_alloc_debug(mask, x...) \ -diff --git a/drivers/staging/android/Kconfig b/drivers/staging/android/Kconfig -index d6d605d5cbde..afe9085369a3 100644 ---- a/drivers/staging/android/Kconfig -+++ b/drivers/staging/android/Kconfig -@@ -4,7 +4,7 @@ menu "Android" - if ANDROID - - config ASHMEM -- bool "Enable the Anonymous Shared Memory Subsystem" -+ tristate "Enable the Anonymous Shared Memory Subsystem" - depends on SHMEM - help - The ashmem subsystem is a new shared memory allocator, similar to -diff --git a/drivers/staging/android/Makefile b/drivers/staging/android/Makefile -index 14bd9c6ce10d..c202aa4f8323 100644 ---- a/drivers/staging/android/Makefile -+++ b/drivers/staging/android/Makefile -@@ -3,5 +3,6 @@ ccflags-y += -I$(src) # needed for trace events - - obj-y += ion/ - --obj-$(CONFIG_ASHMEM) += ashmem.o -+obj-$(CONFIG_ASHMEM) += ashmem_linux.o -+ashmem_linux-y += ashmem.o - obj-$(CONFIG_ANDROID_VSOC) += vsoc.o -diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c -index 74d497d39c5a..fbbe467b0ba8 100644 ---- a/drivers/staging/android/ashmem.c -+++ b/drivers/staging/android/ashmem.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - #include "ashmem.h" - - #define ASHMEM_NAME_PREFIX "dev/ashmem/" -@@ -925,3 +926,5 @@ static int __init ashmem_init(void) - return ret; - } - device_initcall(ashmem_init); -+ -+MODULE_LICENSE("GPL v2"); --- -2.20.1 - diff --git a/debian/patches/debian/arch-sh4-fix-uimage-build.patch b/debian/patches/debian/arch-sh4-fix-uimage-build.patch deleted file mode 100644 index 83957dd12860..000000000000 --- a/debian/patches/debian/arch-sh4-fix-uimage-build.patch +++ /dev/null @@ -1,18 +0,0 @@ -From: Nobuhiro Iwamatsu -Subject: [sh4] Fix uImage build -Bug-Debian: https://bugs.debian.org/569034 -Forwarded: not-needed - -[bwh: This was added without a description, but I think it is done - only to avoid a build-dependency on u-boot-tools.] - ---- a/arch/sh/Makefile -+++ b/arch/sh/Makefile -@@ -75,7 +75,6 @@ - - # Give the various platforms the opportunity to set default image types - defaultimage-$(CONFIG_SUPERH32) := zImage --defaultimage-$(CONFIG_SH_SH7785LCR) := uImage - defaultimage-$(CONFIG_SH_RSK) := uImage - defaultimage-$(CONFIG_SH_URQUELL) := uImage - defaultimage-$(CONFIG_SH_MIGOR) := uImage diff --git a/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch b/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch deleted file mode 100644 index 9f21e07056a7..000000000000 --- a/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Adam Borowski -Date: Tue, 28 Mar 2017 16:55:05 +0200 -Subject: btrfs: warn about RAID5/6 being experimental at mount time -Bug-Debian: https://bugs.debian.org/863290 -Origin: https://bugs.debian.org/863290#5 - -Too many people come complaining about losing their data -- and indeed, -there's no warning outside a wiki and the mailing list tribal knowledge. -Message severity chosen for consistency with XFS -- "alert" makes dmesg -produce nice red background which should get the point across. - -Signed-off-by: Adam Borowski -[bwh: Also add_taint() so this is flagged in bug reports] ---- - fs/btrfs/disk-io.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - ---- a/fs/btrfs/disk-io.c -+++ b/fs/btrfs/disk-io.c -@@ -3060,6 +3060,15 @@ retry_root_backup: - btrfs_set_and_info(fs_info, SSD, "enabling ssd optimizations"); - } - -+ if ((fs_info->avail_data_alloc_bits | -+ fs_info->avail_metadata_alloc_bits | -+ fs_info->avail_system_alloc_bits) & -+ BTRFS_BLOCK_GROUP_RAID56_MASK) { -+ btrfs_alert(fs_info, -+ "btrfs RAID5/6 is EXPERIMENTAL and has known data-loss bugs"); -+ add_taint(TAINT_AUX, LOCKDEP_STILL_OK); -+ } -+ - /* - * Mount does not set all options immediately, we can do it now and do - * not have to wait for transaction commit diff --git a/debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch b/debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch deleted file mode 100644 index 70b4468601cb..000000000000 --- a/debian/patches/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Ben Hutchings -Subject: cdc_ncm,cdc_mbim: Use NCM by default -Date: Sun, 31 Mar 2013 03:58:04 +0100 -Forwarded: not-needed - -Devices that support both NCM and MBIM modes should be kept in NCM -mode unless there is userland support for MBIM. - -Set the default value of cdc_ncm.prefer_mbim to false and leave it to -userland (modem-manager) to override this with a modprobe.conf file -once it's ready to speak MBIM. - ---- ---- a/drivers/net/usb/cdc_ncm.c -+++ b/drivers/net/usb/cdc_ncm.c -@@ -53,11 +53,7 @@ - #include - #include - --#if IS_ENABLED(CONFIG_USB_NET_CDC_MBIM) --static bool prefer_mbim = true; --#else - static bool prefer_mbim; --#endif - module_param(prefer_mbim, bool, 0644); - MODULE_PARM_DESC(prefer_mbim, "Prefer MBIM setting on dual NCM/MBIM functions"); - diff --git a/debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch b/debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch deleted file mode 100644 index 83583184e48a..000000000000 --- a/debian/patches/debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Ben Hutchings -Date: Thu, 16 Feb 2017 19:09:17 +0000 -Subject: dccp: Disable auto-loading as mitigation against local exploits -Forwarded: not-needed - -We can mitigate the effect of vulnerabilities in obscure protocols by -preventing unprivileged users from loading the modules, so that they -are only exploitable on systems where the administrator has chosen to -load the protocol. - -The 'dccp' protocol is not actively maintained or widely used. -Therefore disable auto-loading. - -Signed-off-by: Ben Hutchings ---- ---- a/net/dccp/ipv4.c -+++ b/net/dccp/ipv4.c -@@ -1071,8 +1071,8 @@ module_exit(dccp_v4_exit); - * values directly, Also cover the case where the protocol is not specified, - * i.e. net-pf-PF_INET-proto-0-type-SOCK_DCCP - */ --MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 33, 6); --MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 0, 6); -+/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 33, 6); */ -+/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 0, 6); */ - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Arnaldo Carvalho de Melo "); - MODULE_DESCRIPTION("DCCP - Datagram Congestion Controlled Protocol"); ---- a/net/dccp/ipv6.c -+++ b/net/dccp/ipv6.c -@@ -1125,8 +1125,8 @@ module_exit(dccp_v6_exit); - * values directly, Also cover the case where the protocol is not specified, - * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP - */ --MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); --MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); -+/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); */ -+/* MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); */ - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Arnaldo Carvalho de Melo "); - MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol"); diff --git a/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch b/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch deleted file mode 100644 index fc3de36fb814..000000000000 --- a/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Ben Hutchings -Date: Sat, 20 Nov 2010 02:24:55 +0000 -Subject: [PATCH] decnet: Disable auto-loading as mitigation against local exploits -Forwarded: not-needed - -Recent review has revealed several bugs in obscure protocol -implementations that can be exploited by local users for denial of -service or privilege escalation. We can mitigate the effect of any -remaining vulnerabilities in such protocols by preventing unprivileged -users from loading the modules, so that they are only exploitable on -systems where the administrator has chosen to load the protocol. - -The 'decnet' protocol is unmaintained and of mostly historical -interest, and the user-space support package 'dnet-common' loads the -module explicitly. Therefore disable auto-loading. - -Signed-off-by: Ben Hutchings ---- - net/decnet/af_decnet.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - ---- a/net/decnet/af_decnet.c -+++ b/net/decnet/af_decnet.c -@@ -2359,7 +2359,7 @@ static const struct proto_ops dn_proto_o - MODULE_DESCRIPTION("The Linux DECnet Network Protocol"); - MODULE_AUTHOR("Linux DECnet Project Team"); - MODULE_LICENSE("GPL"); --MODULE_ALIAS_NETPROTO(PF_DECnet); -+/* MODULE_ALIAS_NETPROTO(PF_DECnet); */ - - static const char banner[] __initconst = KERN_INFO - "NET4: DECnet for Linux: V.2.5.68s (C) 1995-2003 Linux DECnet Project Team\n"; diff --git a/debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch b/debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch deleted file mode 100644 index 0e5176908acc..000000000000 --- a/debian/patches/debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Ben Hutchings -Date: Mon, 13 Apr 2009 17:34:00 +0100 -Subject: Remove microcode patches for mgsuvd (not enabled in Debian configs) -Forwarded: not-needed - -diff --git a/arch/powerpc/platforms/8xx/Kconfig b/arch/powerpc/platforms/8xx/Kconfig -index 48a920a..81570b6 100644 ---- a/arch/powerpc/platforms/8xx/Kconfig -+++ b/arch/powerpc/platforms/8xx/Kconfig -@@ -160,16 +160,19 @@ config NO_UCODE_PATCH - - config USB_SOF_UCODE_PATCH - bool "USB SOF patch" -+ depends on BROKEN - help - Help not implemented yet, coming soon. - - config I2C_SPI_UCODE_PATCH - bool "I2C/SPI relocation patch" -+ depends on BROKEN - help - Help not implemented yet, coming soon. - - config I2C_SPI_SMC1_UCODE_PATCH - bool "I2C/SPI/SMC1 relocation patch" -+ depends on BROKEN - help - Help not implemented yet, coming soon. - diff --git a/debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch b/debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch deleted file mode 100644 index 840cf24d7264..000000000000 --- a/debian/patches/debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch +++ /dev/null @@ -1,18 +0,0 @@ -From: Ben Hutchings -Date: Sat, 24 Aug 2019 19:00:41 +0100 -Subject: Documentation: Fix broken link to CIPSO draft -Forwarded: not-needed - -We exclude the CIPSO draft text as its licence is not DFSG compliant. -Link to the IETF's online version instead. - ---- ---- a/Documentation/netlabel/draft_ietf.rst -+++ b/Documentation/netlabel/draft_ietf.rst -@@ -1,5 +1,4 @@ - Draft IETF CIPSO IP Security - ---------------------------- - -- .. include:: draft-ietf-cipso-ipsecurity-01.txt -- :literal: -+https://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 diff --git a/debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch b/debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch deleted file mode 100644 index 4e42da9a9bc6..000000000000 --- a/debian/patches/debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch +++ /dev/null @@ -1,15 +0,0 @@ -From: Ben Hutchings -Date: Mon, 17 Aug 2009 02:45:41 +0100 -Subject: dvb-usb-af9005: mark as broken -Forwarded: not-needed - ---- a/drivers/media/usb/dvb-usb/Kconfig -+++ b/drivers/media/usb/dvb-usb/Kconfig -@@ -227,6 +227,7 @@ config DVB_USB_OPERA1 - - config DVB_USB_AF9005 - tristate "Afatech AF9005 DVB-T USB1.1 support" -+ depends on BROKEN - depends on DVB_USB - select MEDIA_TUNER_MT2060 if MEDIA_SUBDRV_AUTOSELECT - select MEDIA_TUNER_QT1010 if MEDIA_SUBDRV_AUTOSELECT diff --git a/debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch b/debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch deleted file mode 100644 index 2b195ec4d9e5..000000000000 --- a/debian/patches/debian/dfsg/drivers-net-appletalk-cops.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Frederik Schüler -Date: Fri, 05 Jan 2007 15:55:24 +0000 -Subject: Add removal patches for: 3c359, smctr, keyspan, cops -Forwarded: not-needed - -diff -ruN a/drivers/net/appletalk/Kconfig b/drivers/net/appletalk/Kconfig ---- a/drivers/net/appletalk/Kconfig 2006-11-29 21:57:37.000000000 +0000 -+++ b/drivers/net/appletalk/Kconfig 2007-01-05 15:34:44.000000000 +0000 -@@ -49,32 +49,6 @@ - This driver is experimental, which means that it may not work. - See the file . - --config COPS -- tristate "COPS LocalTalk PC support" -- depends on DEV_APPLETALK && (ISA || EISA) -- help -- This allows you to use COPS AppleTalk cards to connect to LocalTalk -- networks. You also need version 1.3.3 or later of the netatalk -- package. This driver is experimental, which means that it may not -- work. This driver will only work if you choose "AppleTalk DDP" -- networking support, above. -- Please read the file . -- --config COPS_DAYNA -- bool "Dayna firmware support" -- depends on COPS -- help -- Support COPS compatible cards with Dayna style firmware (Dayna -- DL2000/ Daynatalk/PC (half length), COPS LT-95, Farallon PhoneNET PC -- III, Farallon PhoneNET PC II). -- --config COPS_TANGENT -- bool "Tangent firmware support" -- depends on COPS -- help -- Support COPS compatible cards with Tangent style firmware (Tangent -- ATB_II, Novell NL-1000, Daystar Digital LT-200. -- - config IPDDP - tristate "Appletalk-IP driver support" - depends on DEV_APPLETALK && ATALK -diff -ruN a/drivers/net/appletalk/Makefile b/drivers/net/appletalk/Makefile ---- a/drivers/net/appletalk/Makefile 2006-11-29 21:57:37.000000000 +0000 -+++ b/drivers/net/appletalk/Makefile 2007-01-05 15:34:11.000000000 +0000 -@@ -3,5 +3,4 @@ - # - - obj-$(CONFIG_IPDDP) += ipddp.o --obj-$(CONFIG_COPS) += cops.o - obj-$(CONFIG_LTPC) += ltpc.o diff --git a/debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch b/debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch deleted file mode 100644 index 4adc90c2d8c6..000000000000 --- a/debian/patches/debian/dfsg/video-remove-nvidiafb-and-rivafb.patch +++ /dev/null @@ -1,128 +0,0 @@ -From: Ben Hutchings -Date: Sat, 2 Jun 2012 19:53:38 +0100 -Subject: video: Remove nvidiafb and rivafb -Bug-Debian: https://bugs.debian.org/383481 -Forwarded: no - -These drivers contain register programming code provided by the -hardware vendor that appears to have been deliberately obfuscated. -This is arguably not the preferred form for modification. - -These drivers are also largely redundant with nouveau. The RIVA 128 -(NV3) is not supported by nouveau but is about 15 years old and -probably discontinued 10 years ago. - ---- ---- a/drivers/video/fbdev/Kconfig -+++ b/drivers/video/fbdev/Kconfig -@@ -866,99 +866,6 @@ config FB_ATMEL - help - This enables support for the AT91 LCD Controller. - --config FB_NVIDIA -- tristate "nVidia Framebuffer Support" -- depends on FB && PCI -- select FB_BACKLIGHT if FB_NVIDIA_BACKLIGHT -- select FB_MODE_HELPERS -- select FB_CFB_FILLRECT -- select FB_CFB_COPYAREA -- select FB_CFB_IMAGEBLIT -- select BITREVERSE -- select VGASTATE -- help -- This driver supports graphics boards with the nVidia chips, TNT -- and newer. For very old chipsets, such as the RIVA128, then use -- the rivafb. -- Say Y if you have such a graphics board. -- -- To compile this driver as a module, choose M here: the -- module will be called nvidiafb. -- --config FB_NVIDIA_I2C -- bool "Enable DDC Support" -- depends on FB_NVIDIA -- select FB_DDC -- help -- This enables I2C support for nVidia Chipsets. This is used -- only for getting EDID information from the attached display -- allowing for robust video mode handling and switching. -- -- Because fbdev-2.6 requires that drivers must be able to -- independently validate video mode parameters, you should say Y -- here. -- --config FB_NVIDIA_DEBUG -- bool "Lots of debug output" -- depends on FB_NVIDIA -- help -- Say Y here if you want the nVidia driver to output all sorts -- of debugging information to provide to the maintainer when -- something goes wrong. -- --config FB_NVIDIA_BACKLIGHT -- bool "Support for backlight control" -- depends on FB_NVIDIA -- default y -- help -- Say Y here if you want to control the backlight of your display. -- --config FB_RIVA -- tristate "nVidia Riva support" -- depends on FB && PCI -- select FB_BACKLIGHT if FB_RIVA_BACKLIGHT -- select FB_MODE_HELPERS -- select FB_CFB_FILLRECT -- select FB_CFB_COPYAREA -- select FB_CFB_IMAGEBLIT -- select BITREVERSE -- select VGASTATE -- help -- This driver supports graphics boards with the nVidia Riva/Geforce -- chips. -- Say Y if you have such a graphics board. -- -- To compile this driver as a module, choose M here: the -- module will be called rivafb. -- --config FB_RIVA_I2C -- bool "Enable DDC Support" -- depends on FB_RIVA -- select FB_DDC -- help -- This enables I2C support for nVidia Chipsets. This is used -- only for getting EDID information from the attached display -- allowing for robust video mode handling and switching. -- -- Because fbdev-2.6 requires that drivers must be able to -- independently validate video mode parameters, you should say Y -- here. -- --config FB_RIVA_DEBUG -- bool "Lots of debug output" -- depends on FB_RIVA -- help -- Say Y here if you want the Riva driver to output all sorts -- of debugging information to provide to the maintainer when -- something goes wrong. -- --config FB_RIVA_BACKLIGHT -- bool "Support for backlight control" -- depends on FB_RIVA -- default y -- help -- Say Y here if you want to control the backlight of your display. -- - config FB_I740 - tristate "Intel740 support" - depends on FB && PCI ---- a/drivers/video/fbdev/Makefile -+++ b/drivers/video/fbdev/Makefile -@@ -21,8 +21,6 @@ obj-$(CONFIG_FB_PM3) += pm3fb.o - - obj-$(CONFIG_FB_I740) += i740fb.o - obj-$(CONFIG_FB_MATROX) += matrox/ --obj-$(CONFIG_FB_RIVA) += riva/ --obj-$(CONFIG_FB_NVIDIA) += nvidia/ - obj-$(CONFIG_FB_ATY) += aty/ macmodes.o - obj-$(CONFIG_FB_ATY128) += aty/ macmodes.o - obj-$(CONFIG_FB_RADEON) += aty/ diff --git a/debian/patches/debian/dfsg/vs6624-disable.patch b/debian/patches/debian/dfsg/vs6624-disable.patch deleted file mode 100644 index 6b213a6ffe35..000000000000 --- a/debian/patches/debian/dfsg/vs6624-disable.patch +++ /dev/null @@ -1,15 +0,0 @@ -From: Ben Hutchings -Date: Sun, 27 May 2012 01:56:58 +0100 -Subject: vs6624: mark as broken -Forwarded: not-needed - ---- a/drivers/media/i2c/Kconfig -+++ b/drivers/media/i2c/Kconfig -@@ -768,6 +768,7 @@ config VIDEO_OV13858 - OV13858 camera. - - config VIDEO_VS6624 -+ depends on BROKEN - tristate "ST VS6624 sensor support" - depends on VIDEO_V4L2 && I2C - depends on MEDIA_CAMERA_SUPPORT diff --git a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch deleted file mode 100644 index ab7ab0f9c1ba..000000000000 --- a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch +++ /dev/null @@ -1,175 +0,0 @@ -From: Ben Hutchings -Date: Tue, 26 Jun 2018 16:59:01 +0100 -Subject: Export symbols needed by Android drivers -Bug-Debian: https://bugs.debian.org/901492 - -We want to enable use of the Android ashmem and binder drivers to -support Anbox, but they should not be built-in as that would waste -resources and increase security attack surface on systems that don't -need them. - -Export the currently un-exported symbols they depend on. - ---- - fs/file.c | 5 +++++ - kernel/fork.c | 1 + - kernel/sched/core.c | 1 + - kernel/signal.c | 1 + - kernel/task_work.c | 1 + - mm/memory.c | 1 + - mm/shmem.c | 1 + - mm/vmalloc.c | 2 ++ - security/security.c | 4 ++++ - 9 files changed, 17 insertions(+) - ---- a/fs/file.c -+++ b/fs/file.c -@@ -409,6 +409,7 @@ struct files_struct *get_files_struct(st - - return files; - } -+EXPORT_SYMBOL_GPL(get_files_struct); - - void put_files_struct(struct files_struct *files) - { -@@ -421,6 +422,7 @@ void put_files_struct(struct files_struc - kmem_cache_free(files_cachep, files); - } - } -+EXPORT_SYMBOL_GPL(put_files_struct); - - void reset_files_struct(struct files_struct *files) - { -@@ -533,6 +535,7 @@ out: - spin_unlock(&files->file_lock); - return error; - } -+EXPORT_SYMBOL_GPL(__alloc_fd); - - static int alloc_fd(unsigned start, unsigned flags) - { -@@ -606,6 +609,7 @@ void __fd_install(struct files_struct *f - rcu_assign_pointer(fdt->fd[fd], file); - rcu_read_unlock_sched(); - } -+EXPORT_SYMBOL_GPL(__fd_install); - - void fd_install(unsigned int fd, struct file *file) - { -@@ -668,6 +672,7 @@ out_unlock: - *res = NULL; - return -ENOENT; - } -+EXPORT_SYMBOL(__close_fd_get_file); - - void do_close_on_exec(struct files_struct *files) - { ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -1085,6 +1085,7 @@ void mmput_async(struct mm_struct *mm) - schedule_work(&mm->async_put_work); - } - } -+EXPORT_SYMBOL_GPL(mmput_async); - #endif - - /** ---- a/kernel/sched/core.c -+++ b/kernel/sched/core.c -@@ -3943,6 +3943,7 @@ int can_nice(const struct task_struct *p - return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || - capable(CAP_SYS_NICE)); - } -+EXPORT_SYMBOL_GPL(can_nice); - - #ifdef __ARCH_WANT_SYS_NICE - ---- a/kernel/signal.c -+++ b/kernel/signal.c -@@ -1353,6 +1353,7 @@ struct sighand_struct *__lock_task_sigha - - return sighand; - } -+EXPORT_SYMBOL_GPL(__lock_task_sighand); - - /* - * send signal info to all the members of a group ---- a/kernel/task_work.c -+++ b/kernel/task_work.c -@@ -40,6 +40,7 @@ task_work_add(struct task_struct *task, - set_notify_resume(task); - return 0; - } -+EXPORT_SYMBOL(task_work_add); - - /** - * task_work_cancel - cancel a pending work added by task_work_add() ---- a/mm/memory.c -+++ b/mm/memory.c -@@ -1364,6 +1364,7 @@ void zap_page_range(struct vm_area_struc - mmu_notifier_invalidate_range_end(&range); - tlb_finish_mmu(&tlb, start, range.end); - } -+EXPORT_SYMBOL_GPL(zap_page_range); - - /** - * zap_page_range_single - remove user pages in a given range ---- a/mm/shmem.c -+++ b/mm/shmem.c -@@ -3992,6 +3992,7 @@ int shmem_zero_setup(struct vm_area_stru - - return 0; - } -+EXPORT_SYMBOL_GPL(shmem_zero_setup); - - /** - * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags. ---- a/mm/vmalloc.c -+++ b/mm/vmalloc.c -@@ -1295,6 +1295,7 @@ int map_kernel_range_noflush(unsigned lo - { - return vmap_page_range_noflush(addr, addr + size, prot, pages); - } -+EXPORT_SYMBOL_GPL(map_kernel_range_noflush); - - /** - * unmap_kernel_range_noflush - unmap kernel VM area -@@ -1435,6 +1436,7 @@ struct vm_struct *get_vm_area(unsigned l - NUMA_NO_NODE, GFP_KERNEL, - __builtin_return_address(0)); - } -+EXPORT_SYMBOL_GPL(get_vm_area); - - struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags, - const void *caller) ---- a/security/security.c -+++ b/security/security.c -@@ -247,24 +247,28 @@ int security_binder_set_context_mgr(stru - { - return call_int_hook(binder_set_context_mgr, 0, mgr); - } -+EXPORT_SYMBOL_GPL(security_binder_set_context_mgr); - - int security_binder_transaction(struct task_struct *from, - struct task_struct *to) - { - return call_int_hook(binder_transaction, 0, from, to); - } -+EXPORT_SYMBOL_GPL(security_binder_transaction); - - int security_binder_transfer_binder(struct task_struct *from, - struct task_struct *to) - { - return call_int_hook(binder_transfer_binder, 0, from, to); - } -+EXPORT_SYMBOL_GPL(security_binder_transfer_binder); - - int security_binder_transfer_file(struct task_struct *from, - struct task_struct *to, struct file *file) - { - return call_int_hook(binder_transfer_file, 0, from, to, file); - } -+EXPORT_SYMBOL_GPL(security_binder_transfer_file); - - int security_ptrace_access_check(struct task_struct *child, unsigned int mode) - { diff --git