fixup! Update Debian kernel to v6.6.1
This commit is contained in:
parent
51cb34d141
commit
216e272d8a
|
@ -1,4 +1,4 @@
|
|||
From be7a0019f698b236692d06f6beff99d44f3802b5 Mon Sep 17 00:00:00 2001
|
||||
From 408551029a78a655c5fea864b45a8e370d7d9e8c Mon Sep 17 00:00:00 2001
|
||||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Mon, 7 Sep 2020 02:51:53 +0100
|
||||
Subject: [PATCH 1/2] Export symbols needed by Android drivers
|
||||
|
@ -20,