a/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch b/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch deleted file mode 100644 index d2d9d70f41dd..000000000000 --- a/debian/patches/debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Ben Hutchings -Subject: fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS -Date: Wed, 13 Jul 2016 01:37:22 +0100 -Forwarded: not-needed - -Various free and proprietary AV products use this feature and users -apparently want it. But punting access checks to userland seems like -an easy way to deadlock the system, and there will be nothing we can -do about that. So warn and taint the kernel if this feature is -actually used. - ---- ---- a/fs/notify/fanotify/fanotify_user.c -+++ b/fs/notify/fanotify/fanotify_user.c -@@ -846,6 +846,14 @@ static int do_fanotify_mark(int fanotify - if (mask & ~valid_mask) - return -EINVAL; - -+#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS -+ if (mask & FANOTIFY_PERM_EVENTS) { -+ pr_warn_once("%s (%d): Using fanotify permission checks may lead to deadlock; tainting kernel\n", -+ current->comm, current->pid); -+ add_taint(TAINT_AUX, LOCKDEP_STILL_OK); -+ } -+#endif -+ - f = fdget(fanotify_fd); - if (unlikely(!f.file)) - return -EBADF; diff --git a/debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch b/debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch deleted file mode 100644 index 27bc69903257..000000000000 --- a/debian/patches/debian/firmware_class-refer-to-debian-wiki-firmware-page.patch +++ /dev/null @@ -1,52 +0,0 @@ -From: Ben Hutchings -Date: Mon, 12 Mar 2018 01:14:03 +0000 -Subject: firmware_class: Refer to Debian wiki page when logging missing firmware -Bug-Debian: https://bugs.debian.org/888405 -Forwarded: not-needed - -If firmware loading fails due to a missing file, log a second error -message referring to our wiki page about firmware. This will explain -why some firmware is in non-free, or can't be packaged at all. Only -do this once per boot. - -Do something similar in the radeon and amdgpu drivers, where we have -an early check to avoid failing at a point where we cannot display -anything. - ---- ---- a/drivers/base/firmware_loader/main.c -+++ b/drivers/base/firmware_loader/main.c -@@ -334,9 +334,12 @@ fw_get_filesystem_firmware(struct device - } - __putname(path); - -- if (rc) -+ if (rc) { - dev_err(device, "firmware: failed to load %s (%d)\n", - fw_priv->fw_name, rc); -+ if (rc == -ENOENT) -+ pr_err_once("See https://wiki.debian.org/Firmware for information about missing firmware\n"); -+ } - - return rc; - } ---- a/drivers/gpu/drm/radeon/radeon_drv.c -+++ b/drivers/gpu/drm/radeon/radeon_drv.c -@@ -367,6 +367,7 @@ static int radeon_pci_probe(struct pci_d - if ((ent->driver_data & RADEON_FAMILY_MASK) >= CHIP_R600 && - !radeon_firmware_installed()) { - DRM_ERROR("radeon kernel modesetting for R600 or later requires firmware installed\n"); -+ pr_err_once("See https://wiki.debian.org/Firmware for information about missing firmware\n"); - return -ENODEV; - } - ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c -@@ -626,6 +626,7 @@ static int amdgpu_pci_probe(struct pci_d - - if (!amdgpu_firmware_installed()) { - DRM_ERROR("amdgpu requires firmware installed\n"); -+ pr_err_once("See https://wiki.debian.org/Firmware for information about missing firmware\n"); - return -ENODEV; - } - diff --git a/debian/patches/debian/fjes-disable-autoload.patch b/debian/patches/debian/fjes-disable-autoload.patch deleted file mode 100644 index 59b56708e71d..000000000000 --- a/debian/patches/debian/fjes-disable-autoload.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Ben Hutchings -Date: Sat, 18 Mar 2017 20:47:58 +0000 -Subject: fjes: Disable auto-loading -Bug-Debian: https://bugs.debian.org/853976 -Forwarded: no - -fjes matches a generic ACPI device ID, and relies on its probe -function to distinguish whether that really corresponds to a supported -device. Very few system will need the driver and it wastes memory on -all the other systems where the same device ID appears, so disable -auto-loading. - ---- ---- a/drivers/net/fjes/fjes_main.c -+++ b/drivers/net/fjes/fjes_main.c -@@ -81,7 +81,7 @@ static const struct acpi_device_id fjes_ - {ACPI_MOTHERBOARD_RESOURCE_HID, 0}, - {"", 0}, - }; --MODULE_DEVICE_TABLE(acpi, fjes_acpi_ids); -+/* MODULE_DEVICE_TABLE(acpi, fjes_acpi_ids); */ - - static struct acpi_driver fjes_acpi_driver = { - .name = DRV_NAME, diff --git a/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch b/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch deleted file mode 100644 index e2a8679a5fba..000000000000 --- a/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Ben Hutchings -Subject: fs: Enable link security restrictions by default -Date: Fri, 02 Nov 2012 05:32:06 +0000 -Bug-Debian: https://bugs.debian.org/609455 -Forwarded: not-needed - -This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415 -('VFS: don't do protected {sym,hard}links by default'). - ---- a/fs/namei.c -+++ b/fs/namei.c -@@ -885,8 +885,8 @@ static inline void put_link(struct namei - path_put(&last->link); - } - --int sysctl_protected_symlinks __read_mostly = 0; --int sysctl_protected_hardlinks __read_mostly = 0; -+int sysctl_protected_symlinks __read_mostly = 1; -+int sysctl_protected_hardlinks __read_mostly = 1; - int sysctl_protected_fifos __read_mostly; - int sysctl_protected_regular __read_mostly; - diff --git a/debian/patches/debian/gitignore.patch b/debian/patches/debian/gitignore.patch deleted file mode 100644 index 54d2d02ed1e1..000000000000 --- a/debian/patches/debian/gitignore.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Ian Campbell -Date: Thu, 17 Jan 2013 08:55:21 +0000 -Subject: Tweak gitignore for Debian pkg-kernel using git svn. -Forwarded: not-needed - -[bwh: Tweak further for pure git] - ---- a/.gitignore -+++ b/.gitignore -@@ -67,11 +67,6 @@ modules.builtin - /*.spec - - # --# Debian directory (make deb-pkg) --# --/debian/ -- --# - # Snap directory (make snap-pkg) - # - /snap/ -@@ -82,16 +77,6 @@ modules.builtin - /tar-install/ - - # --# We don't want to ignore the following even if they are dot-files --# --!.clang-format --!.cocciconfig --!.get_maintainer.ignore --!.gitattributes --!.gitignore --!.mailmap -- --# - # Generated include files - # - /include/config/ -@@ -145,3 +130,10 @@ x509.genkey - - # Clang's compilation database file - /compile_commands.json -+ -+# -+# Debian packaging: ignore everything at the top level, since it isn't -+# included in our repository -+# -+/* -+!/debian/ diff --git a/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch b/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch deleted file mode 100644 index b532d005494b..000000000000 --- a/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: Ben Hutchings -Date: Mon, 05 Aug 2019 00:29:11 +0100 -Subject: hamradio: Disable auto-loading as mitigation against local exploits -Forwarded: not-needed - -We can mitigate the effect of vulnerabilities in obscure protocols by -preventing unprivileged users from loading the modules, so that they -are only exploitable on systems where the administrator has chosen to -load the protocol. - -The 'ham' radio protocols (ax25, netrom, rose) are not actively -maintained or widely used. Therefore disable auto-loading. - -Signed-off-by: Ben Hutchings ---- ---- a/net/ax25/af_ax25.c -+++ b/net/ax25/af_ax25.c -@@ -1986,7 +1986,7 @@ module_init(ax25_init); - MODULE_AUTHOR("Jonathan Naylor G4KLX "); - MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol"); - MODULE_LICENSE("GPL"); --MODULE_ALIAS_NETPROTO(PF_AX25); -+/* MODULE_ALIAS_NETPROTO(PF_AX25); */ - - static void __exit ax25_exit(void) - { ---- a/net/netrom/af_netrom.c -+++ b/net/netrom/af_netrom.c -@@ -1486,7 +1486,7 @@ MODULE_PARM_DESC(nr_ndevs, "number of NE - MODULE_AUTHOR("Jonathan Naylor G4KLX "); - MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol"); - MODULE_LICENSE("GPL"); --MODULE_ALIAS_NETPROTO(PF_NETROM); -+/* MODULE_ALIAS_NETPROTO(PF_NETROM); */ - - static void __exit nr_exit(void) - { ---- a/net/rose/af_rose.c -+++ b/net/rose/af_rose.c -@@ -1577,7 +1577,7 @@ MODULE_PARM_DESC(rose_ndevs, "number of - MODULE_AUTHOR("Jonathan Naylor G4KLX "); - MODULE_DESCRIPTION("The amateur radio ROSE network layer protocol"); - MODULE_LICENSE("GPL"); --MODULE_ALIAS_NETPROTO(PF_ROSE); -+/* MODULE_ALIAS_NETPROTO(PF_ROSE); */ - - static void __exit rose_exit(void) - { diff --git a/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch deleted file mode 100644 index 97b350666569..000000000000 --- a/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Ben Hutchings -Date: Tue, 16 Feb 2016 02:45:42 +0000 -Subject: [i386/686-pae] PCI: Set pci=nobios by default -Forwarded: not-needed - -CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped -W+X, which is undesirable for security reasons and will result in a -warning at boot now that we enable CONFIG_DEBUG_WX. - -This can be overridden using the kernel parameter "pci=nobios", but we -want to disable W+X by default. Disable PCI BIOS probing by default; -it can still be enabled using "pci=bios". - ---- ---- a/arch/x86/pci/common.c -+++ b/arch/x86/pci/common.c -@@ -19,8 +19,8 @@ - #include - #include - --unsigned int pci_probe = PCI_PROBE_BIOS | PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | -- PCI_PROBE_MMCONF; -+unsigned int pci_probe = PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | PCI_PROBE_MMCONF | -+ (IS_ENABLED(CONFIG_X86_64) || IS_ENABLED(CONFIG_X86_PAE) ? 0 : PCI_PROBE_BIOS); - - static int pci_bf_sort; - int pci_routeirq; diff --git a/debian/patches/debian/ia64-hardcode-arch-script-output.patch b/debian/patches/debian/ia64-hardcode-arch-script-output.patch deleted file mode 100644 index 2ec4b4cbe03d..000000000000 --- a/debian/patches/debian/ia64-hardcode-arch-script-output.patch +++ /dev/null @@ -1,78 +0,0 @@ -From: dann frazier -Subject: Hardcode arch script output -Date: Mon, 26 Mar 2007 16:30:51 -0600 -Bug-Debian: https://bugs.debian.org/392592 -Forwarded: not-needed - -Here's a patch that simply uses hardcoded definitions instead of -doing the dynamic tests that require architecture-specific scripts. - -I don't particularly like this approach because it restricts -portability and diverts from upstream. But, it is simpler, and this -really needs to be fixed somehow before etch (along with a rebuild of -linux-modules-extra-2.6), so I'm willing to live with it if my other -patch is deemed unacceptable. - -My primary concern is that, in the future, the output of these scripts -will change and we (or our successors) will either not notice or -forget to update the hardcoded values. - -Including the scripts in linux-kbuild will avoid this manual step -altogether, and allow for the possibility of other archs to provide -their own scripts in the future. ---- - arch/ia64/Makefile | 17 ++--------------- - 1 file changed, 2 insertions(+), 15 deletions(-) - -diff --git a/arch/ia64/Makefile b/arch/ia64/Makefile -index 32240000dc0c..27c1b0bc39c1 100644 ---- a/arch/ia64/Makefile -+++ b/arch/ia64/Makefile -@@ -28,16 +28,7 @@ cflags-y := -pipe $(EXTRA) -ffixed-r13 -mfixed-range=f12-f15,f32-f127 \ - -falign-functions=32 -frename-registers -fno-optimize-sibling-calls - KBUILD_CFLAGS_KERNEL := -mconstant-gp - --GAS_STATUS = $(shell $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)") --KBUILD_CPPFLAGS += $(shell $(srctree)/arch/ia64/scripts/toolchain-flags "$(CC)" "$(OBJDUMP)" "$(READELF)") -- --ifeq ($(GAS_STATUS),buggy) --$(error Sorry, you need a newer version of the assember, one that is built from \ -- a source-tree that post-dates 18-Dec-2002. You can find a pre-compiled \ -- static binary of such an assembler at: \ -- \ -- ftp://ftp.hpl.hp.com/pub/linux-ia64/gas-030124.tar.gz) --endif -+KBUILD_CPPFLAGS += -DHAVE_WORKING_TEXT_ALIGN -DHAVE_MODEL_SMALL_ATTRIBUTE -DHAVE_SERIALIZE_DIRECTIVE - - quiet_cmd_gzip = GZIP $@ - cmd_gzip = cat $(real-prereqs) | gzip -n -f -9 > $@ -@@ -57,7 +48,7 @@ drivers-$(CONFIG_OPROFILE) += arch/ia64/oprofile/ - - PHONY += compressed check - --all: compressed unwcheck -+all: compressed - - compressed: vmlinux.gz - -@@ -69,9 +60,6 @@ vmlinux.gz: vmlinux.bin FORCE - vmlinux.bin: vmlinux FORCE - $(call if_changed,objcopy) - --unwcheck: vmlinux -- -$(Q)READELF=$(READELF) $(PYTHON) $(srctree)/arch/ia64/scripts/unwcheck.py $< -- - archclean: - - archheaders: -@@ -85,7 +73,6 @@ install: vmlinux.gz - define archhelp - echo '* compressed - Build compressed kernel image' - echo ' install - Install compressed kernel image' -- echo '* unwcheck - Check vmlinux for invalid unwind info' - endef - - archprepare: make_nr_irqs_h --- -2.23.0 - diff --git a/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch b/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch deleted file mode 100644 index c8061436d009..000000000000 --- a/debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch +++ /dev/null @@ -1,26 +0,0 @@ -From: Ben Hutchings -Subject: iwlwifi: Do not request unreleased firmware for IWL6000 -Bug-Debian: https://bugs.debian.org/689416 -Forwarded: not-needed - -The iwlwifi driver currently supports firmware API versions 4-6 for -these devices. It will request the file for the latest supported -version and then fall back to earlier versions. However, the latest -version that has actually been released is 4, so we expect the -requests for versions 6 and then 5 to fail. - -The installer appears to report any failed request, and it is probably -not easy to detect that this particular failure is harmless. So stop -requesting the unreleased firmware. - ---- a/drivers/net/wireless/intel/iwlwifi/cfg/6000.c -+++ b/drivers/net/wireless/intel/iwlwifi/cfg/6000.c -@@ -31,7 +31,7 @@ - #include "dvm/commands.h" /* needed for BT for now */ - - /* Highest firmware API version supported */ --#define IWL6000_UCODE_API_MAX 6 -+#define IWL6000_UCODE_API_MAX 4 /* v5-6 are supported but not released */ - #define IWL6050_UCODE_API_MAX 5 - #define IWL6000G2_UCODE_API_MAX 6 - #define IWL6035_UCODE_API_MAX 6 diff --git a/debian/patches/debian/kernelvariables.patch b/debian/patches/debian/kernelvariables.patch deleted file mode 100644 index c574f984a041..000000000000 --- a/debian/patches/debian/kernelvariables.patch +++ /dev/null @@ -1,82 +0,0 @@ -From: Bastian Blank -Subject: kbuild: Make the toolchain variables easily overwritable -Date: Sun, 22 Feb 2009 15:39:35 +0100 -Forwarded: not-needed - -Allow make variables to be overridden for each flavour by a file in -the build tree, .kernelvariables. - -We currently use this for ARCH, KERNELRELEASE, CC, and in some cases -also CROSS_COMPILE, KCFLAGS. - -This file can only be read after we establish the build tree, and all -use of $(ARCH) needs to be moved after this. - -[bwh: Updated for 5.3: include .kernelvariables from current directory - rather than using undefined $(obj).] ---- ---- a/Makefile -+++ b/Makefile -@@ -363,31 +363,6 @@ include scripts/subarch.include - # Note: Some architectures assign CROSS_COMPILE in their arch/*/Makefile - ARCH ?= $(SUBARCH) - --# Architecture as present in compile.h --UTS_MACHINE := $(ARCH) --SRCARCH := $(ARCH) -- --# Additional ARCH settings for x86 --ifeq ($(ARCH),i386) -- SRCARCH := x86 --endif --ifeq ($(ARCH),x86_64) -- SRCARCH := x86 --endif -- --# Additional ARCH settings for sparc --ifeq ($(ARCH),sparc32) -- SRCARCH := sparc --endif --ifeq ($(ARCH),sparc64) -- SRCARCH := sparc --endif -- --# Additional ARCH settings for sh --ifeq ($(ARCH),sh64) -- SRCARCH := sh --endif -- - KCONFIG_CONFIG ?= .config - export KCONFIG_CONFIG - -@@ -442,6 +417,30 @@ CFLAGS_KERNEL = - AFLAGS_KERNEL = - LDFLAGS_vmlinux = - -+-include .kernelvariables -+ -+# Architecture as present in compile.h -+UTS_MACHINE := $(ARCH) -+SRCARCH := $(ARCH) -+ -+# Additional ARCH settings for x86 -+ifeq ($(ARCH),i386) -+ SRCARCH := x86 -+endif -+ifeq ($(ARCH),x86_64) -+ SRCARCH := x86 -+endif -+ -+# Additional ARCH settings for sparc -+ifeq ($(ARCH),sparc64) -+ SRCARCH := sparc -+endif -+ -+# Additional ARCH settings for sh -+ifeq ($(ARCH),sh64) -+ SRCARCH := sh -+endif -+ - # Use USERINCLUDE when you must reference the UAPI directories only. - USERINCLUDE := \ - -I$(srctree)/arch/$(SRCARCH)/include/uapi \ diff --git a/debian/patches/debian/mips-boston-disable-its.patch b/debian/patches/debian/mips-boston-disable-its.patch deleted file mode 100644 index 581a1b715c7c..000000000000 --- a/debian/patches/debian/mips-boston-disable-its.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: YunQiang Su -Date: Mon, 14 May 2018 16:16:18 +0800 -Subject: Disable uImage generation for mips generic -Forwarded: not-needed - -MIPS generic trys to generate uImage when build, which then ask for -u-boot-tools. - ---- a/arch/mips/generic/Platform -+++ b/arch/mips/generic/Platform -@@ -11,9 +11,7 @@ - platform-$(CONFIG_MIPS_GENERIC) += generic/ - cflags-$(CONFIG_MIPS_GENERIC) += -I$(srctree)/arch/mips/include/asm/mach-generic - load-$(CONFIG_MIPS_GENERIC) += 0xffffffff80100000 --all-$(CONFIG_MIPS_GENERIC) := vmlinux.gz.itb - --its-y := vmlinux.its.S - its-$(CONFIG_FIT_IMAGE_FDT_BOSTON) += board-boston.its.S - its-$(CONFIG_FIT_IMAGE_FDT_NI169445) += board-ni169445.its.S - its-$(CONFIG_FIT_IMAGE_FDT_OCELOT) += board-ocelot.its.S diff --git a/debian/patches/debian/mips-disable-werror.patch b/debian/patches/debian/mips-disable-werror.patch deleted file mode 100644 index b8fe8b44c142..000000000000 --- a/debian/patches/debian/mips-disable-werror.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Ben Hutchings -Date: Mon, 13 Sep 2010 02:16:18 +0100 -Subject: [PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild" -Forwarded: not-needed - -This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and -5373633cc9253ba82547473e899cab141c54133e. - -We really don't want to add -Werror anywhere. ---- ---- a/arch/mips/Kbuild -+++ b/arch/mips/Kbuild -@@ -1,10 +1,4 @@ - # SPDX-License-Identifier: GPL-2.0 --# Fail on warnings - also for files referenced in subdirs --# -Werror can be disabled for specific files using: --# CFLAGS_ := -Wno-error --ifeq ($(W),) --subdir-ccflags-y := -Werror --endif - - # platform specific definitions - include arch/mips/Kbuild.platforms diff --git a/debian/patches/debian/ntfs-mark-it-as-broken.patch b/debian/patches/debian/ntfs-mark-it-as-broken.patch deleted file mode 100644 index 207f9751e541..000000000000 --- a/debian/patches/debian/ntfs-mark-it-as-broken.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Ben Hutchings -Date: Thu, 25 Apr 2019 15:31:33 +0100 -Subject: ntfs: mark it as broken - -NTFS has unfixed issues CVE-2018-12929, CVE-2018-12930, and -CVE-2018-12931. ntfs-3g is a better supported alternative. - -Make sure it can't be enabled even in custom kernels. - ---- -Index: debian-kernel/fs/ntfs/Kconfig -=================================================================== ---- debian-kernel.orig/fs/ntfs/Kconfig -+++ debian-kernel/fs/ntfs/Kconfig -@@ -1,6 +1,7 @@ - # SPDX-License-Identifier: GPL-2.0-only - config NTFS_FS - tristate "NTFS file system support" -+ depends on BROKEN - select NLS - help - NTFS is the file system of Microsoft Windows NT, 2000, XP and 2003. diff --git a/debian/patches/debian/overlayfs-permit-mounts-in-userns.patch b/debian/patches/debian/overlayfs-permit-mounts-in-userns.patch deleted file mode 100644 index 6155cfce2e7d..000000000000 --- a/debian/patches/debian/overlayfs-permit-mounts-in-userns.patch +++ /dev/null @@ -1,59 +0,0 @@ -From: Nicolas Schier -Subject: ovl: permit overlayfs mounts in user namespaces (taints kernel) -Date: Mon, 19 Nov 2018 20:36:14 +0100 - -Permit overlayfs mounts within user namespaces to allow utilisation of e.g. -unprivileged LXC overlay snapshots. - -Except by the Ubuntu community [1], overlayfs mounts in user namespaces are -expected to be a security risk [2] and thus are not enabled on upstream -Linux kernels. For the non-Ubuntu users that have to stick to unprivileged -overlay-based LXCs, this meant to patch and compile the kernel manually. -Instead, adding the kernel tainting 'permit_mounts_in_userns' module -parameter allows a kind of a user-friendly way to enable the feature. - -Testable with: - - sudo modprobe overlay permit_mounts_in_userns=1 - sudo sysctl -w kernel.unprivileged_userns_clone=1 - mkdir -p lower upper work mnt - unshare --map-root-user --mount \ - mount -t overlay none mnt \ - -o lowerdir=lower,upperdir=upper,workdir=work - -[1]: Ubuntu allows unprivileged mounting of overlay filesystem -https://lists.ubuntu.com/archives/kernel-team/2014-February/038091.html - -[2]: User namespaces + overlayfs = root privileges -https://lwn.net/Articles/671641/ - -Signed-off-by: Nicolas Schier - -Index: debian-kernel/fs/overlayfs/super.c -=================================================================== ---- debian-kernel.orig/fs/overlayfs/super.c -+++ debian-kernel/fs/overlayfs/super.c -@@ -53,6 +53,11 @@ module_param_named(xino_auto, ovl_xino_a - MODULE_PARM_DESC(xino_auto, - "Auto enable xino feature"); - -+static bool ovl_permit_mounts_in_userns; -+module_param_named_unsafe(permit_mounts_in_userns, ovl_permit_mounts_in_userns, -+ bool, 0444); -+MODULE_PARM_DESC(permit_mounts_in_userns, "Permit mounts in user namespaces"); -+ - static void ovl_entry_stack_free(struct ovl_entry *oe) - { - unsigned int i; -@@ -1718,6 +1723,11 @@ static int __init ovl_init(void) - if (ovl_inode_cachep == NULL) - return -ENOMEM; - -+ if (unlikely(ovl_permit_mounts_in_userns)) { -+ pr_warn("overlayfs: Allowing overlay mounts in user namespaces bears security risks\n"); -+ ovl_fs_type.fs_flags |= FS_USERNS_MOUNT; -+ } -+ - err = register_filesystem(&ovl_fs_type); - if (err) - kmem_cache_destroy(ovl_inode_cachep); diff --git a/debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch b/debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch deleted file mode 100644 index 3343aecace3b..000000000000 --- a/debian/patches/debian/rds-Disable-auto-loading-as-mitigation-against-local.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Ben Hutchings -Date: Fri, 19 Nov 2010 02:12:48 +0000 -Subject: [PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits -Forwarded: not-needed - -Recent review has revealed several bugs in obscure protocol -implementations that can be exploited by local users for denial of -service or privilege escalation. We can mitigate the effect of any -remaining vulnerabilities in such protocols by preventing unprivileged -users from loading the modules, so that they are only exploitable on -systems where the administrator has chosen to load the protocol. - -The 'rds' protocol is one such protocol that has been found to be -vulnerable, and which was not present in the 'lenny' kernel. -Therefore disable auto-loading. - -Signed-off-by: Ben Hutchings ---- - net/rds/af_rds.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/net/rds/af_rds.c b/net/rds/af_rds.c -index 98e0538..d8d4525 100644 ---- a/net/rds/af_rds.c -+++ b/net/rds/af_rds.c -@@ -574,4 +574,4 @@ MODULE_DESCRIPTION("RDS: Reliable Datagram Sockets" - " v" DRV_VERSION " (" DRV_RELDATE ")"); - MODULE_VERSION(DRV_VERSION); - MODULE_LICENSE("Dual BSD/GPL"); --MODULE_ALIAS_NETPROTO(PF_RDS); -+/* MODULE_ALIAS_NETPROTO(PF_RDS); */ --- -1.7.2.3 - diff --git a/debian/patches/debian/revert-objtool-fix-config_stack_validation-y-warning.patch b/debian/patches/debian/revert-objtool-fix-config_stack_validation-y-warning.patch deleted file mode 100644 index 1693933529a8..000000000000 --- a/debian/patches/debian/revert-objtool-fix-config_stack_validation-y-warning.patch +++ /dev/null @@ -1,52 +0,0 @@ -From: Ben Hutchings -Date: Sun, 14 Jan 2018 19:27:18 +0000 -Subject: Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for - out-of-tree modules" - -This reverts commit 9f0c18aec620bc9d82268b3cb937568dd07b43ff. This -check doesn't make sense for OOT modules as they should always use -a pre-built objtool. ---- - Makefile | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -Index: debian-kernel/Makefile -=================================================================== ---- debian-kernel.orig/Makefile -+++ debian-kernel/Makefile -@@ -993,17 +993,6 @@ export mod_sign_cmd - - HOST_LIBELF_LIBS = $(shell pkg-config libelf --libs 2>/dev/null || echo -lelf) - --ifdef CONFIG_STACK_VALIDATION -- has_libelf := $(call try-run,\ -- echo "int main() {}" | $(HOSTCC) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0) -- ifeq ($(has_libelf),1) -- objtool_target := tools/objtool FORCE -- else -- SKIP_STACK_VALIDATION := 1 -- export SKIP_STACK_VALIDATION -- endif --endif -- - PHONY += prepare0 - - export MODORDER := $(extmod-prefix)modules.order -@@ -1122,6 +1111,17 @@ uapi-asm-generic: - $(Q)$(MAKE) $(asm-generic)=arch/$(SRCARCH)/include/generated/uapi/asm \ - generic=include/uapi/asm-generic - -+ifdef CONFIG_STACK_VALIDATION -+ has_libelf := $(call try-run,\ -+ echo "int main() {}" | $(HOSTCC) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0) -+ ifeq ($(has_libelf),1) -+ objtool_target := tools/objtool FORCE -+ else -+ SKIP_STACK_VALIDATION := 1 -+ export SKIP_STACK_VALIDATION -+ endif -+endif -+ - PHONY += prepare-objtool - prepare-objtool: $(objtool_target) - ifeq ($(SKIP_STACK_VALIDATION),1) diff --git a/debian/patches/debian/sched-autogroup-disabled.patch b/debian/patches/debian/sched-autogroup-disabled.patch deleted file mode 100644 index e9988022edbb..000000000000 --- a/debian/patches/debian/sched-autogroup-disabled.patch +++ /dev/null @@ -1,19 +0,0 @@ -From: Ben Hutchings -Subject: sched: Do not enable autogrouping by default -Date: Wed, 16 Mar 2011 03:17:06 +0000 -Forwarded: not-needed - -We want to provide the option of autogrouping but without enabling -it by default yet. - ---- a/kernel/sched/autogroup.c -+++ b/kernel/sched/autogroup.c -@@ -5,7 +5,7 @@ - #include - #include "sched.h" - --unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1; -+unsigned int __read_mostly sysctl_sched_autogroup_enabled = 0; - static struct autogroup autogroup_default; - static atomic_t autogroup_seq_nr; - diff --git a/debian/patches/debian/snd-pcsp-disable-autoload.patch b/debian/patches/debian/snd-pcsp-disable-autoload.patch deleted file mode 100644 index 5871dc6ef0f2..000000000000 --- a/debian/patches/debian/snd-pcsp-disable-autoload.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Ben Hutchings -Date: Wed, 05 Feb 2014 23:01:30 +0000 -Subject: snd-pcsp: Disable autoload -Forwarded: not-needed -Bug-Debian: https://bugs.debian.org/697709 - -There are two drivers claiming the platform:pcspkr device: -- pcspkr creates an input(!) device that can only beep -- snd-pcsp creates an equivalent input device plus a PCM device that can - play barely recognisable renditions of sampled sound - -snd-pcsp is blacklisted by the alsa-base package, but not everyone -installs that. On PCs where no sound is wanted at all, both drivers -will still be loaded and one or other will complain that it couldn't -claim the relevant I/O range. - -In case anyone finds snd-pcsp useful, we continue to build it. But -remove the alias, to ensure it's not loaded where it's not wanted. - ---- a/sound/drivers/pcsp/pcsp.c -+++ b/sound/drivers/pcsp/pcsp.c -@@ -21,7 +21,7 @@ MODULE_AUTHOR("Stas Sergeev -Date: Fri, 07 Oct 2011 21:37:52 +0100 -Subject: Install perf scripts non-executable -Forwarded: no - -[bwh: Forward-ported to 4.13] ---- - tools/perf/Makefile.perf | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - ---- a/tools/perf/Makefile.perf -+++ b/tools/perf/Makefile.perf -@@ -854,8 +854,8 @@ endif - ifndef NO_LIBPERL - $(call QUIET_INSTALL, perl-scripts) \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/Perf-Trace-Util/lib/Perf/Trace'; \ -- $(INSTALL) scripts/perl/Perf-Trace-Util/lib/Perf/Trace/* -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/Perf-Trace-Util/lib/Perf/Trace'; \ -- $(INSTALL) scripts/perl/*.pl -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl'; \ -+ $(INSTALL) -m 644 scripts/perl/Perf-Trace-Util/lib/Perf/Trace/* -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/Perf-Trace-Util/lib/Perf/Trace'; \ -+ $(INSTALL) -m 644 scripts/perl/*.pl -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl'; \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/bin'; \ - $(INSTALL) scripts/perl/bin/* -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/bin' - endif -@@ -869,21 +869,21 @@ ifndef NO_LIBPYTHON - endif - $(call QUIET_INSTALL, perf_completion-script) \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d'; \ -- $(INSTALL) perf-completion.sh '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d/perf_$(VERSION)' -+ $(INSTALL) -m 644 perf-completion.sh '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d/perf_$(VERSION)' - $(call QUIET_INSTALL, perf-tip) \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(tip_instdir_SQ)'; \ -- $(INSTALL) Documentation/tips.txt -t '$(DESTDIR_SQ)$(tip_instdir_SQ)' -+ $(INSTALL) -m 644 Documentation/tips.txt -t '$(DESTDIR_SQ)$(tip_instdir_SQ)' - - install-tests: all install-gtk - $(call QUIET_INSTALL, tests) \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests'; \ -- $(INSTALL) tests/attr.py '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests'; \ -+ $(INSTALL) -m 644 tests/attr.py '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests'; \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'; \ -- $(INSTALL) tests/attr/* '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'; \ -+ $(INSTALL) -m 644 tests/attr/* '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'; \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell'; \ -- $(INSTALL) tests/shell/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell'; \ -+ $(INSTALL) -m 644 tests/shell/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell'; \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell/lib'; \ -- $(INSTALL) tests/shell/lib/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell/lib' -+ $(INSTALL) -m 644 tests/shell/lib/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell/lib' - - install-bin: install-tools install-tests install-traceevent-plugins - diff --git a/debian/patches/debian/tools-perf-version.patch b/debian/patches/debian/tools-perf-version.patch deleted file mode 100644 index e82a305b15c6..000000000000 --- a/debian/patches/debian/tools-perf-version.patch +++ /dev/null @@ -1,111 +0,0 @@ -From: Bastian Blank -Date: Mon, 26 Sep 2011 13:53:12 +0100 -Subject: Create manpages and binaries including the version -Forwarded: no - -[bwh: Fix version insertion in perf man page cross-references and perf -man page title. Install bash_completion script for perf with a -version-dependent name. And do the same for trace.] - ---- a/tools/perf/Makefile.perf -+++ b/tools/perf/Makefile.perf -@@ -759,23 +759,23 @@ endif - install-tools: all install-gtk - $(call QUIET_INSTALL, binaries) \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(bindir_SQ)'; \ -- $(INSTALL) $(OUTPUT)perf '$(DESTDIR_SQ)$(bindir_SQ)'; \ -- $(LN) '$(DESTDIR_SQ)$(bindir_SQ)/perf' '$(DESTDIR_SQ)$(bindir_SQ)/trace' -+ $(INSTALL) $(OUTPUT)perf '$(DESTDIR_SQ)$(bindir_SQ)/perf_$(VERSION)'; \ -+ $(LN) '$(DESTDIR_SQ)$(bindir_SQ)/perf_$(VERSION)' '$(DESTDIR_SQ)$(bindir_SQ)/trace_$(VERSION)' -+ $(call QUIET_INSTALL, libexec) \ -+ $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)' - ifndef NO_PERF_READ_VDSO32 - $(call QUIET_INSTALL, perf-read-vdso32) \ -- $(INSTALL) $(OUTPUT)perf-read-vdso32 '$(DESTDIR_SQ)$(bindir_SQ)'; -+ $(INSTALL) $(OUTPUT)perf-read-vdso32 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)'; - endif - ifndef NO_PERF_READ_VDSOX32 - $(call QUIET_INSTALL, perf-read-vdsox32) \ -- $(INSTALL) $(OUTPUT)perf-read-vdsox32 '$(DESTDIR_SQ)$(bindir_SQ)'; -+ $(INSTALL) $(OUTPUT)perf-read-vdsox32 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)'; - endif - ifndef NO_JVMTI - $(call QUIET_INSTALL, $(LIBJVMTI)) \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(libdir_SQ)'; \ - $(INSTALL) $(OUTPUT)$(LIBJVMTI) '$(DESTDIR_SQ)$(libdir_SQ)'; - endif -- $(call QUIET_INSTALL, libexec) \ -- $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)' - ifndef NO_LIBBPF - $(call QUIET_INSTALL, bpf-headers) \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perf_include_instdir_SQ)/bpf'; \ -@@ -811,7 +811,7 @@ ifndef NO_LIBPYTHON - endif - $(call QUIET_INSTALL, perf_completion-script) \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d'; \ -- $(INSTALL) perf-completion.sh '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d/perf' -+ $(INSTALL) perf-completion.sh '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d/perf_$(VERSION)' - $(call QUIET_INSTALL, perf-tip) \ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(tip_instdir_SQ)'; \ - $(INSTALL) Documentation/tips.txt -t '$(DESTDIR_SQ)$(tip_instdir_SQ)' -@@ -836,7 +836,7 @@ install-python_ext: - - # 'make install-doc' should call 'make -C Documentation install' - $(INSTALL_DOC_TARGETS): -- $(QUIET_SUBDIR0)Documentation $(QUIET_SUBDIR1) $(@:-doc=) -+ $(QUIET_SUBDIR0)Documentation $(QUIET_SUBDIR1) $(@:-doc=) VERSION=$(VERSION) - - ### Cleaning rules - ---- a/tools/perf/Documentation/Makefile -+++ b/tools/perf/Documentation/Makefile -@@ -194,14 +194,16 @@ ifdef missing_tools - $(error "You need to install $(missing_tools) for man pages") - endif - --do-install-man: man -+do-install-man: $(addprefix install-man-,$(_DOC_MAN1)) -+ -+install-man-perf.1: $(OUTPUT)perf.1 -+ $(INSTALL) -d -m 755 $(DESTDIR)$(man1dir) -+ sed -e 's/"PERF"/"PERF_$(VERSION)"/' -e 's/fBperf-/fBperf_$(VERSION)-/g' $^ > $(DESTDIR)$(man1dir)/perf_$(VERSION).1 -+ -+install-man-perf%.1: $(OUTPUT)perf%.1 - $(call QUIET_INSTALL, Documentation-man) \ - $(INSTALL) -d -m 755 $(DESTDIR)$(man1dir); \ --# $(INSTALL) -d -m 755 $(DESTDIR)$(man5dir); \ --# $(INSTALL) -d -m 755 $(DESTDIR)$(man7dir); \ -- $(INSTALL) -m 644 $(DOC_MAN1) $(DESTDIR)$(man1dir); \ --# $(INSTALL) -m 644 $(DOC_MAN5) $(DESTDIR)$(man5dir); \ --# $(INSTALL) -m 644 $(DOC_MAN7) $(DESTDIR)$(man7dir) -+ sed -e 's/"PERF\\-/"PERF_$(VERSION)\\-/' -e 's/fBperf-/fBperf_$(VERSION)-/g' $^ > $(DESTDIR)$(man1dir)/perf_$(VERSION)$*.1 - - install-man: check-man-tools man do-install-man - ---- a/tools/perf/util/Build -+++ b/tools/perf/util/Build -@@ -193,6 +193,7 @@ CFLAGS_libstring.o += -Wno-unused-pa - CFLAGS_hweight.o += -Wno-unused-parameter -DETC_PERFCONFIG="BUILD_STR($(ETC_PERFCONFIG_SQ))" - CFLAGS_parse-events.o += -Wno-redundant-decls - CFLAGS_header.o += -include $(OUTPUT)PERF-VERSION-FILE -+CFLAGS_vdso.o += -DPERFEXECDIR='"$(perfexec_instdir_SQ)"' - - $(OUTPUT)util/kallsyms.o: ../lib/symbol/kallsyms.c FORCE - $(call rule_mkdir) ---- a/tools/perf/util/vdso.c -+++ b/tools/perf/util/vdso.c -@@ -52,12 +52,12 @@ static struct vdso_info *vdso_info__new( - .vdso32 = { - .temp_file_name = VDSO__TEMP_FILE_NAME, - .dso_name = DSO__NAME_VDSO32, -- .read_prog = "perf-read-vdso32", -+ .read_prog = PERFEXECDIR "/perf-read-vdso32", - }, - .vdsox32 = { - .temp_file_name = VDSO__TEMP_FILE_NAME, - .dso_name = DSO__NAME_VDSOX32, -- .read_prog = "perf-read-vdsox32", -+ .read_prog = PERFEXECDIR "/perf-read-vdsox32", - }, - #endif - }; diff --git a/debian/patches/debian/uname-version-timestamp.patch b/debian/patches/debian/uname-version-timestamp.patch deleted file mode 100644 index 5cd565c1e014..000000000000 --- a/debian/patches/debian/uname-version-timestamp.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: Ben Hutchings -Subject: Make mkcompile_h accept an alternate timestamp string -Date: Tue, 12 May 2015 19:29:22 +0100 -Forwarded: not-needed - -We want to include the Debian version in the utsname::version string -instead of a full timestamp string. However, we still need to provide -a standard timestamp string for gen_initramfs_list.sh to make the -kernel image reproducible. - -Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to -$KBUILD_BUILD_TIMESTAMP. - ---- a/scripts/mkcompile_h -+++ b/scripts/mkcompile_h -@@ -37,10 +37,14 @@ else - VERSION=$KBUILD_BUILD_VERSION - fi - --if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then -- TIMESTAMP=`date` -+if [ -z "$KBUILD_BUILD_VERSION_TIMESTAMP" ]; then -+ if [ -z "$KBUILD_BUILD_TIMESTAMP" ]; then -+ TIMESTAMP=`date` -+ else -+ TIMESTAMP=$KBUILD_BUILD_TIMESTAMP -+ fi - else -- TIMESTAMP=$KBUILD_BUILD_TIMESTAMP -+ TIMESTAMP=$KBUILD_BUILD_VERSION_TIMESTAMP - fi - if test -z "$KBUILD_BUILD_USER"; then - LINUX_COMPILE_BY=$(whoami | sed 's/\\/\\\\/') diff --git a/debian/patches/debian/version.patch b/debian/patches/debian/version.patch deleted file mode 100644 index 0d98a64dc4ec..000000000000 --- a/debian/patches/debian/version.patch +++ /dev/null @@ -1,188 +0,0 @@ -From: Ben Hutchings -Subject: Include package version along with kernel release in stack traces -Date: Tue, 24 Jul 2012 03:13:10 +0100 -Forwarded: not-needed - -For distribution binary packages we assume -$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION -are set. ---- - Makefile | 16 +++++++++++++++- - arch/ia64/kernel/process.c | 5 +++-- - arch/powerpc/kernel/process.c | 6 ++++-- - arch/x86/um/sysrq_64.c | 6 ++++-- - kernel/hung_task.c | 6 ++++-- - lib/dump_stack.c | 6 ++++-- - 6 files changed, 34 insertions(+), 11 deletions(-) - -diff --git a/Makefile b/Makefile -index f87a5d6ab78b..36e3cc18c023 100644 ---- a/Makefile -+++ b/Makefile -@@ -1102,7 +1102,8 @@ scripts: scripts_basic scripts_dtc - PHONY += prepare archprepare - - archprepare: outputmakefile archheaders archscripts scripts include/config/kernel.release \ -- asm-generic $(version_h) $(autoksyms_h) include/generated/utsrelease.h -+ asm-generic $(version_h) $(autoksyms_h) include/generated/utsrelease.h \ -+ include/generated/package.h - - prepare0: archprepare - $(Q)$(MAKE) $(build)=scripts/mod -@@ -1154,6 +1155,16 @@ define filechk_version.h - echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))' - endef - -+ifneq ($(DISTRIBUTION_OFFICIAL_BUILD),) -+define filechk_package.h -+ echo \#define LINUX_PACKAGE_ID \" $(DISTRIBUTOR) $(DISTRIBUTION_VERSION)\" -+endef -+else -+define filechk_package.h -+ echo \#define LINUX_PACKAGE_ID \"\" -+endef -+endif -+ - $(version_h): FORCE - $(call filechk,version.h) - $(Q)rm -f $(old_version_h) -@@ -1161,6 +1172,9 @@ $(version_h): FORCE - include/generated/utsrelease.h: include/config/kernel.release FORCE - $(call filechk,utsrelease.h) - -+include/generated/package.h: $(srctree)/Makefile FORCE -+ $(call filechk,package.h) -+ - PHONY += headerdep - headerdep: - $(Q)find $(srctree)/include/ -name '*.h' | xargs --max-args 1 \ -diff --git a/arch/ia64/kernel/process.c b/arch/ia64/kernel/process.c -index 968b5f33e725..6bdf68c1c5c1 100644 ---- a/arch/ia64/kernel/process.c -+++ b/arch/ia64/kernel/process.c -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -104,9 +105,9 @@ show_regs (struct pt_regs *regs) - print_modules(); - printk("\n"); - show_regs_print_info(KERN_DEFAULT); -- printk("psr : %016lx ifs : %016lx ip : [<%016lx>] %s (%s)\n", -+ printk("psr : %016lx ifs : %016lx ip : [<%016lx>] %s (%s%s)\n", - regs->cr_ipsr, regs->cr_ifs, ip, print_tainted(), -- init_utsname()->release); -+ init_utsname()->release, LINUX_PACKAGE_ID); - printk("ip is at %pS\n", (void *)ip); - printk("unat: %016lx pfs : %016lx rsc : %016lx\n", - regs->ar_unat, regs->ar_pfs, regs->ar_rsc); -diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 639ceae7da9d..34106d761e91 100644 ---- a/arch/powerpc/kernel/process.c -+++ b/arch/powerpc/kernel/process.c -@@ -40,6 +40,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -1393,8 +1394,9 @@ void show_regs(struct pt_regs * regs) - - printk("NIP: "REG" LR: "REG" CTR: "REG"\n", - regs->nip, regs->link, regs->ctr); -- printk("REGS: %px TRAP: %04lx %s (%s)\n", -- regs, regs->trap, print_tainted(), init_utsname()->release); -+ printk("REGS: %px TRAP: %04lx %s (%s%s)\n", -+ regs, regs->trap, print_tainted(), init_utsname()->release, -+ LINUX_PACKAGE_ID); - printk("MSR: "REG" ", regs->msr); - print_msr_bits(regs->msr); - pr_cont(" CR: %08lx XER: %08lx\n", regs->ccr, regs->xer); -diff --git a/arch/x86/um/sysrq_64.c b/arch/x86/um/sysrq_64.c -index 903ad91b624f..7fdad4fc204d 100644 ---- a/arch/x86/um/sysrq_64.c -+++ b/arch/x86/um/sysrq_64.c -@@ -9,6 +9,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -17,8 +18,9 @@ void show_regs(struct pt_regs *regs) - { - printk("\n"); - print_modules(); -- printk(KERN_INFO "Pid: %d, comm: %.20s %s %s\n", task_pid_nr(current), -- current->comm, print_tainted(), init_utsname()->release); -+ printk(KERN_INFO "Pid: %d, comm: %.20s %s %s%s\n", task_pid_nr(current), -+ current->comm, print_tainted(), init_utsname()->release, -+ LINUX_PACKAGE_ID); - printk(KERN_INFO "RIP: %04lx:[<%016lx>]\n", PT_REGS_CS(regs) & 0xffff, - PT_REGS_IP(regs)); - printk(KERN_INFO "RSP: %016lx EFLAGS: %08lx\n", PT_REGS_SP(regs), -diff --git a/kernel/hung_task.c b/kernel/hung_task.c -index 14a625c16cb3..3a6229c93a76 100644 ---- a/kernel/hung_task.c -+++ b/kernel/hung_task.c -@@ -23,6 +23,7 @@ - #include - - #include -+#include - - /* - * The number of tasks checked: -@@ -129,10 +130,11 @@ static void check_hung_task(struct task_struct *t, unsigned long timeout) - sysctl_hung_task_warnings--; - pr_err("INFO: task %s:%d blocked for more than %ld seconds.\n", - t->comm, t->pid, (jiffies - t->last_switch_time) / HZ); -- pr_err(" %s %s %.*s\n", -+ pr_err(" %s %s %.*s%s\n", - print_tainted(), init_utsname()->release, - (int)strcspn(init_utsname()->version, " "), -- init_utsname()->version); -+ init_utsname()->version, -+ LINUX_PACKAGE_ID); - pr_err("\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\"" - " disables this message.\n"); - sched_show_task(t); -diff --git a/lib/dump_stack.c b/lib/dump_stack.c -index 5cff72f18c4a..cd526798ce68 100644 ---- a/lib/dump_stack.c -+++ b/lib/dump_stack.c -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include - - static char dump_stack_arch_desc_str[128]; - -@@ -44,13 +45,14 @@ void __init dump_stack_set_arch_desc(const char *fmt, ...) - */ - void dump_stack_print_info(const char *log_lvl) - { -- printk("%sCPU: %d PID: %d Comm: %.20s %s%s %s %.*s\n", -+ printk("%sCPU: %d PID: %d Comm: %.20s %s%s %s %.*s%s\n", - log_lvl, raw_smp_processor_id(), current->pid, current->comm, - kexec_crash_loaded() ? "Kdump: loaded " : "", - print_tainted(), - init_utsname()->release, - (int)strcspn(init_utsname()->version, " "), -- init_utsname()->version); -+ init_utsname()->version, -+ LINUX_PACKAGE_ID); - - if (dump_stack_arch_desc_str[0] != '\0') - printk("%sHardware name: %s\n", --- -2.23.0 - diff --git a/debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch b/debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch deleted file mode 100644 index 5e9bc434fc74..000000000000 --- a/debian/patches/debian/wireless-add-debian-wireless-regdb-certificates.patch +++ /dev/null @@ -1,961 +0,0 @@ -From: Ben Hutchings -Date: Fri, 13 Apr 2018 20:10:28 +0100 -Subject: wireless: Add Debian wireless-regdb certificates -Forwarded: not-needed - -This hex dump is generated using: - -{ - for cert in debian/certs/wireless-regdb-*.pem; do - openssl x509 -in $cert -outform der; - done -} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex - ---- ---- /dev/null -+++ b/net/wireless/certs/debian.hex -@@ -0,0 +1,944 @@ -+0x30, -+0x82, -+0x03, -+0xac, -+0x30, -+0x82, -+0x02, -+0x94, -+0xa0, -+0x03, -+0x02, -+0x01, -+0x02, -+0x02, -+0x09, -+0x00, -+0xd9, -+0xb1, -+0xe4, -+0x6f, -+0x28, -+0xf3, -+0xd4, -+0x97, -+0x30, -+0x0d, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x01, -+0x0b, -+0x05, -+0x00, -+0x30, -+0x6b, -+0x31, -+0x0b, -+0x30, -+0x09, -+0x06, -+0x03, -+0x55, -+0x04, -+0x06, -+0x13, -+0x02, -+0x47, -+0x42, -+0x31, -+0x13, -+0x30, -+0x11, -+0x06, -+0x03, -+0x55, -+0x04, -+0x07, -+0x0c, -+0x0a, -+0x4d, -+0x61, -+0x6e, -+0x63, -+0x68, -+0x65, -+0x73, -+0x74, -+0x65, -+0x72, -+0x31, -+0x0f, -+0x30, -+0x0d, -+0x06, -+0x03, -+0x55, -+0x04, -+0x0a, -+0x0c, -+0x06, -+0x44, -+0x65, -+0x62, -+0x69, -+0x61, -+0x6e, -+0x31, -+0x16, -+0x30, -+0x14, -+0x06, -+0x03, -+0x55, -+0x04, -+0x03, -+0x0c, -+0x0d, -+0x42, -+0x65, -+0x6e, -+0x20, -+0x48, -+0x75, -+0x74, -+0x63, -+0x68, -+0x69, -+0x6e, -+0x67, -+0x73, -+0x31, -+0x1e, -+0x30, -+0x1c, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x09, -+0x01, -+0x16, -+0x0f, -+0x62, -+0x65, -+0x6e, -+0x68, -+0x40, -+0x64, -+0x65, -+0x62, -+0x69, -+0x61, -+0x6e, -+0x2e, -+0x6f, -+0x72, -+0x67, -+0x30, -+0x1e, -+0x17, -+0x0d, -+0x31, -+0x38, -+0x30, -+0x34, -+0x31, -+0x33, -+0x31, -+0x38, -+0x32, -+0x31, -+0x34, -+0x36, -+0x5a, -+0x17, -+0x0d, -+0x31, -+0x38, -+0x30, -+0x35, -+0x31, -+0x33, -+0x31, -+0x38, -+0x32, -+0x31, -+0x34, -+0x36, -+0x5a, -+0x30, -+0x6b, -+0x31, -+0x0b, -+0x30, -+0x09, -+0x06, -+0x03, -+0x55, -+0x04, -+0x06, -+0x13, -+0x02, -+0x47, -+0x42, -+0x31, -+0x13, -+0x30, -+0x11, -+0x06, -+0x03, -+0x55, -+0x04, -+0x07, -+0x0c, -+0x0a, -+0x4d, -+0x61, -+0x6e, -+0x63, -+0x68, -+0x65, -+0x73, -+0x74, -+0x65, -+0x72, -+0x31, -+0x0f, -+0x30, -+0x0d, -+0x06, -+0x03, -+0x55, -+0x04, -+0x0a, -+0x0c, -+0x06, -+0x44, -+0x65, -+0x62, -+0x69, -+0x61, -+0x6e, -+0x31, -+0x16, -+0x30, -+0x14, -+0x06, -+0x03, -+0x55, -+0x04, -+0x03, -+0x0c, -+0x0d, -+0x42, -+0x65, -+0x6e, -+0x20, -+0x48, -+0x75, -+0x74, -+0x63, -+0x68, -+0x69, -+0x6e, -+0x67, -+0x73, -+0x31, -+0x1e, -+0x30, -+0x1c, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x09, -+0x01, -+0x16, -+0x0f, -+0x62, -+0x65, -+0x6e, -+0x68, -+0x40, -+0x64, -+0x65, -+0x62, -+0x69, -+0x61, -+0x6e, -+0x2e, -+0x6f, -+0x72, -+0x67, -+0x30, -+0x82, -+0x01, -+0x22, -+0x30, -+0x0d, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x01, -+0x01, -+0x05, -+0x00, -+0x03, -+0x82, -+0x01, -+0x0f, -+0x00, -+0x30, -+0x82, -+0x01, -+0x0a, -+0x02, -+0x82, -+0x01, -+0x01, -+0x00, -+0x9d, -+0xe1, -+0x77, -+0xa0, -+0x24, -+0xa0, -+0xd5, -+0x79, -+0x65, -+0x3a, -+0x07, -+0x90, -+0xc9, -+0xf6, -+0xa5, -+0xa6, -+0x1f, -+0x84, -+0x1c, -+0x23, -+0x07, -+0x4b, -+0x4f, -+0xa5, -+0x03, -+0xc6, -+0x0f, -+0xf7, -+0x54, -+0xd5, -+0x8b, -+0x7e, -+0x79, -+0x81, -+0x00, -+0xd2, -+0xe9, -+0x3d, -+0xf4, -+0x97, -+0xfe, -+0x84, -+0xcd, -+0x55, -+0xbd, -+0xc9, -+0x8f, -+0x21, -+0x57, -+0x88, -+0x06, -+0x39, -+0x90, -+0x66, -+0x41, -+0x26, -+0x79, -+0x2c, -+0xca, -+0x3f, -+0x95, -+0x87, -+0x01, -+0x11, -+0x2f, -+0x2f, -+0xb0, -+0xe1, -+0x0b, -+0x43, -+0xfc, -+0x5f, -+0x2f, -+0x4f, -+0x67, -+0x04, -+0xdb, -+0x4d, -+0xb7, -+0x72, -+0x4d, -+0xd1, -+0xc5, -+0x76, -+0x73, -+0x4d, -+0x91, -+0x69, -+0xb0, -+0x71, -+0x17, -+0x36, -+0xea, -+0xab, -+0x0a, -+0x3a, -+0xcd, -+0x95, -+0x9b, -+0x76, -+0x1b, -+0x8e, -+0x21, -+0x17, -+0x8f, -+0xc5, -+0x02, -+0xbf, -+0x24, -+0xc7, -+0xc0, -+0x40, -+0xb1, -+0x3b, -+0xc4, -+0x80, -+0x7c, -+0x71, -+0xa5, -+0x51, -+0xdc, -+0xf7, -+0x3a, -+0x58, -+0x7f, -+0xb1, -+0x07, -+0x81, -+0x8a, -+0x10, -+0xd1, -+0xf6, -+0x93, -+0x17, -+0x71, -+0xe0, -+0xfa, -+0x51, -+0x79, -+0x15, -+0xd4, -+0xd7, -+0x8f, -+0xad, -+0xbd, -+0x6f, -+0x38, -+0xe1, -+0x26, -+0x7d, -+0xbc, -+0xf0, -+0x3e, -+0x80, -+0x89, -+0xb4, -+0xec, -+0x8e, -+0x69, -+0x90, -+0xdb, -+0x97, -+0x8a, -+0xf0, -+0x23, -+0x23, -+0x83, -+0x82, -+0x3b, -+0x6a, -+0xb1, -+0xac, -+0xeb, -+0xe7, -+0x99, -+0x74, -+0x2a, -+0x35, -+0x8e, -+0xa9, -+0x64, -+0xfd, -+0x46, -+0x9e, -+0xe8, -+0xe5, -+0x48, -+0x61, -+0x31, -+0x6e, -+0xe6, -+0xfc, -+0x19, -+0x18, -+0x54, -+0xc3, -+0x1b, -+0x4f, -+0xd6, -+0x00, -+0x44, -+0x87, -+0x1c, -+0x37, -+0x45, -+0xea, -+0xf5, -+0xc9, -+0xcb, -+0x0f, -+0x0c, -+0x55, -+0xec, -+0xcf, -+0x6a, -+0xc2, -+0x45, -+0x26, -+0x23, -+0xa2, -+0x31, -+0x52, -+0x4d, -+0xee, -+0x21, -+0x7d, -+0xfd, -+0x58, -+0x72, -+0xc2, -+0x28, -+0xc5, -+0x8e, -+0xa9, -+0xd0, -+0xee, -+0x01, -+0x77, -+0x08, -+0xa5, -+0xf0, -+0x22, -+0x2b, -+0x47, -+0x79, -+0x2b, -+0xcf, -+0x9a, -+0x46, -+0xb5, -+0x8f, -+0xfd, -+0x64, -+0xa2, -+0xb5, -+0xed, -+0x02, -+0x03, -+0x01, -+0x00, -+0x01, -+0xa3, -+0x53, -+0x30, -+0x51, -+0x30, -+0x1d, -+0x06, -+0x03, -+0x55, -+0x1d, -+0x0e, -+0x04, -+0x16, -+0x04, -+0x14, -+0xd3, -+0xfb, -+0x2d, -+0xdb, -+0xf0, -+0x8e, -+0xfa, -+0x67, -+0x6d, -+0x2f, -+0x21, -+0x99, -+0x4c, -+0xeb, -+0x41, -+0x59, -+0xe6, -+0x9d, -+0xd8, -+0xd5, -+0x30, -+0x1f, -+0x06, -+0x03, -+0x55, -+0x1d, -+0x23, -+0x04, -+0x18, -+0x30, -+0x16, -+0x80, -+0x14, -+0xd3, -+0xfb, -+0x2d, -+0xdb, -+0xf0, -+0x8e, -+0xfa, -+0x67, -+0x6d, -+0x2f, -+0x21, -+0x99, -+0x4c, -+0xeb, -+0x41, -+0x59, -+0xe6, -+0x9d, -+0xd8, -+0xd5, -+0x30, -+0x0f, -+0x06, -+0x03, -+0x55, -+0x1d, -+0x13, -+0x01, -+0x01, -+0xff, -+0x04, -+0x05, -+0x30, -+0x03, -+0x01, -+0x01, -+0xff, -+0x30, -+0x0d, -+0x06, -+0x09, -+0x2a, -+0x86, -+0x48, -+0x86, -+0xf7, -+0x0d, -+0x01, -+0x01, -+0x0b, -+0x05, -+0x00, -+0x03, -+0x82, -+0x01, -+0x01, -+0x00, -+0x71, -+0x71, -+0xe4, -+0xcd, -+0x40, -+0x84, -+0xf3, -+0x60, -+0x34, -+0x6a, -+0x78, -+0xdc, -+0xe7, -+0x81, -+0x20, -+0x8f, -+0x1e, -+0x7f, -+0x54, -+0x31, -+0x8e, -+0x4a, -+0xe5, -+0x69, -+0x91, -+0x1c, -+0x4c, -+0x77, -+0x00, -+0x47, -+0x09, -+0x98, -+0x91, -+0xf4, -+0x27, -+0x52, -+0x9a, -+0x2d, -+0x30, -+0x87, -+0x4c, -+0x51, -+0x51, -+0x1f, -+0xae, -+0xd8, -+0x8c, -+0xdb, -+0x3c, -+0x73, -+0x06, -+0x43, -+0xc6, -+0x1f, -+0x3a, -+0xba, -+0xaf, -+0x9e, -+0xd2, -+0xeb, -+0x3e, -+0x9f, -+0xd1, -+0xb2, -+0x8a, -+0xa2, -+0x16, -+0x08, -+0x26, -+0xa1, -+0x39, -+0x0c, -+0x63, -+0xe7, -+0x2d, -+0x78, -+0x9c, -+0xac, -+0x2c, -+0x4e, -+0x69, -+0xd5, -+0xa0, -+0xfd, -+0xbd, -+0xea, -+0x95, -+0xfe, -+0xe2, -+0x69, -+0x06, -+0xe1, -+0xb2, -+0x27, -+0x90, -+0x68, -+0xd8, -+0x3a, -+0xac, -+0xd6, -+0xa0, -+0x4e, -+0xe2, -+0x8a, -+0xfa, -+0xff, -+0x9c, -+0x98, -+0x6b, -+0x60, -+0x83, -+0xea, -+0xe7, -+0x46, -+0x24, -+0x09, -+0x21, -+0x12, -+0xa8, -+0xfe, -+0xaa, -+0x46, -+0x0d, -+0x24, -+0xa5, -+0xcf, -+0x52, -+0x37, -+0x48, -+0xb9, -+0xe2, -+0xb1, -+0xd6, -+0xb0, -+0xe4, -+0xbf, -+0x6f, -+0x59, -+0x7b, -+0x17, -+0x9e, -+0xdd, -+0x24, -+0x00, -+0xee, -+0xc6, -+0x89, -+0x76, -+0xe9, -+0x35, -+0x40, -+0x1f, -+0xeb, -+0x7d, -+0x23, -+0x8c, -+0xed, -+0x13, -+0x6c, -+0x66, -+0xbc, -+0xc4, -+0x88, -+0xb5, -+0x55, -+0x9a, -+0xec, -+0xbd, -+0x52, -+0x0d, -+0x0b, -+0xc5, -+0x40, -+0xe1, -+0xfe, -+0xb7, -+0x20, -+0xb1, -+0x22, -+0x16, -+0x32, -+0xed, -+0x28, -+0x3e, -+0x1f, -+0xbf, -+0xf2, -+0x00, -+0x12, -+0x75, -+0x92, -+0xd7, -+0x99, -+0x2e, -+0x25, -+0xfb, -+0xf2, -+0xe6, -+0xfd, -+0x2a, -+0x10, -+0xd1, -+0x75, -+0x89, -+0x31, -+0x52, -+0xe4, -+0xb2, -+0xc2, -+0xee, -+0xcd, -+0x41, -+0xa3, -+0x08, -+0x48, -+0x18, -+0x5e, -+0x66, -+0x42, -+0x67, -+0xcf, -+0x0b, -+0x2a, -+0x26, -+0x6b, -+0x65, -+0x87, -+0x4d, -+0xfa, -+0x04, -+0x51, -+0xec, -+0xed, -+0x03, -+0x8b, -+0x38, -+0x52, -+0x93, -+0x6d, -+0xc4, -+0x30, -+0x41, -+0x9a, -+0x6c, -+0x28, -+0x35, -+0xf0, -+0x87, -+0x15, -+0xce, -+0x78, -+0x4f, -+0x32, -+0xca, -+0x52, -+0xed, diff --git a/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch b/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch deleted file mode 100644 index ff0321177832..000000000000 --- a/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Ben Hutchings -Date: Thu, 05 Apr 2018 18:13:52 +0200 -Subject: wireless: Disable regulatory.db direct loading -Forwarded: not-needed -Bug-Debian: https://bugs.debian.org/892229 - -Don't complain about being unable to load regulatory.db directly. -This is expected until we generate a signing key and update -wireless-regdb to be signed with it. - ---- a/net/wireless/reg.c -+++ b/net/wireless/reg.c -@@ -476,6 +476,7 @@ static void reg_regdb_apply(struct work_ - - static DECLARE_WORK(reg_regdb_work, reg_regdb_apply); - -+#if 0 - static int reg_schedule_apply(const struct ieee80211_regdomain *regdom) - { - struct reg_regdb_apply_request *request; -@@ -495,6 +496,7 @@ static int reg_schedule_apply(const stru - schedule_work(®_regdb_work); - return 0; - } -+#endif - - #ifdef CONFIG_CFG80211_CRDA_SUPPORT - /* Max number of consecutive attempts to communicate with CRDA */ -@@ -574,6 +576,35 @@ static inline int call_crda(const char * - /* code to directly load a firmware database through request_firmware */ - static const struct fwdb_header *regdb; - -+#if 1 -+ -+static int load_builtin_regdb_keys(void) -+{ -+ return 0; -+} -+ -+static void free_regdb_keyring(void) -+{ -+} -+ -+static int query_regdb_file(const char *alpha2) -+{ -+ return -ENOENT; -+} -+ -+int reg_reload_regdb(void) -+{ -+ return -ENOENT; -+} -+ -+int reg_query_regdb_wmm(char *alpha2, int freq, struct ieee80211_reg_rule *rule) -+{ -+ return -ENODATA; -+} -+EXPORT_SYMBOL(reg_query_regdb_wmm); -+ -+#else /* disabled until we update wireless-regdb */ -+ - struct fwdb_country { - u8 alpha2[2]; - __be16 coll_ptr; -@@ -1090,6 +1121,8 @@ int reg_reload_regdb(void) - return err; - } - -+#endif -+ - static bool reg_query_database(struct regulatory_request *request) - { - if (query_regdb_file(request->alpha2) == 0) diff --git a/debian/patches/debian/yama-disable-by-default.patch b/debian/patches/debian/yama-disable-by-default.patch deleted file mode 100644 index c33ac0c9d6cc..000000000000 --- a/debian/patches/debian/yama-disable-by-default.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Ben Hutchings -Subject: yama: Disable by default -Date: Wed, 19 Jun 2013 04:35:28 +0100 -Bug-Debian: https://bugs.debian.org/712740 -Forwarded: not-needed - ---- - security/yama/yama_lsm.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c -index efac68556b45..95ff3e778a17 100644 ---- a/security/yama/yama_lsm.c -+++ b/security/yama/yama_lsm.c -@@ -28,7 +28,7 @@ - #define YAMA_SCOPE_CAPABILITY 2 - #define YAMA_SCOPE_NO_ATTACH 3 - --static int ptrace_scope = YAMA_SCOPE_RELATIONAL; -+static int ptrace_scope = YAMA_SCOPE_DISABLED; - - /* describe a ptrace relationship for potential exception */ - struct ptrace_relation { -@@ -481,7 +481,7 @@ static inline void yama_init_sysctl(void) { } - - static int __init yama_init(void) - { -- pr_info("Yama: becoming mindful.\n"); -+ pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); - yama_init_sysctl(); - return 0; diff --git a/debian/patches/features/all/aufs5/aufs5-base.patch b/debian/patches/features/all/aufs5/aufs5-base.patch deleted file mode 100644 index 7d745da9f6ea..000000000000 --- a/debian/patches/features/all/aufs5/aufs5-base.patch +++ /dev/null @@ -1,328 +0,0 @@ -From: J. R. Okajima -Date: Sat Aug 3 23:41:50 2019 +0900 -Subject: aufs5.x-rcN base patch -Origin: https://github.com/sfjro/aufs5-standalone/tree/3326ef6942b5e40f0ecc8248a6a77002d942ea7d -Bug-Debian: https://bugs.debian.org/541828 - -Patch headers added by debian/bin/genpatch-aufs - -SPDX-License-Identifier: GPL-2.0 -aufs5.x-rcN base patch - -diff --git a/MAINTAINERS b/MAINTAINERS -index 6426db5198f0..332a330a8614 100644 ---- a/MAINTAINERS -+++ b/MAINTAINERS -@@ -2818,6 +2818,19 @@ F: include/linux/audit.h - F: include/uapi/linux/audit.h - F: kernel/audit* - -+AUFS (advanced multi layered unification filesystem) FILESYSTEM -+M: "J. R. Okajima" -+L: aufs-users@lists.sourceforge.net (members only) -+L: linux-unionfs@vger.kernel.org -+W: http://aufs.sourceforge.net -+T: git://github.com/sfjro/aufs4-linux.git -+S: Supported -+F: Documentation/filesystems/aufs/ -+F: Documentation/ABI/testing/debugfs-aufs -+F: Documentation/ABI/testing/sysfs-aufs -+F: fs/aufs/ -+F: include/uapi/linux/aufs_type.h -+ - AUXILIARY DISPLAY DRIVERS - M: Miguel Ojeda Sandonis - S: Maintained -diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 44c9985f352a..fc0584d8b8fd 100644 ---- a/drivers/block/loop.c -+++ b/drivers/block/loop.c -@@ -738,6 +738,24 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, - return error; - } - -+/* -+ * for AUFS -+ * no get/put for file. -+ */ -+struct file *loop_backing_file(struct super_block *sb) -+{ -+ struct file *ret; -+ struct loop_device *l; -+ -+ ret = NULL; -+ if (MAJOR(sb->s_dev) == LOOP_MAJOR) { -+ l = sb->s_bdev->bd_disk->private_data; -+ ret = l->lo_backing_file; -+ } -+ return ret; -+} -+EXPORT_SYMBOL_GPL(loop_backing_file); -+ - /* loop sysfs attributes */ - - static ssize_t loop_attr_show(struct device *dev, char *page, -diff --git a/fs/dcache.c b/fs/dcache.c -index e88cf0554e65..7ce4ccf5a51c 100644 ---- a/fs/dcache.c -+++ b/fs/dcache.c -@@ -1264,7 +1264,7 @@ enum d_walk_ret { - * - * The @enter() callbacks are called with d_lock held. - */ --static void d_walk(struct dentry *parent, void *data, -+void d_walk(struct dentry *parent, void *data, - enum d_walk_ret (*enter)(void *, struct dentry *)) - { - struct dentry *this_parent; -diff --git a/fs/fcntl.c b/fs/fcntl.c -index 3d40771e8e7c..d62303c5472a 100644 ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -32,7 +32,7 @@ - - #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME) - --static int setfl(int fd, struct file * filp, unsigned long arg) -+int setfl(int fd, struct file * filp, unsigned long arg) - { - struct inode * inode = file_inode(filp); - int error = 0; -@@ -63,6 +63,8 @@ static int setfl(int fd, struct file * filp, unsigned long arg) - - if (filp->f_op->check_flags) - error = filp->f_op->check_flags(arg); -+ if (!error && filp->f_op->setfl) -+ error = filp->f_op->setfl(filp, arg); - if (error) - return error; - -diff --git a/fs/inode.c b/fs/inode.c -index 0f1e3b563c47..43df8452f97d 100644 ---- a/fs/inode.c -+++ b/fs/inode.c -@@ -1670,7 +1670,7 @@ EXPORT_SYMBOL(generic_update_time); - * This does the actual work of updating an inodes time or version. Must have - * had called mnt_want_write() before calling this. - */ --static int update_time(struct inode *inode, struct timespec64 *time, int flags) -+int update_time(struct inode *inode, struct timespec64 *time, int flags) - { - int (*update_time)(struct inode *, struct timespec64 *, int); - -diff --git a/fs/namespace.c b/fs/namespace.c -index d28d30b13043..34c8093ddb1d 100644 ---- a/fs/namespace.c -+++ b/fs/namespace.c -@@ -776,6 +776,12 @@ static inline int check_mnt(struct mount *mnt) - return mnt->mnt_ns == current->nsproxy->mnt_ns; - } - -+/* for aufs, CONFIG_AUFS_BR_FUSE */ -+int is_current_mnt_ns(struct vfsmount *mnt) -+{ -+ return check_mnt(real_mount(mnt)); -+} -+ - /* - * vfsmount lock must be held for write - */ -diff --git a/fs/read_write.c b/fs/read_write.c -index 1f5088dec566..f84e1d9c2434 100644 ---- a/fs/read_write.c -+++ b/fs/read_write.c -@@ -498,6 +498,28 @@ static ssize_t __vfs_write(struct file *file, const char __user *p, - return -EINVAL; - } - -+vfs_readf_t vfs_readf(struct file *file) -+{ -+ const struct file_operations *fop = file->f_op; -+ -+ if (fop->read) -+ return fop->read; -+ if (fop->read_iter) -+ return new_sync_read; -+ return ERR_PTR(-ENOSYS); -+} -+ -+vfs_writef_t vfs_writef(struct file *file) -+{ -+ const struct file_operations *fop = file->f_op; -+ -+ if (fop->write) -+ return fop->write; -+ if (fop->write_iter) -+ return new_sync_write; -+ return ERR_PTR(-ENOSYS); -+} -+ - ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) - { - mm_segment_t old_fs; -diff --git a/fs/splice.c b/fs/splice.c -index 98412721f056..75b489fcb66f 100644 ---- a/fs/splice.c -+++ b/fs/splice.c -@@ -834,8 +834,8 @@ EXPORT_SYMBOL(generic_splice_sendpage); - /* - * Attempt to initiate a splice from pipe to file. - */ --static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, -- loff_t *ppos, size_t len, unsigned int flags) -+long do_splice_from(struct pipe_inode_info *pipe, struct file *out, -+ loff_t *ppos, size_t len, unsigned int flags) - { - ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, - loff_t *, size_t, unsigned int); -@@ -851,9 +851,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, - /* - * Attempt to initiate a splice from a file to a pipe. - */ --static long do_splice_to(struct file *in, loff_t *ppos, -- struct pipe_inode_info *pipe, size_t len, -- unsigned int flags) -+long do_splice_to(struct file *in, loff_t *ppos, -+ struct pipe_inode_info *pipe, size_t len, -+ unsigned int flags) - { - ssize_t (*splice_read)(struct file *, loff_t *, - struct pipe_inode_info *, size_t, unsigned int); -diff --git a/fs/sync.c b/fs/sync.c -index 4d1ff010bc5a..457f4e4a5cc1 100644 ---- a/fs/sync.c -+++ b/fs/sync.c -@@ -28,7 +28,7 @@ - * wait == 1 case since in that case write_inode() functions do - * sync_dirty_buffer() and thus effectively write one block at a time. - */ --static int __sync_filesystem(struct super_block *sb, int wait) -+int __sync_filesystem(struct super_block *sb, int wait) - { - if (wait) - sync_inodes_sb(sb); -diff --git a/include/linux/fs.h b/include/linux/fs.h -index 56b8e358af5c..5e914b18a5a2 100644 ---- a/include/linux/fs.h -+++ b/include/linux/fs.h -@@ -1331,6 +1331,7 @@ extern void fasync_free(struct fasync_struct *); - /* can be called from interrupts */ - extern void kill_fasync(struct fasync_struct **, int, int); - -+extern int setfl(int fd, struct file * filp, unsigned long arg); - extern void __f_setown(struct file *filp, struct pid *, enum pid_type, int force); - extern int f_setown(struct file *filp, unsigned long arg, int force); - extern void f_delown(struct file *filp); -@@ -1810,6 +1811,7 @@ struct file_operations { - ssize_t (*sendpage) (struct file *, struct page *, int, size_t, loff_t *, int); - unsigned long (*get_unmapped_area)(struct file *, unsigned long, unsigned long, unsigned long, unsigned long); - int (*check_flags)(int); -+ int (*setfl)(struct file *, unsigned long); - int (*flock) (struct file *, int, struct file_lock *); - ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int); - ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int); -@@ -1880,6 +1882,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, - struct iovec *fast_pointer, - struct iovec **ret_pointer); - -+typedef ssize_t (*vfs_readf_t)(struct file *, char __user *, size_t, loff_t *); -+typedef ssize_t (*vfs_writef_t)(struct file *, const char __user *, size_t, -+ loff_t *); -+vfs_readf_t vfs_readf(struct file *file); -+vfs_writef_t vfs_writef(struct file *file); -+ - extern ssize_t __vfs_read(struct file *, char __user *, size_t, loff_t *); - extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *); - extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *); -@@ -2298,6 +2306,7 @@ extern int current_umask(void); - extern void ihold(struct inode * inode); - extern void iput(struct inode *); - extern int generic_update_time(struct inode *, struct timespec64 *, int); -+extern int update_time(struct inode *, struct timespec64 *, int); - - /* /sys/fs */ - extern struct kobject *fs_kobj; -@@ -2586,6 +2595,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb) - return false; - } - #endif -+extern int __sync_filesystem(struct super_block *, int); - extern int sync_filesystem(struct super_block *); - extern const struct file_operations def_blk_fops; - extern const struct file_operations def_chr_fops; -diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h -index 0b0d7259276d..12d18e180348 100644 ---- a/include/linux/lockdep.h -+++ b/include/linux/lockdep.h -@@ -334,6 +334,8 @@ static inline int lockdep_match_key(struct lockdep_map *lock, - return lock->key == key; - } - -+struct lock_class *lockdep_hlock_class(struct held_lock *hlock); -+ - /* - * Acquire a lock. - * -@@ -476,6 +478,7 @@ struct lockdep_map { }; - - #define lockdep_depth(tsk) (0) - -+#define lockdep_is_held(lock) (1) - #define lockdep_is_held_type(l, r) (1) - - #define lockdep_assert_held(l) do { (void)(l); } while (0) -diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h -index 35942084cd40..24f5fd1a789d 100644 ---- a/include/linux/mnt_namespace.h -+++ b/include/linux/mnt_namespace.h -@@ -6,11 +6,14 @@ - struct mnt_namespace; - struct fs_struct; - struct user_namespace; -+struct vfsmount; - - extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *, - struct user_namespace *, struct fs_struct *); - extern void put_mnt_ns(struct mnt_namespace *ns); - -+extern int is_current_mnt_ns(struct vfsmount *mnt); -+ - extern const struct file_operations proc_mounts_operations; - extern const struct file_operations proc_mountinfo_operations; - extern const struct file_operations proc_mountstats_operations; -diff --git a/include/linux/splice.h b/include/linux/splice.h -index 74b4911ac16d..19789fbea567 100644 ---- a/include/linux/splice.h -+++ b/include/linux/splice.h -@@ -87,4 +87,10 @@ extern void splice_shrink_spd(struct splice_pipe_desc *); - - extern const struct pipe_buf_operations page_cache_pipe_buf_ops; - extern const struct pipe_buf_operations default_pipe_buf_ops; -+ -+extern long do_splice_from(struct pipe_inode_info *pipe, struct file *out, -+ loff_t *ppos, size_t len, unsigned int flags); -+extern long do_splice_to(struct file *in, loff_t *ppos, -+ struct pipe_inode_info *pipe, size_t len, -+ unsigned int flags); - #endif -diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c -index 4861cf8e274b..ec87ccf82025 100644 ---- a/kernel/locking/lockdep.c -+++ b/kernel/locking/lockdep.c -@@ -153,7 +153,7 @@ static - struct lock_class lock_classes[MAX_LOCKDEP_KEYS]; - static DECLARE_BITMAP(lock_classes_in_use, MAX_LOCKDEP_KEYS); - --static inline struct lock_class *hlock_class(struct held_lock *hlock) -+inline struct lock_class *lockdep_hlock_class(struct held_lock *hlock) - { - unsigned int class_idx = hlock->class_idx; - -@@ -174,6 +174,7 @@ static inline struct lock_class *hlock_class(struct held_lock *hlock) - */ - return lock_classes + class_idx; - } -+#define hlock_class(hlock) lockdep_hlock_class(hlock) - - #ifdef CONFIG_LOCK_STAT - static DEFINE_PER_CPU(struct lock_class_stats[MAX_LOCKDEP_KEYS], cpu_lock_stats); diff --git a/debian/patches/features/all/aufs5/aufs5-mmap.patch b/debian/patches/features/all/aufs5/aufs5-mmap.patch deleted file mode 100644 index 5bfe2a8f08e7..000000000000 --- a/debian/patches/features/all/aufs5/aufs5-mmap.patch +++ /dev/null @@ -1,405 +0,0 @@ -From: J. R. Okajima -Date: Sat Aug 3 23:41:50 2019 +0900 -Subject: aufs5.x-rcN mmap patch -Origin: https://github.com/sfjro/aufs5-standalone/tree/3326ef6942b5e40f0ecc8248a6a77002d942ea7d -Bug-Debian: https://bugs.debian.org/541828 - -Patch headers added by debian/bin/genpatch-aufs - -SPDX-License-Identifier: GPL-2.0 -aufs5.x-rcN mmap patch - -Index: debian-kernel/fs/proc/base.c -=================================================================== ---- debian-kernel.orig/fs/proc/base.c -+++ debian-kernel/fs/proc/base.c -@@ -2037,7 +2037,7 @@ static int map_files_get_link(struct den - rc = -ENOENT; - vma = find_exact_vma(mm, vm_start, vm_end); - if (vma && vma->vm_file) { -- *path = vma->vm_file->f_path; -+ *path = vma_pr_or_file(vma)->f_path; - path_get(path); - rc = 0; - } -Index: debian-kernel/fs/proc/nommu.c -=================================================================== ---- debian-kernel.orig/fs/proc/nommu.c -+++ debian-kernel/fs/proc/nommu.c -@@ -41,7 +41,10 @@ static int nommu_region_show(struct seq_ - file = region->vm_file; - - if (file) { -- struct inode *inode = file_inode(region->vm_file); -+ struct inode *inode; -+ -+ file = vmr_pr_or_file(region); -+ inode = file_inode(file); - dev = inode->i_sb->s_dev; - ino = inode->i_ino; - } -Index: debian-kernel/fs/proc/task_mmu.c -=================================================================== ---- debian-kernel.orig/fs/proc/task_mmu.c -+++ debian-kernel/fs/proc/task_mmu.c -@@ -309,7 +309,10 @@ show_map_vma(struct seq_file *m, struct - const char *name = NULL; - - if (file) { -- struct inode *inode = file_inode(vma->vm_file); -+ struct inode *inode; -+ -+ file = vma_pr_or_file(vma); -+ inode = file_inode(file); - dev = inode->i_sb->s_dev; - ino = inode->i_ino; - pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; -@@ -1819,7 +1822,7 @@ static int show_numa_map(struct seq_file - struct proc_maps_private *proc_priv = &numa_priv->proc_maps; - struct vm_area_struct *vma = v; - struct numa_maps *md = &numa_priv->md; -- struct file *file = vma->vm_file; -+ struct file *file = vma_pr_or_file(vma); - struct mm_struct *mm = vma->vm_mm; - struct mempolicy *pol; - char buffer[64]; -Index: debian-kernel/fs/proc/task_nommu.c -=================================================================== ---- debian-kernel.orig/fs/proc/task_nommu.c -+++ debian-kernel/fs/proc/task_nommu.c -@@ -155,7 +155,10 @@ static int nommu_vma_show(struct seq_fil - file = vma->vm_file; - - if (file) { -- struct inode *inode = file_inode(vma->vm_file); -+ struct inode *inode; -+ -+ file = vma_pr_or_file(vma); -+ inode = file_inode(file); - dev = inode->i_sb->s_dev; - ino = inode->i_ino; - pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT; -Index: debian-kernel/include/linux/mm.h -=================================================================== ---- debian-kernel.orig/include/linux/mm.h -+++ debian-kernel/include/linux/mm.h -@@ -1515,6 +1515,28 @@ static inline void unmap_shared_mapping_ - unmap_mapping_range(mapping, holebegin, holelen, 0); - } - -+extern void vma_do_file_update_time(struct vm_area_struct *, const char[], int); -+extern struct file *vma_do_pr_or_file(struct vm_area_struct *, const char[], -+ int); -+extern void vma_do_get_file(struct vm_area_struct *, const char[], int); -+extern void vma_do_fput(struct vm_area_struct *, const char[], int); -+ -+#define vma_file_update_time(vma) vma_do_file_update_time(vma, __func__, \ -+ __LINE__) -+#define vma_pr_or_file(vma) vma_do_pr_or_file(vma, __func__, \ -+ __LINE__) -+#define vma_get_file(vma) vma_do_get_file(vma, __func__, __LINE__) -+#define vma_fput(vma) vma_do_fput(vma, __func__, __LINE__) -+ -+#ifndef CONFIG_MMU -+extern struct file *vmr_do_pr_or_file(struct vm_region *, const char[], int); -+extern void vmr_do_fput(struct vm_region *, const char[], int); -+ -+#define vmr_pr_or_file(region) vmr_do_pr_or_file(region, __func__, \ -+ __LINE__) -+#define vmr_fput(region) vmr_do_fput(region, __func__, __LINE__) -+#endif /* !CONFIG_MMU */ -+ - extern int access_process_vm(struct task_struct *tsk, unsigned long addr, - void *buf, int len, unsigned int gup_flags); - extern int access_remote_vm(struct mm_struct *mm, unsigned long addr, -Index: debian-kernel/include/linux/mm_types.h -=================================================================== ---- debian-kernel.orig/include/linux/mm_types.h -+++ debian-kernel/include/linux/mm_types.h -@@ -262,6 +262,7 @@ struct vm_region { - unsigned long vm_top; /* region allocated to here */ - unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */ - struct file *vm_file; /* the backing file or NULL */ -+ struct file *vm_prfile; /* the virtual backing file or NULL */ - - int vm_usage; /* region usage count (access under nommu_region_sem) */ - bool vm_icache_flushed : 1; /* true if the icache has been flushed for -@@ -336,6 +337,7 @@ struct vm_area_struct { - unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE - units */ - struct file * vm_file; /* File we map to (can be NULL). */ -+ struct file *vm_prfile; /* shadow of vm_file */ - void * vm_private_data; /* was vm_pte (shared mem) */ - - #ifdef CONFIG_SWAP -Index: debian-kernel/kernel/fork.c -=================================================================== ---- debian-kernel.orig/kernel/fork.c -+++ debian-kernel/kernel/fork.c -@@ -562,7 +562,7 @@ static __latent_entropy int dup_mmap(str - struct inode *inode = file_inode(file); - struct address_space *mapping = file->f_mapping; - -- get_file(file); -+ vma_get_file(tmp); - if (tmp->vm_flags & VM_DENYWRITE) - atomic_dec(&inode->i_writecount); - i_mmap_lock_write(mapping); -Index: debian-kernel/mm/Makefile -=================================================================== ---- debian-kernel.orig/mm/Makefile -+++ debian-kernel/mm/Makefile -@@ -42,7 +42,7 @@ obj-y := filemap.o mempool.o oom_kill. - mm_init.o mmu_context.o percpu.o slab_common.o \ - compaction.o vmacache.o \ - interval_tree.o list_lru.o workingset.o \ -- debug.o gup.o $(mmu-y) -+ prfile.o debug.o gup.o $(mmu-y) - - # Give 'page_alloc' its own module-parameter namespace - page-alloc-y := page_alloc.o -Index: debian-kernel/mm/filemap.c -=================================================================== ---- debian-kernel.orig/mm/filemap.c -+++ debian-kernel/mm/filemap.c -@@ -2695,7 +2695,7 @@ vm_fault_t filemap_page_mkwrite(struct v - vm_fault_t ret = VM_FAULT_LOCKED; - - sb_start_pagefault(inode->i_sb); -- file_update_time(vmf->vma->vm_file); -+ vma_file_update_time(vmf->vma); - lock_page(page); - if (page->mapping != inode->i_mapping) { - unlock_page(page); -Index: debian-kernel/mm/mmap.c -=================================================================== ---- debian-kernel.orig/mm/mmap.c -+++ debian-kernel/mm/mmap.c -@@ -182,7 +182,7 @@ static struct vm_area_struct *remove_vma - if (vma->vm_ops && vma->vm_ops->close) - vma->vm_ops->close(vma); - if (vma->vm_file) -- fput(vma->vm_file); -+ vma_fput(vma); - mpol_put(vma_policy(vma)); - vm_area_free(vma); - return next; -@@ -940,7 +940,7 @@ again: - if (remove_next) { - if (file) { - uprobe_munmap(next, next->vm_start, next->vm_end); -- fput(file); -+ vma_fput(vma); - } - if (next->anon_vma) - anon_vma_merge(vma, next); -@@ -1865,8 +1865,8 @@ out: - return addr; - - unmap_and_free_vma: -+ vma_fput(vma); - vma->vm_file = NULL; -- fput(file); - - /* Undo any partial mapping done by a device driver. */ - unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); -@@ -2695,7 +2695,7 @@ int __split_vma(struct mm_struct *mm, st - goto out_free_mpol; - - if (new->vm_file) -- get_file(new->vm_file); -+ vma_get_file(new); - - if (new->vm_ops && new->vm_ops->open) - new->vm_ops->open(new); -@@ -2714,7 +2714,7 @@ int __split_vma(struct mm_struct *mm, st - if (new->vm_ops && new->vm_ops->close) - new->vm_ops->close(new); - if (new->vm_file) -- fput(new->vm_file); -+ vma_fput(new); - unlink_anon_vmas(new); - out_free_mpol: - mpol_put(vma_policy(new)); -@@ -2906,7 +2906,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsign - struct vm_area_struct *vma; - unsigned long populate = 0; - unsigned long ret = -EINVAL; -- struct file *file; -+ struct file *file, *prfile; - - pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.\n", - current->comm, current->pid); -@@ -2981,10 +2981,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsign - } - } - -- file = get_file(vma->vm_file); -+ vma_get_file(vma); -+ file = vma->vm_file; -+ prfile = vma->vm_prfile; - ret = do_mmap_pgoff(vma->vm_file, start, size, - prot, flags, pgoff, &populate, NULL); -+ if (!IS_ERR_VALUE(ret) && file && prfile) { -+ struct vm_area_struct *new_vma; -+ -+ new_vma = find_vma(mm, ret); -+ if (!new_vma->vm_prfile) -+ new_vma->vm_prfile = prfile; -+ if (new_vma != vma) -+ get_file(prfile); -+ } -+ /* -+ * two fput()s instead of vma_fput(vma), -+ * coz vma may not be available anymore. -+ */ - fput(file); -+ if (prfile) -+ fput(prfile); - out: - up_write(&mm->mmap_sem); - if (populate) -@@ -3274,7 +3291,7 @@ struct vm_area_struct *copy_vma(struct v - if (anon_vma_clone(new_vma, vma)) - goto out_free_mempol; - if (new_vma->vm_file) -- get_file(new_vma->vm_file); -+ vma_get_file(new_vma); - if (new_vma->vm_ops && new_vma->vm_ops->open) - new_vma->vm_ops->open(new_vma); - vma_link(mm, new_vma, prev, rb_link, rb_parent); -Index: debian-kernel/mm/nommu.c -=================================================================== ---- debian-kernel.orig/mm/nommu.c -+++ debian-kernel/mm/nommu.c -@@ -552,7 +552,7 @@ static void __put_nommu_region(struct vm - up_write(&nommu_region_sem); - - if (region->vm_file) -- fput(region->vm_file); -+ vmr_fput(region); - - /* IO memory and memory shared directly out of the pagecache - * from ramfs/tmpfs mustn't be released here */ -@@ -690,7 +690,7 @@ static void delete_vma(struct mm_struct - if (vma->vm_ops && vma->vm_ops->close) - vma->vm_ops->close(vma); - if (vma->vm_file) -- fput(vma->vm_file); -+ vma_fput(vma); - put_nommu_region(vma->vm_region); - vm_area_free(vma); - } -@@ -1213,7 +1213,7 @@ unsigned long do_mmap(struct file *file, - goto error_just_free; - } - } -- fput(region->vm_file); -+ vmr_fput(region); - kmem_cache_free(vm_region_jar, region); - region = pregion; - result = start; -@@ -1290,10 +1290,10 @@ error_just_free: - up_write(&nommu_region_sem); - error: - if (region->vm_file) -- fput(region->vm_file); -+ vmr_fput(region); - kmem_cache_free(vm_region_jar, region); - if (vma->vm_file) -- fput(vma->vm_file); -+ vma_fput(vma); - vm_area_free(vma); - return ret; - -Index: debian-kernel/mm/prfile.c -=================================================================== ---- /dev/null -+++ debian-kernel/mm/prfile.c -@@ -0,0 +1,86 @@ -+// SPDX-License-Identifier: GPL-2.0 -+/* -+ * Mainly for aufs which mmap(2) different file and wants to print different -+ * path in /proc/PID/maps. -+ * Call these functions via macros defined in linux/mm.h. -+ * -+ * See Documentation/filesystems/aufs/design/06mmap.txt -+ * -+ * Copyright (c) 2014-2019 Junjro R. Okajima -+ * Copyright (c) 2014 Ian Campbell -+ */ -+ -+#include -+#include -+#include -+ -+/* #define PRFILE_TRACE */ -+static inline void prfile_trace(struct file *f, struct file *pr, -+ const char func[], int line, const char func2[]) -+{ -+#ifdef PRFILE_TRACE -+ if (pr) -+ pr_info("%s:%d: %s, %pD2\n", func, line, func2, f); -+#endif -+} -+ -+void vma_do_file_update_time(struct vm_area_struct *vma, const char func[], -+ int line) -+{ -+ struct file *f = vma->vm_file, *pr = vma->vm_prfile; -+ -+ prfile_trace(f, pr, func, line, __func__); -+ file_update_time(f); -+ if (f && pr) -+ file_update_time(pr); -+} -+ -+struct file *vma_do_pr_or_file(struct vm_area_struct *vma, const char func[], -+ int line) -+{ -+ struct file *f = vma->vm_file, *pr = vma->vm_prfile; -+ -+ prfile_trace(f, pr, func, line, __func__); -+ return (f && pr) ? pr : f; -+} -+ -+void vma_do_get_file(struct vm_area_struct *vma, const char func[], int line) -+{ -+ struct file *f = vma->vm_file, *pr = vma->vm_prfile; -+ -+ prfile_trace(f, pr, func, line, __func__); -+ get_file(f); -+ if (f && pr) -+ get_file(pr); -+} -+ -+void vma_do_fput(struct vm_area_struct *vma, const char func[], int line) -+{ -+ struct file *f = vma->vm_file, *pr = vma->vm_prfile; -+ -+ prfile_trace(f, pr, func, line, __func__); -+ fput(f); -+ if (f && pr) -+ fput(pr); -+} -+ -+#ifndef CONFIG_MMU -+struct file *vmr_do_pr_or_file(struct vm_region *region, const char func[], -+ int line) -+{ -+ struct file *f = region->vm_file, *pr = region->vm_prfile; -+ -+ prfile_trace(f, pr, func, line, __func__); -+ return (f && pr) ? pr : f; -+} -+ -+void vmr_do_fput(struct vm_region *region, const char func[], int line) -+{ -+ struct file *f = region->vm_file, *pr = region->vm_prfile; -+ -+ prfile_trace(f, pr, func, line, __func__); -+ fput(f); -+ if (f && pr) -+ fput(pr); -+} -+#endif /* !CONFIG_MMU */ diff --git a/debian/patches/features/all/aufs5/aufs5-standalone.patch b/debian/patches/features/all/aufs5/aufs5-standalone.patch deleted file mode 100644 index a5d576c45e36..000000000000 --- a/debian/patches/features/all/aufs5/aufs5-standalone.patch +++ /dev/null @@ -1,285 +0,0 @@ -From: J. R. Okajima -Date: Sat Aug 3 23:41:50 2019 +0900 -Subject: aufs5.x-rcN standalone patch -Origin: https://github.com/sfjro/aufs5-standalone/tree/3326ef6942b5e40f0ecc8248a6a77002d942ea7d -Bug-Debian: https://bugs.debian.org/541828 - -Patch headers added by debian/bin/genpatch-aufs - -SPDX-License-Identifier: GPL-2.0 -aufs5.x-rcN standalone patch - ---- a/fs/dcache.c -+++ b/fs/dcache.c -@@ -1369,6 +1369,7 @@ rename_retry: - seq = 1; - goto again; - } -+EXPORT_SYMBOL_GPL(d_walk); - - struct check_mount { - struct vfsmount *mnt; -@@ -2914,6 +2915,7 @@ void d_exchange(struct dentry *dentry1, - - write_sequnlock(&rename_lock); - } -+EXPORT_SYMBOL_GPL(d_exchange); - - /** - * d_ancestor - search for an ancestor ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -110,6 +110,7 @@ bool path_noexec(const struct path *path - return (path->mnt->mnt_flags & MNT_NOEXEC) || - (path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC); - } -+EXPORT_SYMBOL_GPL(path_noexec); - - #ifdef CONFIG_USELIB - /* ---- a/fs/fcntl.c -+++ b/fs/fcntl.c -@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, un - out: - return error; - } -+EXPORT_SYMBOL_GPL(setfl); - - static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, - int force) ---- a/fs/file_table.c -+++ b/fs/file_table.c -@@ -162,6 +162,7 @@ over: - } - return ERR_PTR(-ENFILE); - } -+EXPORT_SYMBOL_GPL(alloc_empty_file); - - /* - * Variant of alloc_empty_file() that doesn't check and modify nr_files. -@@ -375,6 +376,7 @@ void __fput_sync(struct file *file) - } - - EXPORT_SYMBOL(fput); -+EXPORT_SYMBOL_GPL(__fput_sync); - - void __init files_init(void) - { ---- a/fs/inode.c -+++ b/fs/inode.c -@@ -1682,6 +1682,7 @@ int update_time(struct inode *inode, str - - return update_time(inode, time, flags); - } -+EXPORT_SYMBOL_GPL(update_time); - - /** - * touch_atime - update the access time ---- a/fs/namespace.c -+++ b/fs/namespace.c -@@ -431,6 +431,7 @@ void __mnt_drop_write(struct vfsmount *m - mnt_dec_writers(real_mount(mnt)); - preempt_enable(); - } -+EXPORT_SYMBOL_GPL(__mnt_drop_write); - - /** - * mnt_drop_write - give up write access to a mount -@@ -781,6 +782,7 @@ int is_current_mnt_ns(struct vfsmount *m - { - return check_mnt(real_mount(mnt)); - } -+EXPORT_SYMBOL_GPL(is_current_mnt_ns); - - /* - * vfsmount lock must be held for write -@@ -1903,6 +1905,7 @@ int iterate_mounts(int (*f)(struct vfsmo - } - return 0; - } -+EXPORT_SYMBOL_GPL(iterate_mounts); - - static void lock_mnt_tree(struct mount *mnt) - { ---- a/fs/notify/group.c -+++ b/fs/notify/group.c -@@ -99,6 +99,7 @@ void fsnotify_get_group(struct fsnotify_ - { - refcount_inc(&group->refcnt); - } -+EXPORT_SYMBOL_GPL(fsnotify_get_group); - - /* - * Drop a reference to a group. Free it if it's through. ---- a/fs/open.c -+++ b/fs/open.c -@@ -65,6 +65,7 @@ int do_truncate(struct dentry *dentry, l - inode_unlock(dentry->d_inode); - return ret; - } -+EXPORT_SYMBOL_GPL(do_truncate); - - long vfs_truncate(const struct path *path, loff_t length) - { ---- a/fs/read_write.c -+++ b/fs/read_write.c -@@ -468,6 +468,7 @@ ssize_t vfs_read(struct file *file, char - - return ret; - } -+EXPORT_SYMBOL_GPL(vfs_read); - - static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos) - { -@@ -508,6 +509,7 @@ vfs_readf_t vfs_readf(struct file *file) - return new_sync_read; - return ERR_PTR(-ENOSYS); - } -+EXPORT_SYMBOL_GPL(vfs_readf); - - vfs_writef_t vfs_writef(struct file *file) - { -@@ -519,6 +521,7 @@ vfs_writef_t vfs_writef(struct file *fil - return new_sync_write; - return ERR_PTR(-ENOSYS); - } -+EXPORT_SYMBOL_GPL(vfs_writef); - - ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) - { -@@ -588,6 +591,7 @@ ssize_t vfs_write(struct file *file, con - - return ret; - } -+EXPORT_SYMBOL_GPL(vfs_write); - - /* file_ppos returns &file->f_pos or NULL if file is stream */ - static inline loff_t *file_ppos(struct file *file) ---- a/fs/splice.c -+++ b/fs/splice.c -@@ -847,6 +847,7 @@ long do_splice_from(struct pipe_inode_in - - return splice_write(pipe, out, ppos, len, flags); - } -+EXPORT_SYMBOL_GPL(do_splice_from); - - /* - * Attempt to initiate a splice from a file to a pipe. -@@ -876,6 +877,7 @@ long do_splice_to(struct file *in, loff_ - - return splice_read(in, ppos, pipe, len, flags); - } -+EXPORT_SYMBOL_GPL(do_splice_to); - - /** - * splice_direct_to_actor - splices data directly between two non-pipes ---- a/fs/sync.c -+++ b/fs/sync.c -@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block - sb->s_op->sync_fs(sb, wait); - return __sync_blockdev(sb->s_bdev, wait); - } -+EXPORT_SYMBOL_GPL(__sync_filesystem); - - /* - * Write out and wait upon all dirty data associated with this ---- a/fs/xattr.c -+++ b/fs/xattr.c -@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry - *xattr_value = value; - return error; - } -+EXPORT_SYMBOL_GPL(vfs_getxattr_alloc); - - ssize_t - __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, ---- a/kernel/locking/lockdep.c -+++ b/kernel/locking/lockdep.c -@@ -174,6 +174,7 @@ inline struct lock_class *lockdep_hlock_ - */ - return lock_classes + class_idx; - } -+EXPORT_SYMBOL_GPL(lockdep_hlock_class); - #define hlock_class(hlock) lockdep_hlock_class(hlock) - - #ifdef CONFIG_LOCK_STAT ---- a/kernel/task_work.c -+++ b/kernel/task_work.c -@@ -117,3 +117,4 @@ void task_work_run(void) - } while (work); - } - } -+EXPORT_SYMBOL_GPL(task_work_run); ---- a/security/device_cgroup.c -+++ b/security/device_cgroup.c -@@ -824,3 +824,4 @@ int __devcgroup_check_permission(short t - - return 0; - } -+EXPORT_SYMBOL_GPL(__devcgroup_check_permission); ---- a/security/security.c -+++ b/security/security.c -@@ -1040,6 +1040,7 @@ int security_path_rmdir(const struct pat - return 0; - return call_int_hook(path_rmdir, 0, dir, dentry); - } -+EXPORT_SYMBOL_GPL(security_path_rmdir); - - int security_path_unlink(const struct path *dir, struct dentry *dentry) - { -@@ -1056,6 +1057,7 @@ int security_path_symlink(const struct p - return 0; - return call_int_hook(path_symlink, 0, dir, dentry, old_name); - } -+EXPORT_SYMBOL_GPL(security_path_symlink); - - int security_path_link(struct dentry *old_dentry, const struct path *new_dir, - struct dentry *new_dentry) -@@ -1064,6 +1066,7 @@ int security_path_link(struct dentry *ol - return 0; - return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); - } -+EXPORT_SYMBOL_GPL(security_path_link); - - int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, - const struct path *new_dir, struct dentry *new_dentry, -@@ -1091,6 +1094,7 @@ int security_path_truncate(const struct - return 0; - return call_int_hook(path_truncate, 0, path); - } -+EXPORT_SYMBOL_GPL(security_path_truncate); - - int security_path_chmod(const struct path *path, umode_t mode) - { -@@ -1098,6 +1102,7 @@ int security_path_chmod(const struct pat - return 0; - return call_int_hook(path_chmod, 0, path, mode); - } -+EXPORT_SYMBOL_GPL(security_path_chmod); - - int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) - { -@@ -1105,6 +1110,7 @@ int security_path_chown(const struct pat - return 0; - return call_int_hook(path_chown, 0, path, uid, gid); - } -+EXPORT_SYMBOL_GPL(security_path_chown); - - int security_path_chroot(const struct path *path) - { -@@ -1205,6 +1211,7 @@ int security_inode_permission(struct ino - return 0; - return call_int_hook(inode_permission, 0, inode, mask); - } -+EXPORT_SYMBOL_GPL(security_inode_permission); - - int security_inode_setattr(struct dentry *dentry, struct iattr *attr) - { -@@ -1382,6 +1389,7 @@ int security_file_permission(struct file - - return fsnotify_perm(file, mask); - } -+EXPORT_SYMBOL_GPL(security_file_permission); - - int security_file_alloc(struct file *file) - { diff --git a/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch b/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch deleted file mode 100644 index 1a62acc5c763..000000000000 --- a/debian/patches/features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch +++ /dev/null @@ -1,63 +0,0 @@ -From: "Lee, Chun-Yi" -Date: Tue, 13 Mar 2018 18:37:59 +0800 -Subject: [PATCH 1/5] MODSIGN: do not load mok when secure boot disabled -Origin: https://lore.kernel.org/patchwork/patch/933173/ - -The mok can not be trusted when the secure boot is disabled. Which -means that the kernel embedded certificate is the only trusted key. - -Due to db/dbx are authenticated variables, they needs manufacturer's -KEK for update. So db/dbx are secure when secureboot disabled. - -Cc: David Howells -Cc: Josh Boyer -Cc: James Bottomley -Signed-off-by: "Lee, Chun-Yi" -[Rebased by Luca Boccassi] -[bwh: Forward-ported to 5.0: adjust filename] ---- - security/integrity/platform_certs/load_uefi.c | 26 +++++++++++++++----------- - 1 file changed, 15 insertions(+), 11 deletions(-) - ---- a/security/integrity/platform_certs/load_uefi.c -+++ b/security/integrity/platform_certs/load_uefi.c -@@ -173,17 +173,6 @@ static int __init load_uefi_certs(void) - } - } - -- rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok); -- if (rc < 0) { -- pr_info("Couldn't get UEFI MokListRT\n"); -- } else if (moksize != 0) { -- rc = parse_efi_signature_list("UEFI:MokListRT", -- mok, moksize, get_handler_for_db); -- if (rc) -- pr_err("Couldn't parse MokListRT signatures: %d\n", rc); -- kfree(mok); -- } -- - rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx); - if (rc < 0) { - pr_info("Couldn't get UEFI dbx list\n"); -@@ -196,6 +185,21 @@ static int __init load_uefi_certs(void) - kfree(dbx); - } - -+ /* the MOK can not be trusted when secure boot is disabled */ -+ if (!efi_enabled(EFI_SECURE_BOOT)) -+ return 0; -+ -+ rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok); -+ if (rc < 0) { -+ pr_info("Couldn't get UEFI MokListRT\n"); -+ } else if (moksize != 0) { -+ rc = parse_efi_signature_list("UEFI:MokListRT", -+ mok, moksize, get_handler_for_db); -+ if (rc) -+ pr_err("Couldn't parse MokListRT signatures: %d\n", rc); -+ kfree(mok); -+ } -+ - return rc; - } - late_initcall(load_uefi_certs); diff --git a/debian/patches/features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch b/debian/patches/features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch deleted file mode 100644 index 54539855f98c..000000000000 --- a/debian/patches/features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch +++ /dev/null @@ -1,59 +0,0 @@ -From: "Lee, Chun-Yi" -Date: Tue, 13 Mar 2018 18:38:01 +0800 -Subject: [PATCH 2/4] MODSIGN: load blacklist from MOKx -Origin: https://lore.kernel.org/patchwork/patch/933177/ - -This patch adds the logic to load the blacklisted hash and -certificates from MOKx which is maintained by shim bootloader. - -Cc: David Howells -Cc: Josh Boyer -Cc: James Bottomley -Signed-off-by: "Lee, Chun-Yi" -[Rebased by Luca Boccassi] -[bwh: Forward-ported to 5.0: adjust filename] ---- - security/integrity/platform_certs/load_uefi.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - ---- a/security/integrity/platform_certs/load_uefi.c -+++ b/security/integrity/platform_certs/load_uefi.c -@@ -149,8 +149,8 @@ static int __init load_uefi_certs(void) - { - efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID; - efi_guid_t mok_var = EFI_SHIM_LOCK_GUID; -- void *db = NULL, *dbx = NULL, *mok = NULL; -- unsigned long dbsize = 0, dbxsize = 0, moksize = 0; -+ void *db = NULL, *dbx = NULL, *mok = NULL, *mokx = NULL; -+ unsigned long dbsize = 0, dbxsize = 0, moksize = 0, mokxsize = 0; - int rc = 0; - - if (!efi.get_variable) -@@ -185,7 +185,7 @@ static int __init load_uefi_certs(void) - kfree(dbx); - } - -- /* the MOK can not be trusted when secure boot is disabled */ -+ /* the MOK and MOKx can not be trusted when secure boot is disabled */ - if (!efi_enabled(EFI_SECURE_BOOT)) - return 0; - -@@ -200,6 +200,18 @@ static int __init load_uefi_certs(void) - kfree(mok); - } - -+ rc = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &mokx); -+ if (rc < 0) { -+ pr_info("MODSIGN: Couldn't get UEFI MokListXRT\n"); -+ } else if (mokxsize != 0) { -+ rc = parse_efi_signature_list("UEFI:mokx", -+ mokx, mokxsize, -+ get_handler_for_dbx); -+ if (rc) -+ pr_err("Couldn't parse MokListXRT signatures: %d\n", rc); -+ kfree(mokx); -+ } -+ - return rc; - } - late_initcall(load_uefi_certs); diff --git a/debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch b/debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch deleted file mode 100644 index 263a4fa0232a..000000000000 --- a/debian/patches/features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch +++ /dev/null @@ -1,122 +0,0 @@ -From: "Lee, Chun-Yi" -Date: Tue, 13 Mar 2018 18:38:02 +0800 -Subject: [PATCH 3/4] MODSIGN: checking the blacklisted hash before loading a - kernel module -Origin: https://lore.kernel.org/patchwork/patch/933175/ - -This patch adds the logic for checking the kernel module's hash -base on blacklist. The hash must be generated by sha256 and enrolled -to dbx/mokx. - -For example: - sha256sum sample.ko - mokutil --mokx --import-hash $HASH_RESULT - -Whether the signature on ko file is stripped or not, the hash can be -compared by kernel. - -Cc: David Howells -Cc: Josh Boyer -Cc: James Bottomley -Signed-off-by: "Lee, Chun-Yi" -[Rebased by Luca Boccassi] ---- - kernel/module_signing.c | 59 +++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 57 insertions(+), 2 deletions(-) - -diff --git a/kernel/module_signing.c b/kernel/module_signing.c -index 9d9fc678c91d..0f041a21f418 100644 ---- a/kernel/module_signing.c -+++ b/kernel/module_signing.c -@@ -12,15 +12,62 @@ - #include - #include - #include -+#include -+#include - #include "module-internal.h" - -+static int mod_is_hash_blacklisted(const void *mod, size_t verifylen) -+{ -+ struct crypto_shash *tfm; -+ struct shash_desc *desc; -+ size_t digest_size, desc_size; -+ u8 *digest; -+ int ret = 0; -+ -+ tfm = crypto_alloc_shash("sha256", 0, 0); -+ if (IS_ERR(tfm)) -+ goto error_return; -+ -+ desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); -+ digest_size = crypto_shash_digestsize(tfm); -+ digest = kzalloc(digest_size + desc_size, GFP_KERNEL); -+ if (!digest) { -+ pr_err("digest memory buffer allocate fail\n"); -+ ret = -ENOMEM; -+ goto error_digest; -+ } -+ desc = (void *)digest + digest_size; -+ desc->tfm = tfm; -+ ret = crypto_shash_init(desc); -+ if (ret < 0) -+ goto error_shash; -+ -+ ret = crypto_shash_finup(desc, mod, verifylen, digest); -+ if (ret < 0) -+ goto error_shash; -+ -+ pr_debug("%ld digest: %*phN\n", verifylen, (int) digest_size, digest); -+ -+ ret = is_hash_blacklisted(digest, digest_size, "bin"); -+ if (ret == -EKEYREJECTED) -+ pr_err("Module hash %*phN is blacklisted\n", -+ (int) digest_size, digest); -+ -+error_shash: -+ kfree(digest); -+error_digest: -+ crypto_free_shash(tfm); -+error_return: -+ return ret; -+} -+ - /* - * Verify the signature on a module. - */ - int mod_verify_sig(const void *mod, struct load_info *info) - { - struct module_signature ms; -- size_t sig_len, modlen = info->len; -+ size_t sig_len, modlen = info->len, wholelen; - int ret; - - pr_devel("==>%s(,%zu)\n", __func__, modlen); -@@ -28,6 +75,7 @@ int mod_verify_sig(const void *mod, struct load_info *info) - if (modlen <= sizeof(ms)) - return -EBADMSG; - -+ wholelen = modlen + sizeof(MODULE_SIG_STRING) - 1; - memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms)); - - ret = mod_check_sig(&ms, modlen, info->name); -@@ -38,8 +86,15 @@ int mod_verify_sig(const void *mod, struct load_info *info) - modlen -= sig_len + sizeof(ms); - info->len = modlen; - -- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, -+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, - VERIFY_USE_SECONDARY_KEYRING, - VERIFYING_MODULE_SIGNATURE, - NULL, NULL); -+ pr_devel("verify_pkcs7_signature() = %d\n", ret); -+ -+ /* checking hash of module is in blacklist */ -+ if (!ret) -+ ret = mod_is_hash_blacklisted(mod, wholelen); -+ -+ return ret; - } --- -2.23.0 - diff --git a/debian/patches/features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch b/debian/patches/features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch deleted file mode 100644 index 66fa16f40cba..000000000000 --- a/debian/patches/features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch +++ /dev/null @@ -1,107 +0,0 @@ -From: "Lee, Chun-Yi" -Date: Tue, 13 Mar 2018 18:38:03 +0800 -Subject: [PATCH 4/4] MODSIGN: check the attributes of db and mok -Origin: https://lore.kernel.org/patchwork/patch/933176/ - -That's better for checking the attributes of db and mok variables -before loading certificates to kernel keyring. - -For db and dbx, both of them are authenticated variables. Which -means that they can only be modified by manufacturer's key. So -the kernel should checks EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS -attribute before we trust it. - -For mok-rt and mokx-rt, both of them are created by shim boot loader -to forward the mok/mokx content to runtime. They must be runtime-volatile -variables. So kernel should checks that the attributes map did not set -EFI_VARIABLE_NON_VOLATILE bit before we trust it. - -Cc: David Howells -Cc: Josh Boyer -Cc: James Bottomley -Signed-off-by: "Lee, Chun-Yi" -[Rebased by Luca Boccassi] -[bwh: Forward-ported to 5.0: adjust filename, context] ---- - .../platform_certs/load_uefi.c | 35 +++++++++++++++++++++++------------ - 1 file changed, 23 insertions(+), 12 deletions(-) - ---- a/security/integrity/platform_certs/load_uefi.c -+++ b/security/integrity/platform_certs/load_uefi.c -@@ -39,12 +39,14 @@ static __init bool uefi_check_ignore_db( - * Get a certificate list blob from the named EFI variable. - */ - static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, -- unsigned long *size, void **cert_list) -+ unsigned long *size, void **cert_list, -+ u32 pos_attr, u32 neg_attr) - { - efi_status_t status; - unsigned long lsize = 4; - unsigned long tmpdb[4]; - void *db; -+ u32 attr = 0; - - status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); - if (status == EFI_NOT_FOUND) { -@@ -62,12 +64,19 @@ static __init int get_cert_list(efi_char - if (!db) - return -ENOMEM; - -- status = efi.get_variable(name, guid, NULL, &lsize, db); -+ status = efi.get_variable(name, guid, &attr, &lsize, db); - if (status != EFI_SUCCESS) { - kfree(db); - pr_err("Error reading db var: 0x%lx\n", status); - return efi_status_to_err(status); - } -+ /* must have positive attributes and no negative attributes */ -+ if ((pos_attr && !(attr & pos_attr)) || -+ (neg_attr && (attr & neg_attr))) { -+ kfree(db); -+ pr_err("Error reading db var attributes: 0x%016x\n", attr); -+ return -1; -+ } - - *size = lsize; - *cert_list = db; -@@ -160,7 +169,8 @@ static int __init load_uefi_certs(void) - * an error if we can't get them. - */ - if (!uefi_check_ignore_db()) { -- rc = get_cert_list(L"db", &secure_var, &dbsize, &db); -+ rc = get_cert_list(L"db", &secure_var, &dbsize, &db, -+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, 0); - if (rc < 0) { - pr_err("MODSIGN: Couldn't get UEFI db list\n"); - } else if (dbsize != 0) { -@@ -173,7 +183,8 @@ static int __init load_uefi_certs(void) - } - } - -- rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx); -+ rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx, -+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS, 0); - if (rc < 0) { - pr_info("Couldn't get UEFI dbx list\n"); - } else if (dbxsize != 0) { -@@ -189,7 +200,8 @@ static int __init load_uefi_certs(void) - if (!efi_enabled(EFI_SECURE_BOOT)) - return 0; - -- rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok); -+ rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok, -+ 0, EFI_VARIABLE_NON_VOLATILE); - if (rc < 0) { - pr_info("Couldn't get UEFI MokListRT\n"); - } else if (moksize != 0) { -@@ -200,7 +212,8 @@ static int __init load_uefi_certs(void) - kfree(mok); - } - -- rc = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &mokx); -+ rc = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &mokx, -+ 0, EFI_VARIABLE_NON_VOLATILE); - if (rc < 0) { - pr_info("MODSIGN: Couldn't get UEFI MokListXRT\n"); - } else if (mokxsize != 0) { diff --git a/debian/patches/features/all/db-mok-keyring/0006-Make-get_cert_list-not-complain-about-cert-lists-tha.patch b/debian/patches/features/all/db-mok-keyring/0006-Make-get_cert_list-not-complain-about-cert-lists-tha.patch deleted file mode 100644 index e0eaa87760d7..000000000000 --- a/debian/patches/features/all/db-mok-keyring/0006-Make-get_cert_list-not-complain-about-cert-lists-tha.patch +++ /dev/null @@ -1,103 +0,0 @@ -From: Peter Jones -Date: Mon, 2 Oct 2017 18:25:29 -0400 -Subject: [PATCH 6/7] Make get_cert_list() not complain about cert lists that - aren't present. -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/jforbes/linux.git/commit/?id=0f4d5c7b49b45e7cf038bb769e33451b78a6445d - -Signed-off-by: Peter Jones -[bwh: Forward-ported to 5.0: adjust filename, context] ---- - .../platform_certs/load_uefi.c | 37 ++++++++++++++++++++++--------------- - 1 file changed, 22 insertions(+), 15 deletions(-) - ---- a/security/integrity/platform_certs/load_uefi.c -+++ b/security/integrity/platform_certs/load_uefi.c -@@ -38,8 +38,8 @@ static __init bool uefi_check_ignore_db( - /* - * Get a certificate list blob from the named EFI variable. - */ --static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, -- unsigned long *size) -+static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, -+ unsigned long *size, void **cert_list) - { - efi_status_t status; - unsigned long lsize = 4; -@@ -47,24 +47,31 @@ static __init void *get_cert_list(efi_ch - void *db; - - status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); -+ if (status == EFI_NOT_FOUND) { -+ *size = 0; -+ *cert_list = NULL; -+ return 0; -+ } -+ - if (status != EFI_BUFFER_TOO_SMALL) { - pr_err("Couldn't get size: 0x%lx\n", status); -- return NULL; -+ return efi_status_to_err(status); - } - - db = kmalloc(lsize, GFP_KERNEL); - if (!db) -- return NULL; -+ return -ENOMEM; - - status = efi.get_variable(name, guid, NULL, &lsize, db); - if (status != EFI_SUCCESS) { - kfree(db); - pr_err("Error reading db var: 0x%lx\n", status); -- return NULL; -+ return efi_status_to_err(status); - } - - *size = lsize; -- return db; -+ *cert_list = db; -+ return 0; - } - - /* -@@ -153,10 +160,10 @@ static int __init load_uefi_certs(void) - * an error if we can't get them. - */ - if (!uefi_check_ignore_db()) { -- db = get_cert_list(L"db", &secure_var, &dbsize); -- if (!db) { -+ rc = get_cert_list(L"db", &secure_var, &dbsize, &db); -+ if (rc < 0) { - pr_err("MODSIGN: Couldn't get UEFI db list\n"); -- } else { -+ } else if (dbsize != 0) { - rc = parse_efi_signature_list("UEFI:db", - db, dbsize, get_handler_for_db); - if (rc) -@@ -166,10 +173,10 @@ static int __init load_uefi_certs(void) - } - } - -- mok = get_cert_list(L"MokListRT", &mok_var, &moksize); -- if (!mok) { -+ rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok); -+ if (rc < 0) { - pr_info("Couldn't get UEFI MokListRT\n"); -- } else { -+ } else if (moksize != 0) { - rc = parse_efi_signature_list("UEFI:MokListRT", - mok, moksize, get_handler_for_db); - if (rc) -@@ -177,10 +184,10 @@ static int __init load_uefi_certs(void) - kfree(mok); - } - -- dbx = get_cert_list(L"dbx", &secure_var, &dbxsize); -- if (!dbx) { -+ rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx); -+ if (rc < 0) { - pr_info("Couldn't get UEFI dbx list\n"); -- } else { -+ } else if (dbxsize != 0) { - rc = parse_efi_signature_list("UEFI:dbx", - dbx, dbxsize, - get_handler_for_dbx); diff --git a/debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch b/debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch deleted file mode 100644 index f00bf3d243ae..000000000000 --- a/debian/patches/features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Robert Holmes -Date: Tue, 23 Apr 2019 07:39:29 +0000 -Subject: [PATCH] KEYS: Make use of platform keyring for module signature - verify -Bug-Debian: https://bugs.debian.org/935945 -Origin: https://src.fedoraproject.org/rpms/kernel/raw/master/f/KEYS-Make-use-of-platform-keyring-for-module-signature.patch - -This patch completes commit 278311e417be ("kexec, KEYS: Make use of -platform keyring for signature verify") which, while adding the -platform keyring for bzImage verification, neglected to also add -this keyring for module verification. - -As such, kernel modules signed with keys from the MokList variable -were not successfully verified. - -Signed-off-by: Robert Holmes -Signed-off-by: Jeremy Cline ---- - kernel/module_signing.c | 16 ++++++++++++---- - 1 file changed, 12 insertions(+), 4 deletions(-) - ---- a/kernel/module_signing.c -+++ b/kernel/module_signing.c -@@ -135,6 +135,13 @@ int mod_verify_sig(const void *mod, stru - VERIFYING_MODULE_SIGNATURE, - NULL, NULL); - pr_devel("verify_pkcs7_signature() = %d\n", ret); -+ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { -+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, -+ VERIFY_USE_PLATFORM_KEYRING, -+ VERIFYING_MODULE_SIGNATURE, -+ NULL, NULL); -+ pr_devel("verify_pkcs7_signature() = %d\n", ret); -+ } - - /* checking hash of module is in blacklist */ - if (!ret) diff --git a/debian/patches/features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch b/debian/patches/features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch deleted file mode 100644 index 2ae3ddde4cd7..000000000000 --- a/debian/patches/features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Ben Hutchings -Date: Sun, 05 May 2019 13:45:06 +0100 -Subject: MODSIGN: Make shash allocation failure fatal - -mod_is_hash_blacklisted() currently returns 0 (suceess) if -crypto_alloc_shash() fails. This should instead be a fatal error, -so unwrap and pass up the error code. - -Signed-off-by: Ben Hutchings ---- ---- a/kernel/module_signing.c -+++ b/kernel/module_signing.c -@@ -51,11 +51,13 @@ static int mod_is_hash_blacklisted(const - struct shash_desc *desc; - size_t digest_size, desc_size; - u8 *digest; -- int ret = 0; -+ int ret; - - tfm = crypto_alloc_shash("sha256", 0, 0); -- if (IS_ERR(tfm)) -+ if (IS_ERR(tfm)) { -+ ret = PTR_ERR(tfm); - goto error_return; -+ } - - desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); - digest_size = crypto_shash_digestsize(tfm); diff --git a/debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch b/debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch deleted file mode 100644 index d40c58db63e9..000000000000 --- a/debian/patches/features/all/drivers-media-dvb-usb-af9005-request_firmware.patch +++ /dev/null @@ -1,145 +0,0 @@ -From: Ben Hutchings -Date: Mon, 24 Aug 2009 23:19:58 +0100 -Subject: af9005: Use request_firmware() to load register init script -Forwarded: no - -Read the register init script from the Windows driver. This is sick -but should avoid the potential copyright infringement in distributing -a version of the script which is directly derived from the driver. ---- - drivers/media/dvb/dvb-usb/Kconfig | 2 +- - drivers/media/dvb/dvb-usb/af9005-fe.c | 66 ++++++++++++++++++++++++++------ - 2 files changed, 54 insertions(+), 14 deletions(-) - ---- a/drivers/media/usb/dvb-usb/Kconfig -+++ b/drivers/media/usb/dvb-usb/Kconfig -@@ -246,10 +246,10 @@ config DVB_USB_OPERA1 - - config DVB_USB_AF9005 - tristate "Afatech AF9005 DVB-T USB1.1 support" -- depends on BROKEN - depends on DVB_USB - select MEDIA_TUNER_MT2060 if MEDIA_SUBDRV_AUTOSELECT - select MEDIA_TUNER_QT1010 if MEDIA_SUBDRV_AUTOSELECT -+ select FW_LOADER - help - Say Y here to support the Afatech AF9005 based DVB-T USB1.1 receiver - and the TerraTec Cinergy T USB XE (Rev.1) ---- a/drivers/media/usb/dvb-usb/af9005-fe.c -+++ b/drivers/media/usb/dvb-usb/af9005-fe.c -@@ -18,10 +18,26 @@ - * see Documentation/media/dvb-drivers/dvb-usb.rst for more information - */ - #include "af9005.h" --#include "af9005-script.h" - #include "mt2060.h" - #include "qt1010.h" - #include -+#include -+ -+/* Register initialisation script to be extracted from the Windows driver */ -+ -+typedef struct { -+ __le16 reg; -+ u8 pos; -+ u8 len; -+ u8 val; -+ u8 pad; -+} __packed RegDesc; -+ -+#define WIN_DRV_NAME "AF05BDA.sys" -+#define WIN_DRV_VERSION "6.3.2.1" -+#define WIN_DRV_SIZE 133504 -+#define WIN_DRV_SCRIPT_OFFSET 88316 -+#define WIN_DRV_SCRIPT_SIZE 1110 - - struct af9005_fe_state { - struct dvb_usb_device *d; -@@ -813,6 +829,8 @@ static int af9005_fe_init(struct dvb_fro - { - struct af9005_fe_state *state = fe->demodulator_priv; - struct dvb_usb_adapter *adap = fe->dvb->priv; -+ const struct firmware *fw; -+ const RegDesc *script; - int ret, i, scriptlen; - u8 temp, temp0 = 0, temp1 = 0, temp2 = 0; - u8 buf[2]; -@@ -965,37 +983,55 @@ static int af9005_fe_init(struct dvb_fro - if ((ret = af9005_write_ofdm_register(state->d, 0xaefb, 0x01))) - return ret; - -- /* load init script */ -- deb_info("load init script\n"); -- scriptlen = sizeof(script) / sizeof(RegDesc); -+ /* load and validate init script */ -+ deb_info("load init script from Windows driver\n"); -+ ret = request_firmware(&fw, WIN_DRV_NAME, &state->d->udev->dev); -+ if (ret) -+ return ret; -+ BUILD_BUG_ON(sizeof(RegDesc) != 6); -+ if (fw->size != WIN_DRV_SIZE || -+ memcmp(fw->data + WIN_DRV_SCRIPT_OFFSET, -+ "\x80\xa1\x00\x08\x0a\x00", 6) || -+ memcmp(fw->data + WIN_DRV_SCRIPT_OFFSET + WIN_DRV_SCRIPT_SIZE - 6, -+ "\x49\xa3\x00\x06\x02\x00", 6)) { -+ err("%s is invalid - should be version %s, size %u bytes\n", -+ WIN_DRV_NAME, WIN_DRV_VERSION, WIN_DRV_SIZE); -+ ret = -EINVAL; -+ goto fail_release; -+ } -+ -+ script = (const RegDesc *)(fw->data + WIN_DRV_SCRIPT_OFFSET); -+ scriptlen = WIN_DRV_SCRIPT_SIZE / sizeof(RegDesc); - for (i = 0; i < scriptlen; i++) { -+ u16 reg = le16_to_cpu(script[i].reg); - if ((ret = -- af9005_write_register_bits(state->d, script[i].reg, -+ af9005_write_register_bits(state->d, reg, - script[i].pos, - script[i].len, script[i].val))) -- return ret; -+ goto fail_release; - /* save 3 bytes of original fcw */ -- if (script[i].reg == 0xae18) -+ if (reg == 0xae18) - temp2 = script[i].val; -- if (script[i].reg == 0xae19) -+ if (reg == 0xae19) - temp1 = script[i].val; -- if (script[i].reg == 0xae1a) -+ if (reg == 0xae1a) - temp0 = script[i].val; - - /* save original unplug threshold */ -- if (script[i].reg == xd_p_reg_unplug_th) -+ if (reg == xd_p_reg_unplug_th) - state->original_if_unplug_th = script[i].val; -- if (script[i].reg == xd_p_reg_unplug_rf_gain_th) -+ if (reg == xd_p_reg_unplug_rf_gain_th) - state->original_rf_unplug_th = script[i].val; -- if (script[i].reg == xd_p_reg_unplug_dtop_if_gain_th) -+ if (reg == xd_p_reg_unplug_dtop_if_gain_th) - state->original_dtop_if_unplug_th = script[i].val; -- if (script[i].reg == xd_p_reg_unplug_dtop_rf_gain_th) -+ if (reg == xd_p_reg_unplug_dtop_rf_gain_th) - state->original_dtop_rf_unplug_th = script[i].val; - - } - state->original_fcw = - ((u32) temp2 << 16) + ((u32) temp1 << 8) + (u32) temp0; - -+ release_firmware(fw); - - /* save original TOPs */ - deb_info("save original TOPs\n"); -@@ -1075,6 +1111,10 @@ static int af9005_fe_init(struct dvb_fro - - deb_info("profit!\n"); - return 0; -+ -+fail_release: -+ release_firmware(fw); -+ return ret; - } - - static int af9005_fe_sleep(struct dvb_frontend *fe) diff --git a/debian/patches/features/all/lockdown/add-a-sysrq-option-to-lift-kernel-lockdown.patch b/debian/patches/features/all/lockdown/add-a-sysrq-option-to-lift-kernel-lockdown.patch deleted file mode 100644 index 2e4090a2d9f7..000000000000 --- a/debian/patches/features/all/lockdown/add-a-sysrq-option-to-lift-kernel-lockdown.patch +++ /dev/null @@ -1,270 +0,0 @@ -From: Kyle McMartin -Date: Mon, 18 Feb 2019 12:44:57 +0000 -Subject: [02/30] Add a SysRq option to lift kernel lockdown -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a420ebff9e6d0153119096706918e3925ea860fc - -Make an option to provide a sysrq key that will lift the kernel lockdown, -thereby allowing the running kernel image to be accessed and modified. - -On x86 this is triggered with SysRq+x, but this key may not be available on -all arches, so it is set by setting LOCKDOWN_LIFT_KEY in asm/setup.h. -Since this macro must be defined in an arch to be able to use this facility -for that arch, the Kconfig option is restricted to arches that support it. - -Signed-off-by: Kyle McMartin -Signed-off-by: David Howells -cc: x86@kernel.org -[bwh: Forward-ported to upstream lockdown: - - Change config dependency to SECURITY_LOCKDOWN_LSM - - Compare kernel_locked_down with LOCKDOWN_NONE instead of treating it - as a bool - - Adjust filenames, context] ---- - arch/x86/include/asm/setup.h | 2 + - drivers/input/misc/uinput.c | 1 - drivers/tty/sysrq.c | 19 +++++++++++----- - include/linux/input.h | 5 ++++ - include/linux/sysrq.h | 8 ++++++- - kernel/debug/kdb/kdb_main.c | 2 - - security/lockdown/Kconfig | 9 +++++++ - security/lockdown/lockdown.c | 49 ++++++++++++++++++++++++++++++++++++++++++- - 8 files changed, 86 insertions(+), 9 deletions(-) - ---- a/arch/x86/include/asm/setup.h -+++ b/arch/x86/include/asm/setup.h -@@ -9,6 +9,8 @@ - #include - #include - -+#define LOCKDOWN_LIFT_KEY 'x' -+ - #ifdef __i386__ - - #include ---- a/drivers/input/misc/uinput.c -+++ b/drivers/input/misc/uinput.c -@@ -353,6 +353,7 @@ static int uinput_create_device(struct u - dev->flush = uinput_dev_flush; - } - -+ dev->flags |= INPUTDEV_FLAGS_SYNTHETIC; - dev->event = uinput_dev_event; - - input_set_drvdata(udev->dev, udev); ---- a/drivers/tty/sysrq.c -+++ b/drivers/tty/sysrq.c -@@ -480,6 +480,7 @@ static struct sysrq_key_op *sysrq_key_ta - /* x: May be registered on mips for TLB dump */ - /* x: May be registered on ppc/powerpc for xmon */ - /* x: May be registered on sparc64 for global PMU dump */ -+ /* x: May be registered on x86_64 for disabling secure boot */ - NULL, /* x */ - /* y: May be registered on sparc64 for global register dump */ - NULL, /* y */ -@@ -523,7 +524,7 @@ static void __sysrq_put_key_op(int key, - sysrq_key_table[i] = op_p; - } - --void __handle_sysrq(int key, bool check_mask) -+void __handle_sysrq(int key, unsigned int from) - { - struct sysrq_key_op *op_p; - int orig_log_level; -@@ -546,11 +547,15 @@ void __handle_sysrq(int key, bool check_ - - op_p = __sysrq_get_key_op(key); - if (op_p) { -+ /* Ban synthetic events from some sysrq functionality */ -+ if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) && -+ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) -+ printk("This sysrq operation is disabled from userspace.\n"); - /* - * Should we check for enabled operations (/proc/sysrq-trigger - * should not) and is the invoked operation enabled? - */ -- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) { -+ if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) { - pr_info("%s\n", op_p->action_msg); - console_loglevel = orig_log_level; - op_p->handler(key); -@@ -585,7 +590,7 @@ void __handle_sysrq(int key, bool check_ - void handle_sysrq(int key) - { - if (sysrq_on()) -- __handle_sysrq(key, true); -+ __handle_sysrq(key, SYSRQ_FROM_KERNEL); - } - EXPORT_SYMBOL(handle_sysrq); - -@@ -665,7 +670,7 @@ static void sysrq_do_reset(struct timer_ - static void sysrq_handle_reset_request(struct sysrq_state *state) - { - if (state->reset_requested) -- __handle_sysrq(sysrq_xlate[KEY_B], false); -+ __handle_sysrq(sysrq_xlate[KEY_B], SYSRQ_FROM_KERNEL); - - if (sysrq_reset_downtime_ms) - mod_timer(&state->keyreset_timer, -@@ -818,8 +823,10 @@ static bool sysrq_handle_keypress(struct - - default: - if (sysrq->active && value && value != 2) { -+ int from = sysrq->handle.dev->flags & INPUTDEV_FLAGS_SYNTHETIC ? -+ SYSRQ_FROM_SYNTHETIC : 0; - sysrq->need_reinject = false; -- __handle_sysrq(sysrq_xlate[code], true); -+ __handle_sysrq(sysrq_xlate[code], from); - } - break; - } -@@ -1102,7 +1109,7 @@ static ssize_t write_sysrq_trigger(struc - - if (get_user(c, buf)) - return -EFAULT; -- __handle_sysrq(c, false); -+ __handle_sysrq(c, SYSRQ_FROM_PROC); - } - - return count; ---- a/include/linux/input.h -+++ b/include/linux/input.h -@@ -48,6 +48,7 @@ enum input_clock_type { - * @phys: physical path to the device in the system hierarchy - * @uniq: unique identification code for the device (if device has it) - * @id: id of the device (struct input_id) -+ * @flags: input device flags (SYNTHETIC, etc.) - * @propbit: bitmap of device properties and quirks - * @evbit: bitmap of types of events supported by the device (EV_KEY, - * EV_REL, etc.) -@@ -134,6 +135,8 @@ struct input_dev { - const char *uniq; - struct input_id id; - -+ unsigned int flags; -+ - unsigned long propbit[BITS_TO_LONGS(INPUT_PROP_CNT)]; - - unsigned long evbit[BITS_TO_LONGS(EV_CNT)]; -@@ -204,6 +207,8 @@ struct input_dev { - }; - #define to_input_dev(d) container_of(d, struct input_dev, dev) - -+#define INPUTDEV_FLAGS_SYNTHETIC 0x000000001 -+ - /* - * Verify that we are in sync with input_device_id mod_devicetable.h #defines - */ ---- a/include/linux/sysrq.h -+++ b/include/linux/sysrq.h -@@ -29,6 +29,8 @@ - #define SYSRQ_ENABLE_BOOT 0x0080 - #define SYSRQ_ENABLE_RTNICE 0x0100 - -+#define SYSRQ_DISABLE_USERSPACE 0x00010000 -+ - struct sysrq_key_op { - void (*handler)(int); - char *help_msg; -@@ -43,8 +45,12 @@ struct sysrq_key_op { - * are available -- else NULL's). - */ - -+#define SYSRQ_FROM_KERNEL 0x0001 -+#define SYSRQ_FROM_PROC 0x0002 -+#define SYSRQ_FROM_SYNTHETIC 0x0004 -+ - void handle_sysrq(int key); --void __handle_sysrq(int key, bool check_mask); -+void __handle_sysrq(int key, unsigned int from); - int register_sysrq_key(int key, struct sysrq_key_op *op); - int unregister_sysrq_key(int key, struct sysrq_key_op *op); - struct sysrq_key_op *__sysrq_get_key_op(int key); ---- a/kernel/debug/kdb/kdb_main.c -+++ b/kernel/debug/kdb/kdb_main.c -@@ -1981,7 +1981,7 @@ static int kdb_sr(int argc, const char * - return KDB_ARGCOUNT; - - kdb_trap_printk++; -- __handle_sysrq(*argv[1], check_mask); -+ __handle_sysrq(*argv[1], check_mask ? SYSRQ_FROM_KERNEL : 0); - kdb_trap_printk--; - - return 0; ---- a/security/lockdown/Kconfig -+++ b/security/lockdown/Kconfig -@@ -60,3 +60,12 @@ config LOCK_DOWN_IN_EFI_SECURE_BOOT - - Enabling this option results in kernel lockdown being - triggered in confidentiality mode if EFI Secure Boot is set. -+ -+config ALLOW_LOCKDOWN_LIFT_BY_SYSRQ -+ bool "Allow the kernel lockdown to be lifted by SysRq" -+ depends on SECURITY_LOCKDOWN_LSM -+ depends on MAGIC_SYSRQ -+ depends on X86 -+ help -+ Allow the lockdown on a kernel to be lifted, by pressing a SysRq key -+ combination on a wired keyboard. ---- a/security/lockdown/lockdown.c -+++ b/security/lockdown/lockdown.c -@@ -13,8 +13,14 @@ - #include - #include - #include -+#include -+#include - --static enum lockdown_reason kernel_locked_down; -+#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ -+static __read_mostly enum lockdown_reason kernel_locked_down; -+#else -+static __ro_after_init enum lockdown_reason kernel_locked_down; -+#endif - - static const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { - [LOCKDOWN_NONE] = "none", -@@ -189,3 +195,44 @@ DEFINE_LSM(lockdown) = { - .name = "lockdown", - .init = lockdown_lsm_init, - }; -+ -+#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ -+ -+/* -+ * Take the kernel out of lockdown mode. -+ */ -+static void lift_kernel_lockdown(void) -+{ -+ pr_notice("Lifting lockdown\n"); -+ kernel_locked_down = LOCKDOWN_NONE; -+} -+ -+/* -+ * Allow lockdown to be lifted by pressing something like SysRq+x (and not by -+ * echoing the appropriate letter into the sysrq-trigger file). -+ */ -+static void sysrq_handle_lockdown_lift(int key) -+{ -+ if (kernel_locked_down != LOCKDOWN_NONE) -+ lift_kernel_lockdown(); -+} -+ -+static struct sysrq_key_op lockdown_lift_sysrq_op = { -+ .handler = sysrq_handle_lockdown_lift, -+ .help_msg = "unSB(x)", -+ .action_msg = "Disabling Secure Boot restrictions", -+ .enable_mask = SYSRQ_DISABLE_USERSPACE, -+}; -+ -+static int __init lockdown_lift_sysrq(void) -+{ -+ if (kernel_locked_down != LOCKDOWN_NONE) { -+ lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY; -+ register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op); -+ } -+ return 0; -+} -+ -+late_initcall(lockdown_lift_sysrq); -+ -+#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ */ diff --git a/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch b/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch deleted file mode 100644 index 92e567375525..000000000000 --- a/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch +++ /dev/null @@ -1,86 +0,0 @@ -From: Linn Crosetto -Date: Tue, 30 Aug 2016 11:54:38 -0600 -Subject: arm64: add kernel config option to lock down when in Secure Boot mode -Bug-Debian: https://bugs.debian.org/831827 -Forwarded: no - -Add a kernel configuration option to lock down the kernel, to restrict -userspace's ability to modify the running kernel when UEFI Secure Boot is -enabled. Based on the x86 patch by Matthew Garrett. - -Determine the state of Secure Boot in the EFI stub and pass this to the -kernel using the FDT. - -Signed-off-by: Linn Crosetto -[bwh: Forward-ported to 4.10: adjust context] -[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] -[bwh: Forward-ported to 4.15 and lockdown patch set: - - Pass result of efi_get_secureboot() in stub through to - efi_set_secure_boot() in main kernel - - Use lockdown API and naming] -[bwh: Forward-ported to 4.19.3: adjust context in update_fdt()] -[dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection] -[bwh: Drop call to init_lockdown(), as efi_set_secure_boot() now calls this] ---- - drivers/firmware/efi/arm-init.c | 4 ++++ - drivers/firmware/efi/efi.c | 3 ++- - drivers/firmware/efi/libstub/fdt.c | 6 ++++++ - include/linux/efi.h | 1 + - 4 files changed, 13 insertions(+), 1 deletion(-) - ---- a/drivers/firmware/efi/arm-init.c -+++ b/drivers/firmware/efi/arm-init.c -@@ -17,6 +17,7 @@ - #include - #include - #include -+#include - - #include - -@@ -253,6 +254,8 @@ void __init efi_init(void) - return; - } - -+ efi_set_secure_boot(params.secure_boot); -+ - reserve_regions(); - efi_esrt_init(); - ---- a/drivers/firmware/efi/efi.c -+++ b/drivers/firmware/efi/efi.c -@@ -688,7 +688,8 @@ static __initdata struct params fdt_para - UEFI_PARAM("MemMap Address", "linux,uefi-mmap-start", mmap), - UEFI_PARAM("MemMap Size", "linux,uefi-mmap-size", mmap_size), - UEFI_PARAM("MemMap Desc. Size", "linux,uefi-mmap-desc-size", desc_size), -- UEFI_PARAM("MemMap Desc. Version", "linux,uefi-mmap-desc-ver", desc_ver) -+ UEFI_PARAM("MemMap Desc. Version", "linux,uefi-mmap-desc-ver", desc_ver), -+ UEFI_PARAM("Secure Boot Enabled", "linux,uefi-secure-boot", secure_boot) - }; - - static __initdata struct params xen_fdt_params[] = { ---- a/drivers/firmware/efi/libstub/fdt.c -+++ b/drivers/firmware/efi/libstub/fdt.c -@@ -151,6 +151,12 @@ static efi_status_t update_fdt(efi_syste - } - } - -+ fdt_val32 = cpu_to_fdt32(efi_get_secureboot(sys_table)); -+ status = fdt_setprop(fdt, node, "linux,uefi-secure-boot", -+ &fdt_val32, sizeof(fdt_val32)); -+ if (status) -+ goto fdt_set_fail; -+ - /* Shrink the FDT back to its minimum size: */ - fdt_pack(fdt); - ---- a/include/linux/efi.h -+++ b/include/linux/efi.h -@@ -808,6 +808,7 @@ struct efi_fdt_params { - u32 mmap_size; - u32 desc_size; - u32 desc_ver; -+ u32 secure_boot; - }; - - typedef struct { diff --git a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch deleted file mode 100644 index beb3afa5cdc6..000000000000 --- a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch +++ /dev/null @@ -1,145 +0,0 @@ -From: David Howells -Date: Mon, 18 Feb 2019 12:45:03 +0000 -Subject: [28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a5d70c55c603233c192b375f72116a395909da28 - -UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT -flag that can be passed to efi_enabled() to find out whether secure boot is -enabled. - -Move the switch-statement in x86's setup_arch() that inteprets the -secure_boot boot parameter to generic code and set the bit there. - -Suggested-by: Ard Biesheuvel -Signed-off-by: David Howells -Reviewed-by: Ard Biesheuvel -cc: linux-efi@vger.kernel.org ---- - arch/x86/kernel/setup.c | 14 +---------- - drivers/firmware/efi/Makefile | 1 + - drivers/firmware/efi/secureboot.c | 39 +++++++++++++++++++++++++++++++ - include/linux/efi.h | 16 ++++++++----- - 4 files changed, 51 insertions(+), 19 deletions(-) - create mode 100644 drivers/firmware/efi/secureboot.c - ---- a/arch/x86/kernel/setup.c -+++ b/arch/x86/kernel/setup.c -@@ -1179,19 +1179,7 @@ void __init setup_arch(char **cmdline_p) - /* Allocate bigger log buffer */ - setup_log_buf(1); - -- if (efi_enabled(EFI_BOOT)) { -- switch (boot_params.secure_boot) { -- case efi_secureboot_mode_disabled: -- pr_info("Secure boot disabled\n"); -- break; -- case efi_secureboot_mode_enabled: -- pr_info("Secure boot enabled\n"); -- break; -- default: -- pr_info("Secure boot could not be determined\n"); -- break; -- } -- } -+ efi_set_secure_boot(boot_params.secure_boot); - - reserve_initrd(); - ---- a/drivers/firmware/efi/Makefile -+++ b/drivers/firmware/efi/Makefile -@@ -24,6 +24,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_m - obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o - obj-$(CONFIG_EFI_TEST) += test/ - obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o -+obj-$(CONFIG_EFI) += secureboot.o - obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o - obj-$(CONFIG_EFI_RCI2_TABLE) += rci2-table.o - ---- /dev/null -+++ b/drivers/firmware/efi/secureboot.c -@@ -0,0 +1,39 @@ -+ -+/* Core kernel secure boot support. -+ * -+ * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved. -+ * Written by David Howells (dhowells@redhat.com) -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public Licence -+ * as published by the Free Software Foundation; either version -+ * 2 of the Licence, or (at your option) any later version. -+ */ -+ -+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -+ -+#include -+#include -+#include -+ -+/* -+ * Decide what to do when UEFI secure boot mode is enabled. -+ */ -+void __init efi_set_secure_boot(enum efi_secureboot_mode mode) -+{ -+ if (efi_enabled(EFI_BOOT)) { -+ switch (mode) { -+ case efi_secureboot_mode_disabled: -+ pr_info("Secure boot disabled\n"); -+ break; -+ case efi_secureboot_mode_enabled: -+ set_bit(EFI_SECURE_BOOT, &efi.flags); -+ pr_info("Secure boot enabled\n"); -+ break; -+ default: -+ pr_warning("Secure boot could not be determined (mode %u)\n", -+ mode); -+ break; -+ } -+ } -+} ---- a/include/linux/efi.h -+++ b/include/linux/efi.h -@@ -1202,6 +1202,14 @@ extern int __init efi_setup_pcdp_console - #define EFI_DBG 8 /* Print additional debug info at runtime */ - #define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */ - #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */ -+#define EFI_SECURE_BOOT 11 /* Are we in Secure Boot mode? */ -+ -+enum efi_secureboot_mode { -+ efi_secureboot_mode_unset, -+ efi_secureboot_mode_unknown, -+ efi_secureboot_mode_disabled, -+ efi_secureboot_mode_enabled, -+}; - - #ifdef CONFIG_EFI - /* -@@ -1212,6 +1220,7 @@ static inline bool efi_enabled(int featu - return test_bit(feature, &efi.flags) != 0; - } - extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused); -+extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode); - #else - static inline bool efi_enabled(int feature) - { -@@ -1225,6 +1234,7 @@ efi_capsule_pending(int *reset_type) - { - return false; - } -+static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {} - #endif - - extern int efi_status_to_err(efi_status_t status); -@@ -1616,12 +1626,6 @@ static inline bool efi_runtime_disabled( - extern void efi_call_virt_check_flags(unsigned long flags, const char *call); - extern unsigned long efi_call_virt_save_flags(void); - --enum efi_secureboot_mode { -- efi_secureboot_mode_unset, -- efi_secureboot_mode_unknown, -- efi_secureboot_mode_disabled, -- efi_secureboot_mode_enabled, --}; - enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table); - - #ifdef CONFIG_RESET_ATTACK_MITIGATION diff --git a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch deleted file mode 100644 index e20fd562963c..000000000000 --- a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +++ /dev/null @@ -1,115 +0,0 @@ -From: Ben Hutchings -Date: Tue, 10 Sep 2019 11:54:28 +0100 -Subject: efi: Lock down the kernel if booted in secure boot mode - -Based on an earlier patch by David Howells, who wrote the following -description: - -> UEFI Secure Boot provides a mechanism for ensuring that the firmware will -> only load signed bootloaders and kernels. Certain use cases may also -> require that all kernel modules also be signed. Add a configuration option -> that to lock down the kernel - which includes requiring validly signed -> modules - if the kernel is secure-booted. - -Signed-off-by: Ben Hutchings ---- - arch/x86/kernel/setup.c | 4 ++-- - drivers/firmware/efi/secureboot.c | 3 +++ - include/linux/security.h | 6 ++++++ - security/lockdown/Kconfig | 15 +++++++++++++++ - security/lockdown/lockdown.c | 2 +- - 5 files changed, 27 insertions(+), 3 deletions(-) - ---- a/arch/x86/kernel/setup.c -+++ b/arch/x86/kernel/setup.c -@@ -1027,6 +1027,8 @@ void __init setup_arch(char **cmdline_p) - if (efi_enabled(EFI_BOOT)) - efi_init(); - -+ efi_set_secure_boot(boot_params.secure_boot); -+ - dmi_setup(); - - /* -@@ -1179,8 +1181,6 @@ void __init setup_arch(char **cmdline_p) - /* Allocate bigger log buffer */ - setup_log_buf(1); - -- efi_set_secure_boot(boot_params.secure_boot); -- - reserve_initrd(); - - acpi_table_upgrade(); ---- a/drivers/firmware/efi/secureboot.c -+++ b/drivers/firmware/efi/secureboot.c -@@ -15,6 +15,7 @@ - #include - #include - #include -+#include - - /* - * Decide what to do when UEFI secure boot mode is enabled. -@@ -28,6 +29,8 @@ void __init efi_set_secure_boot(enum efi - break; - case efi_secureboot_mode_enabled: - set_bit(EFI_SECURE_BOOT, &efi.flags); -+ lock_kernel_down("EFI Secure Boot", -+ LOCKDOWN_CONFIDENTIALITY_MAX); - pr_info("Secure boot enabled\n"); - break; - default: ---- a/include/linux/security.h -+++ b/include/linux/security.h -@@ -442,6 +442,7 @@ int security_inode_notifysecctx(struct i - int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); - int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); - int security_locked_down(enum lockdown_reason what); -+int lock_kernel_down(const char *where, enum lockdown_reason level); - #else /* CONFIG_SECURITY */ - - static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) -@@ -1263,6 +1264,11 @@ static inline int security_locked_down(e - { - return 0; - } -+static inline int -+lock_kernel_down(const char *where, enum lockdown_reason level) -+{ -+ return -EOPNOTSUPP; -+} - #endif /* CONFIG_SECURITY */ - - #ifdef CONFIG_SECURITY_NETWORK ---- a/security/lockdown/Kconfig -+++ b/security/lockdown/Kconfig -@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI - disabled. - - endchoice -+ -+config LOCK_DOWN_IN_EFI_SECURE_BOOT -+ bool "Lock down the kernel in EFI Secure Boot mode" -+ default n -+ depends on SECURITY_LOCKDOWN_LSM -+ depends on EFI -+ select SECURITY_LOCKDOWN_LSM_EARLY -+ help -+ UEFI Secure Boot provides a mechanism for ensuring that the firmware -+ will only load signed bootloaders and kernels. Secure boot mode may -+ be determined from EFI variables provided by the system firmware if -+ not indicated by the boot parameters. -+ -+ Enabling this option results in kernel lockdown being -+ triggered in confidentiality mode if EFI Secure Boot is set. ---- a/security/lockdown/lockdown.c -+++ b/security/lockdown/lockdown.c -@@ -47,7 +47,7 @@ static enum lockdown_reason lockdown_lev - /* - * Put the kernel into lock-down mode. - */ --static int lock_kernel_down(const char *where, enum lockdown_reason level) -+int lock_kernel_down(const char *where, enum lockdown_reason level) - { - if (kernel_locked_down >= level) - return -EPERM; diff --git a/debian/patches/features/all/lockdown/enable-cold-boot-attack-mitigation.patch b/debian/patches/features/all/lockdown/enable-cold-boot-attack-mitigation.patch deleted file mode 100644 index 793858708d9b..000000000000 --- a/debian/patches/features/all/lockdown/enable-cold-boot-attack-mitigation.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Matthew Garrett -Date: Tue, 12 Jan 2016 12:51:27 -0800 -Subject: [18/18] Enable cold boot attack mitigation -Origin: https://github.com/mjg59/linux/commit/02d999574936dd234a508c0112a0200c135a5c34 - -[Lukas Wunner: Forward-ported to 4.11: adjust context] ---- - arch/x86/boot/compressed/eboot.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 8b4c5e001157..0813490ca6e0 100644 ---- a/arch/x86/boot/compressed/eboot.c -+++ b/arch/x86/boot/compressed/eboot.c -@@ -371,6 +371,22 @@ void setup_graphics(struct boot_params *boot_params) - } - } - -+#define MEMORY_ONLY_RESET_CONTROL_GUID \ -+ EFI_GUID (0xe20939be, 0x32d4, 0x41be, 0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29) -+ -+static void enable_reset_attack_mitigation(void) -+{ -+ u8 val = 1; -+ efi_guid_t var_guid = MEMORY_ONLY_RESET_CONTROL_GUID; -+ -+ /* Ignore the return value here - there's not really a lot we can do */ -+ efi_early->call((unsigned long)sys_table->runtime->set_variable, -+ L"MemoryOverwriteRequestControl", &var_guid, -+ EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ EFI_VARIABLE_RUNTIME_ACCESS, sizeof(val), val); -+} -+ - /* - * Because the x86 boot code expects to be passed a boot_params we - * need to create one ourselves (usually the bootloader would create -@@ -765,6 +781,12 @@ efi_main(struct efi_config *c, struct boot_params *boot_params) - ((u64)boot_params->ext_cmd_line_ptr << 32)); - efi_parse_options((char *)cmdline_paddr); - -+ /* -+ * Ask the firmware to clear memory if we don't have a clean -+ * shutdown -+ */ -+ enable_reset_attack_mitigation(); -+ - /* - * If the boot loader gave us a value for secure_boot then we use that, - * otherwise we ask the BIOS. diff --git a/debian/patches/features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.patch b/debian/patches/features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.patch deleted file mode 100644 index 41cb8c043933..000000000000 --- a/debian/patches/features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Ben Hutchings -Date: Sun, 21 Apr 2019 00:17:13 +0100 -Subject: lockdown: Refer to Debian wiki until manual page exists -Forwarded: not-needed - -The lockdown denial log message currently refers to a -"kernel_lockdown.7" manual page, which is supposed to document it. -That manual page hasn't been accepted by the man-pages project and -doesn't even seem to have been submitted yet. For now, refer to the -Debian wiki. - ---- ---- a/security/lockdown/lockdown.c -+++ b/security/lockdown/lockdown.c -@@ -53,7 +53,7 @@ int lock_kernel_down(const char *where, - return -EPERM; - - kernel_locked_down = level; -- pr_notice("Kernel is locked down from %s; see man kernel_lockdown.7\n", -+ pr_notice("Kernel is locked down from %s; see https://wiki.debian.org/SecureBoot\n", - where); - return 0; - } -@@ -87,7 +87,7 @@ static int lockdown_is_locked_down(enum - - if (kernel_locked_down >= what) { - if (lockdown_reasons[what]) -- pr_notice("Lockdown: %s: %s is restricted; see man kernel_lockdown.7\n", -+ pr_notice("Lockdown: %s: %s is restricted; see https://wiki.debian.org/SecureBoot\n", - current->comm, lockdown_reasons[what]); - return -EPERM; - } diff --git a/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch deleted file mode 100644 index 5004e5dcaf1c..000000000000 --- a/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch +++ /dev/null @@ -1,75 +0,0 @@ -From: Ben Hutchings -Date: Fri, 30 Aug 2019 15:54:24 +0100 -Subject: mtd: phram,slram: Disable when the kernel is locked down -Forwarded: https://lore.kernel.org/linux-security-module/20190830154720.eekfjt6c4jzvlbfz@decadent.org.uk/ - -These drivers allow mapping arbitrary memory ranges as MTD devices. -This should be disabled to preserve the kernel's integrity when it is -locked down. - -* Add the HWPARAM flag to the module parameters -* When slram is built-in, it uses __setup() to read kernel parameters, - so add an explicit check security_locked_down() check - -Signed-off-by: Ben Hutchings -Cc: Matthew Garrett -Cc: David Howells -Cc: Joern Engel -Cc: linux-mtd@lists.infradead.org ---- - drivers/mtd/devices/phram.c | 6 +++++- - drivers/mtd/devices/slram.c | 9 ++++++++- - 2 files changed, 13 insertions(+), 2 deletions(-) - ---- a/drivers/mtd/devices/phram.c -+++ b/drivers/mtd/devices/phram.c -@@ -294,7 +294,11 @@ static int phram_param_call(const char * - #endif - } - --module_param_call(phram, phram_param_call, NULL, NULL, 0200); -+static const struct kernel_param_ops phram_param_ops = { -+ .set = phram_param_call -+}; -+__module_param_call(MODULE_PARAM_PREFIX, phram, &phram_param_ops, NULL, -+ 0200, -1, KERNEL_PARAM_FL_HWPARAM | hwparam_iomem); - MODULE_PARM_DESC(phram, "Memory region to map. \"phram=,,\""); - - ---- a/drivers/mtd/devices/slram.c -+++ b/drivers/mtd/devices/slram.c -@@ -43,6 +43,7 @@ - #include - #include - #include -+#include - - #include - -@@ -65,7 +66,7 @@ typedef struct slram_mtd_list { - #ifdef MODULE - static char *map[SLRAM_MAX_DEVICES_PARAMS]; - --module_param_array(map, charp, NULL, 0); -+module_param_hw_array(map, charp, iomem, NULL, 0); - MODULE_PARM_DESC(map, "List of memory regions to map. \"map=, , \""); - #else - static char *map; -@@ -281,11 +282,17 @@ static int __init init_slram(void) - #ifndef MODULE - char *devstart; - char *devlength; -+ int ret; - - if (!map) { - E("slram: not enough parameters.\n"); - return(-EINVAL); - } -+ -+ ret = security_locked_down(LOCKDOWN_MODULE_PARAMETERS); -+ if (ret) -+ return ret; -+ - while (map) { - devname = devstart = devlength = NULL; - diff --git a/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch deleted file mode 100644 index 6acd429db468..000000000000 --- a/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch +++ /dev/null @@ -1,75 +0,0 @@ -From: Ben Hutchings -Date: Mon, 11 Jan 2016 15:23:55 +0000 -Subject: security,perf: Allow further restriction of perf_event_open -Forwarded: https://lkml.org/lkml/2016/1/11/587 - -When kernel.perf_event_open is set to 3 (or greater), disallow all -access to performance events by users without CAP_SYS_ADMIN. -Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that -makes this value the default. - -This is based on a similar feature in grsecurity -(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making -the variable read-only. It also allows enabling further restriction -at run-time regardless of whether the default is changed. - -Signed-off-by: Ben Hutchings ---- ---- a/include/linux/perf_event.h -+++ b/include/linux/perf_event.h -@@ -1145,6 +1145,11 @@ extern int perf_cpu_time_max_percent_han - int perf_event_max_stack_handler(struct ctl_table *table, int write, - void __user *buffer, size_t *lenp, loff_t *ppos); - -+static inline bool perf_paranoid_any(void) -+{ -+ return sysctl_perf_event_paranoid > 2; -+} -+ - static inline bool perf_paranoid_tracepoint_raw(void) - { - return sysctl_perf_event_paranoid > -1; ---- a/kernel/events/core.c -+++ b/kernel/events/core.c -@@ -389,8 +389,13 @@ static struct srcu_struct pmus_srcu; - * 0 - disallow raw tracepoint access for unpriv - * 1 - disallow cpu events for unpriv - * 2 - disallow kernel profiling for unpriv -+ * 3 - disallow all unpriv perf event use - */ -+#ifdef CONFIG_SECURITY_PERF_EVENTS_RESTRICT -+int sysctl_perf_event_paranoid __read_mostly = 3; -+#else - int sysctl_perf_event_paranoid __read_mostly = 2; -+#endif - - /* Minimum for 512 kiB + 1 user control page */ - int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -9395,6 +9400,9 @@ SYSCALL_DEFINE5(perf_event_open, - if (flags & ~PERF_FLAG_ALL) - return -EINVAL; - -+ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) -+ return -EACCES; -+ - err = perf_copy_attr(attr_uptr, &attr); - if (err) - return err; ---- a/security/Kconfig -+++ b/security/Kconfig -@@ -18,6 +18,15 @@ config SECURITY_DMESG_RESTRICT - - If you are unsure how to answer this question, answer N. - -+config SECURITY_PERF_EVENTS_RESTRICT -+ bool "Restrict unprivileged use of performance events" -+ depends on PERF_EVENTS -+ help -+ If you say Y here, the kernel.perf_event_paranoid sysctl -+ will be set to 3 by default, and no unprivileged use of the -+ perf_event_open syscall will be permitted unless it is -+ changed. -+ - config SECURITY - bool "Enable different security models" - depends on SYSFS diff --git a/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch b/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch deleted file mode 100644 index a40d273dca06..000000000000 --- a/debian/patches/features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch +++ /dev/null @@ -1,57 +0,0 @@ -From: Aurelien Jarno -Date: Sun, 20 Jul 2014 19:16:31 +0200 -Subject: MIPS: Loongson 3: Add Loongson LS3A RS780E 1-way machine definition -Forwarded: no - -Add a Loongson LS3A RS780E 1-way machine definition, which only differs -from other Loongson 3 based machines by the UART base clock speed. - -Signed-off-by: Aurelien Jarno -[bwh: Forward-ported to 4.2] ---- - arch/mips/include/asm/bootinfo.h | 1 + - arch/mips/loongson64/common/machtype.c | 1 + - arch/mips/loongson64/common/serial.c | 1 + - arch/mips/loongson64/common/uart_base.c | 1 + - 4 files changed, 4 insertions(+) - ---- a/arch/mips/include/asm/bootinfo.h -+++ b/arch/mips/include/asm/bootinfo.h -@@ -71,6 +71,7 @@ enum loongson_machine_type { - MACH_LEMOTE_NAS, - MACH_LEMOTE_LL2F, - MACH_LOONGSON_GENERIC, -+ MACH_LOONGSON_3A780E1W, - MACH_LOONGSON_END - }; - ---- a/arch/mips/loongson64/common/machtype.c -+++ b/arch/mips/loongson64/common/machtype.c -@@ -28,6 +28,7 @@ static const char *system_types[] = { - [MACH_LEMOTE_NAS] = "lemote-nas-2f", - [MACH_LEMOTE_LL2F] = "lemote-lynloong-2f", - [MACH_LOONGSON_GENERIC] = "generic-loongson-machine", -+ [MACH_LOONGSON_3A780E1W] = "loongson-ls3a-rs780e-1w", - [MACH_LOONGSON_END] = NULL, - }; - ---- a/arch/mips/loongson64/common/serial.c -+++ b/arch/mips/loongson64/common/serial.c -@@ -48,6 +48,7 @@ static struct plat_serial8250_port uart8 - [MACH_LEMOTE_NAS] = {PORT_M(3, 3686400), {} }, - [MACH_LEMOTE_LL2F] = {PORT(3, 1843200), {} }, - [MACH_LOONGSON_GENERIC] = {PORT_M(2, 25000000), {} }, -+ [MACH_LOONGSON_3A780E1W] = {PORT_M(2, 33177600), {} }, - [MACH_LOONGSON_END] = {}, - }; - ---- a/arch/mips/loongson64/common/uart_base.c -+++ b/arch/mips/loongson64/common/uart_base.c -@@ -25,6 +25,7 @@ void prom_init_loongson_uart_base(void) - { - switch (mips_machtype) { - case MACH_LOONGSON_GENERIC: -+ case MACH_LOONGSON_3A780E1W: - /* The CPU provided serial port (CPU) */ - loongson_uart_base[0] = LOONGSON_REG_BASE + 0x1e0; - break; diff --git a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch deleted file mode 100644 index 0e003c23a3a8..000000000000 --- a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch +++ /dev/null @@ -1,88 +0,0 @@ -From: Ben Hutchings -Date: Wed, 21 Aug 2019 00:32:16 +0100 -Subject: intel-iommu: Add Kconfig option to exclude iGPU by default -Bug-Debian: https://bugs.debian.org/935270 -Bug-Kali: https://bugs.kali.org/view.php?id=5644 - -There is still laptop firmware that touches the integrated GPU behind -the operating system's back, and doesn't say so in the RMRR table. -Enabling the IOMMU for all devices causes breakage. - -Replace CONFIG_INTEL_IOMMU_DEFAULT_ON with a 3-way choice -corresponding to "on", "off", and "on,intgpu_off". - -Signed-off-by: Ben Hutchings ---- -Index: debian-kernel/drivers/iommu/Kconfig -=================================================================== ---- debian-kernel.orig/drivers/iommu/Kconfig -+++ debian-kernel/drivers/iommu/Kconfig -@@ -213,14 +213,28 @@ config INTEL_IOMMU_SVM - to access DMA resources through process address space by - means of a Process Address Space ID (PASID). - --config INTEL_IOMMU_DEFAULT_ON -- def_bool y -- prompt "Enable Intel DMA Remapping Devices by default" -- depends on INTEL_IOMMU -+if INTEL_IOMMU -+ -+choice -+ prompt "Default state of Intel DMA Remapping Devices" -+ default INTEL_IOMMU_DEFAULT_ON - help -- Selecting this option will enable a DMAR device at boot time if -- one is found. If this option is not selected, DMAR support can -- be enabled by passing intel_iommu=on to the kernel. -+ Choose whether Intel DMA Remapping Devices should be enabled -+ by default. This can be overridden at boot time using the -+ intel_iommu= kernel parameter. -+ -+config INTEL_IOMMU_DEFAULT_ON -+ bool "Enable" -+ -+config INTEL_IOMMU_DEFAULT_ON_INTGPU_OFF -+ bool "Enable, excluding integrated GPU" -+ -+config INTEL_IOMMU_DEFAULT_OFF -+ bool "Disable" -+ -+endchoice -+ -+endif - - config INTEL_IOMMU_BROKEN_GFX_WA - bool "Workaround broken graphics drivers (going away soon)" -Index: debian-kernel/drivers/iommu/intel-iommu.c -=================================================================== ---- debian-kernel.orig/drivers/iommu/intel-iommu.c -+++ debian-kernel/drivers/iommu/intel-iommu.c -@@ -354,18 +354,14 @@ static int intel_iommu_attach_device(str - static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain, - dma_addr_t iova); - --#ifdef CONFIG_INTEL_IOMMU_DEFAULT_ON --int dmar_disabled = 0; --#else --int dmar_disabled = 1; --#endif /*CONFIG_INTEL_IOMMU_DEFAULT_ON*/ -+int dmar_disabled = IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_OFF); - - int intel_iommu_sm; - int intel_iommu_enabled = 0; - EXPORT_SYMBOL_GPL(intel_iommu_enabled); - - static int dmar_map_gfx = 1; --static int dmar_map_intgpu = 1; -+static int dmar_map_intgpu = IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_ON); - static int dmar_forcedac; - static int intel_iommu_strict; - static int intel_iommu_superpage = 1; -@@ -446,6 +442,7 @@ static int __init intel_iommu_setup(char - while (*str) { - if (!strncmp(str, "on", 2)) { - dmar_disabled = 0; -+ dmar_map_intgpu = 1; - pr_info("IOMMU enabled\n"); - } else if (!strncmp(str, "off", 3)) { - dmar_disabled = 1; diff --git a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch deleted file mode 100644 index c947c53f6586..000000000000 --- a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: Ben Hutchings -Date: Wed, 21 Aug 2019 00:05:30 +0100 -Subject: intel-iommu: Add option to exclude integrated GPU only -Bug-Debian: https://bugs.debian.org/935270 -Bug-Kali: https://bugs.kali.org/view.php?id=5644 - -There is still laptop firmware that touches the integrated GPU behind -the operating system's back, and doesn't say so in the RMRR table. -Enabling the IOMMU for all devices causes breakage, but turning it off -for all graphics devices seems like a major weakness. - -Add an option, intel_iommu=igpu_off, to exclude only integrated GPUs -from remapping. This is a narrower exclusion than igfx_off: it only -affects Intel devices on the root bus. Devices attached through an -external port (Thunderbolt or ExpressCard) won't be on the root bus. - -Signed-off-by: Ben Hutchings ---- ---- a/drivers/iommu/intel-iommu.c -+++ b/drivers/iommu/intel-iommu.c -@@ -52,6 +52,9 @@ - #define CONTEXT_SIZE VTD_PAGE_SIZE - - #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY) -+#define IS_INTGPU_DEVICE(pdev) (IS_GFX_DEVICE(pdev) && \ -+ (pdev)->vendor == 0x8086 && \ -+ pci_is_root_bus((pdev)->bus)) - #define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB) - #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA) - #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e) -@@ -356,6 +359,7 @@ int intel_iommu_enabled = 0; - EXPORT_SYMBOL_GPL(intel_iommu_enabled); - - static int dmar_map_gfx = 1; -+static int dmar_map_intgpu = 1; - static int dmar_forcedac; - static int intel_iommu_strict; - static int intel_iommu_superpage = 1; -@@ -364,6 +368,7 @@ static int iommu_identity_mapping; - #define IDENTMAP_ALL 1 - #define IDENTMAP_GFX 2 - #define IDENTMAP_AZALIA 4 -+#define IDENTMAP_INTGPU 8 - - int intel_iommu_gfx_mapped; - EXPORT_SYMBOL_GPL(intel_iommu_gfx_mapped); -@@ -439,6 +444,9 @@ static int __init intel_iommu_setup(char - } else if (!strncmp(str, "igfx_off", 8)) { - dmar_map_gfx = 0; - pr_info("Disable GFX device mapping\n"); -+ } else if (!strncmp(str, "intgpu_off", 8)) { -+ dmar_map_intgpu = 0; -+ pr_info("Disable integrated GPU device mapping\n"); - } else if (!strncmp(str, "forcedac", 8)) { - pr_info("Forcing DAC for PCI devices\n"); - dmar_forcedac = 1; -@@ -2890,6 +2898,9 @@ static int device_def_domain_type(struct - if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev)) - return IOMMU_DOMAIN_IDENTITY; - -+ if ((iommu_identity_mapping & IDENTMAP_INTGPU) && IS_INTGPU_DEVICE(pdev)) -+ return IOMMU_DOMAIN_IDENTITY; -+ - /* - * We want to start off with all devices in the 1:1 domain, and - * take them out later if we find they can't access all of memory. -@@ -3277,6 +3288,9 @@ static int __init init_dmars(void) - if (!dmar_map_gfx) - iommu_identity_mapping |= IDENTMAP_GFX; - -+ if (!dmar_map_intgpu) -+ iommu_identity_mapping |= IDENTMAP_INTGPU; -+ - check_tylersburg_isoch(); - - ret = si_domain_init(hw_pass_through); ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -1703,6 +1703,8 @@ - bypassed by not enabling DMAR with this option. In - this case, gfx device will use physical address for - DMA. -+ intgpu_off [Default Off] -+ Bypass the DMAR unit for an integrated GPU only. - forcedac [x86_64] - With this option iommu will not optimize to look - for io virtual address below 32-bit forcing dual diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch deleted file mode 100644 index cf6b4eda6ff9..000000000000 --- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch +++ /dev/null @@ -1,180 +0,0 @@ -From: Ben Hutchings -Date: Mon, 12 Feb 2018 23:59:26 +0000 -Subject: x86: Make x32 syscall support conditional on a kernel parameter -Bug-Debian: https://bugs.debian.org/708070 -Forwarded: https://lore.kernel.org/lkml/1415245982.3398.53.camel@decadent.org.uk/T/#u - -Enabling x32 in the standard amd64 kernel would increase its attack -surface while provide no benefit to the vast majority of its users. -No-one seems interested in regularly checking for vulnerabilities -specific to x32 (at least no-one with a white hat). - -Still, adding another flavour just to turn on x32 seems wasteful. And -the only differences on syscall entry are a few instructions that mask -out the x32 flag and compare the syscall number. - -Use a static key to control whether x32 syscalls are really enabled, a -Kconfig parameter to set its default value and a kernel parameter -"syscall.x32" to change it at boot time. - -Signed-off-by: Ben Hutchings ---- - Documentation/admin-guide/kernel-parameters.txt | 4 ++ - arch/x86/Kconfig | 8 ++++ - arch/x86/entry/common.c | 3 + - arch/x86/entry/syscall_64.c | 46 ++++++++++++++++++++++++ - arch/x86/include/asm/elf.h | 4 +- - arch/x86/include/asm/syscall.h | 13 ++++++ - 6 files changed, 76 insertions(+), 2 deletions(-) - ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4678,6 +4678,10 @@ - - switches= [HW,M68k] - -+ syscall.x32= [KNL,x86_64] Enable/disable use of x32 syscalls on -+ an x86_64 kernel where CONFIG_X86_X32 is enabled. -+ Default depends on CONFIG_X86_X32_DISABLED. -+ - sysfs.deprecated=0|1 [KNL] - Enable/disable old style sysfs layout for old udev - on older distributions. When this option is enabled ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -2901,6 +2901,14 @@ config COMPAT_32 - select HAVE_UID16 - select OLD_SIGSUSPEND3 - -+config X86_X32_DISABLED -+ bool "x32 ABI disabled by default" -+ depends on X86_X32 -+ default n -+ help -+ Disable the x32 ABI unless explicitly enabled using the -+ kernel paramter "syscall.x32=y". -+ - config COMPAT - def_bool y - depends on IA32_EMULATION || X86_X32 ---- a/arch/x86/entry/common.c -+++ b/arch/x86/entry/common.c -@@ -289,7 +289,8 @@ __visible void do_syscall_64(unsigned lo - nr = array_index_nospec(nr, NR_syscalls); - regs->ax = sys_call_table[nr](regs); - #ifdef CONFIG_X86_X32_ABI -- } else if (likely((nr & __X32_SYSCALL_BIT) && -+ } else if (x32_enabled && -+ likely((nr & __X32_SYSCALL_BIT) && - (nr & ~__X32_SYSCALL_BIT) < X32_NR_syscalls)) { - nr = array_index_nospec(nr & ~__X32_SYSCALL_BIT, - X32_NR_syscalls); ---- a/arch/x86/entry/syscall_64.c -+++ b/arch/x86/entry/syscall_64.c -@@ -4,6 +4,9 @@ - #include - #include - #include -+#include -+#undef MODULE_PARAM_PREFIX -+#define MODULE_PARAM_PREFIX "syscall." - #include - #include - -@@ -47,4 +50,47 @@ asmlinkage const sys_call_ptr_t x32_sys_ - #undef __SYSCALL_64 - #undef __SYSCALL_X32 - -+/* Maybe enable x32 syscalls */ -+ -+#if defined(CONFIG_X86_X32_DISABLED) -+DEFINE_STATIC_KEY_FALSE(x32_enabled_skey); -+#else -+DEFINE_STATIC_KEY_TRUE(x32_enabled_skey); -+#endif -+ -+static int __init x32_param_set(const char *val, const struct kernel_param *p) -+{ -+ bool enabled; -+ int ret; -+ -+ ret = kstrtobool(val, &enabled); -+ if (ret) -+ return ret; -+ if (IS_ENABLED(CONFIG_X86_X32_DISABLED)) { -+ if (enabled) { -+ static_key_enable(&x32_enabled_skey.key); -+ pr_info("Enabled x32 syscalls\n"); -+ } -+ } else { -+ if (!enabled) { -+ static_key_disable(&x32_enabled_skey.key); -+ pr_info("Disabled x32 syscalls\n"); -+ } -+ } -+ return 0; -+} -+ -+static int x32_param_get(char *buffer, const struct kernel_param *p) -+{ -+ return sprintf(buffer, "%c\n", -+ static_key_enabled(&x32_enabled_skey) ? 'Y' : 'N'); -+} -+ -+static const struct kernel_param_ops x32_param_ops = { -+ .set = x32_param_set, -+ .get = x32_param_get, -+}; -+ -+arch_param_cb(x32, &x32_param_ops, NULL, 0444); -+ - #endif ---- a/arch/x86/include/asm/elf.h -+++ b/arch/x86/include/asm/elf.h -@@ -11,6 +11,7 @@ - #include - #include - #include -+#include - - typedef unsigned long elf_greg_t; - -@@ -163,7 +164,8 @@ do { \ - - #define compat_elf_check_arch(x) \ - (elf_check_arch_ia32(x) || \ -- (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) -+ (IS_ENABLED(CONFIG_X86_X32_ABI) && x32_enabled && \ -+ (x)->e_machine == EM_X86_64)) - - #if __USER32_DS != __USER_DS - # error "The following code assumes __USER32_DS == __USER_DS" ---- a/arch/x86/include/asm/syscall.h -+++ b/arch/x86/include/asm/syscall.h -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - #include /* For NR_syscalls */ - #include /* for TS_COMPAT */ - #include -@@ -40,6 +41,18 @@ extern const sys_call_ptr_t ia32_sys_cal - extern const sys_call_ptr_t x32_sys_call_table[]; - #endif - -+#if defined(CONFIG_X86_X32_ABI) -+#if defined(CONFIG_X86_X32_DISABLED) -+DECLARE_STATIC_KEY_FALSE(x32_enabled_skey); -+#define x32_enabled static_branch_unlikely(&x32_enabled_skey) -+#else -+DECLARE_STATIC_KEY_TRUE(x32_enabled_skey); -+#define x32_enabled static_branch_likely(&x32_enabled_skey) -+#endif -+#else -+#define x32_enabled 0 -+#endif -+ - /* - * Only the low 32 bits of orig_ax are meaningful, so we return int. - * This importantly ignores the high bits on 64-bit, so comparisons diff --git a/debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch b/debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch deleted file mode 100644 index 7a7952003227..000000000000 --- a/debian/patches/features/x86/x86-memtest-WARN-if-bad-RAM-found.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Ben Hutchings -Date: Mon, 5 Dec 2011 04:00:58 +0000 -Subject: x86: memtest: WARN if bad RAM found -Bug-Debian: https://bugs.debian.org/613321 -Forwarded: http://thread.gmane.org/gmane.linux.kernel/1286471 - -Since this is not a particularly thorough test, if we find any bad -bits of RAM then there is a fair chance that there are other bad bits -we fail to detect. - -Signed-off-by: Ben Hutchings ---- - mm/memtest.c | 2 ++ - 1 files changed, 2 insertions(+), 0 deletions(-) - ---- a/mm/memtest.c -+++ b/mm/memtest.c -@@ -26,6 +26,10 @@ static u64 patterns[] __initdata = { - - static void __init reserve_bad_mem(u64 pattern, phys_addr_t start_bad, phys_addr_t end_bad) - { -+#ifdef CONFIG_X86 -+ WARN_ONCE(1, "Bad RAM detected. Use memtest86+ to perform a thorough test\n" -+ "and the memmap= parameter to reserve the bad areas."); -+#endif - pr_info(" %016llx bad mem addr %pa - %pa reserved\n", - cpu_to_be64(pattern), &start_bad, &end_bad); - memblock_reserve(start_bad, end_bad - start_bad); diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index bd99bc076e71..000000000000 --- a/debian/patches/series +++ /dev/null @@ -1,137 +0,0 @@ -debian/gitignore.patch - -# Disable features broken by exclusion of upstream files -debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch -debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch -debian/dfsg/vs6624-disable.patch -debian/dfsg/drivers-net-appletalk-cops.patch -debian/dfsg/video-remove-nvidiafb-and-rivafb.patch -debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch - -# Changes to support package build system -debian/version.patch -debian/uname-version-timestamp.patch -debian/kernelvariables.patch -debian/ia64-hardcode-arch-script-output.patch -debian/mips-disable-werror.patch -debian/mips-boston-disable-its.patch -debian/arch-sh4-fix-uimage-build.patch -debian/tools-perf-version.patch -debian/tools-perf-install.patch -debian/wireless-add-debian-wireless-regdb-certificates.patch -debian/export-symbols-needed-by-android-drivers.patch -debian/android-enable-building-ashmem-and-binder-as-modules.patch - -# Fixes/improvements to firmware loading -features/all/drivers-media-dvb-usb-af9005-request_firmware.patch -debian/iwlwifi-do-not-request-unreleased-firmware.patch -bugfix/all/firmware_class-log-every-success-and-failure.patch -bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch -bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch -debian/firmware_class-refer-to-debian-wiki-firmware-page.patch - -# Patches from aufs5 repository, imported with debian/bin/genpatch-aufs. -# These are only the changes needed to allow aufs to be built out-of-tree. -features/all/aufs5/aufs5-base.patch -features/all/aufs5/aufs5-mmap.patch -features/all/aufs5/aufs5-standalone.patch - -# Change some defaults for security reasons -debian/af_802154-Disable-auto-loading-as-mitigation-against.patch -debian/rds-Disable-auto-loading-as-mitigation-against-local.patch -debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch -debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch -debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch -debian/fs-enable-link-security-restrictions-by-default.patch - -# Set various features runtime-disabled by default -debian/sched-autogroup-disabled.patch -debian/yama-disable-by-default.patch -debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch -features/all/security-perf-allow-further-restriction-of-perf_event_open.patch -features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch -features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch - -# Disable autoloading/probing of various drivers by default -debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch -debian/snd-pcsp-disable-autoload.patch -bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch -debian/fjes-disable-autoload.patch - -# Taint if dangerous features are used -debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch -debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch - -# Arch bug fixes -bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch -bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch -bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch -bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch -bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch -bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch -bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch -bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch -bugfix/ppc64el/libbpf-fix-readelf-output-parsing-on-powerpc-with-re.patch - -# Arch features -features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch -features/x86/x86-memtest-WARN-if-bad-RAM-found.patch -features/x86/x86-make-x32-syscall-support-conditional.patch - -# Miscellaneous bug fixes -bugfix/all/disable-some-marvell-phys.patch -bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch -bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch -debian/revert-objtool-fix-config_stack_validation-y-warning.patch -bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch - -# Miscellaneous features - -# Lockdown missing pieces -features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch -features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch -features/all/lockdown/add-a-sysrq-option-to-lift-kernel-lockdown.patch -features/all/lockdown/enable-cold-boot-attack-mitigation.patch -features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch -features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch -# until the "kernel_lockdown.7" manual page exists -features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.patch - -# Improve integrity platform keyring for kernel modules verification -features/all/db-mok-keyring/0006-Make-get_cert_list-not-complain-about-cert-lists-tha.patch -features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch -features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch -features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch -features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch -features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch -features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch - -# Security fixes -debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -debian/ntfs-mark-it-as-broken.patch - -# Fix exported symbol versions -bugfix/all/module-disable-matching-missing-version-crc.patch - -# Tools bug fixes -bugfix/all/usbip-document-tcp-wrappers.patch -bugfix/all/kbuild-fix-recordmcount-dependency.patch -bugfix/all/tools-perf-man-date.patch -bugfix/all/tools-perf-remove-shebangs.patch -bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch -bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch -bugfix/all/cpupower-bump-soname-version.patch -bugfix/all/libcpupower-hide-private-function.patch -bugfix/all/cpupower-fix-checks-for-cpu-existence.patch -bugfix/all/tools-lib-api-fs-fs.c-fix-misuse-of-strncpy.patch -bugfix/all/usbip-fix-misuse-of-strncpy.patch -bugfix/all/usbip-network-fix-unaligned-member-access.patch -bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch - -# wireless: Disable regulatory.db direct loading (until we sort out signing) -debian/wireless-disable-regulatory.db-direct-loading.patch - -# overlay: allow mounting in user namespaces -debian/overlayfs-permit-mounts-in-userns.patch - -# ABI maintenance diff --git a/debian/rules.real b/debian/rules.real index 1e526ff75a12..de9eb5b94cbe 100644 --- a/debian/rules.real +++ b/debian/rules.real @@ -151,9 +151,11 @@ $(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-%.patch.xz: $(STAMPS_DIR)/source_non (rm -f $@; exit 1) $(STAMPS_DIR)/source: +ifeq ($(DO_APPLY_PATCHES),True) test -d .pc set +e; QUILT_PC=.pc quilt unapplied --quiltrc - >/dev/null && echo 'Patch series not fully applied'; test $$? -eq 1 @$(stamp) +endif $(STAMPS_DIR)/source_%: SOURCE_DIR=$(BUILD_DIR)/source $(STAMPS_DIR)/source_%: DIR=$(BUILD_DIR)/source_$*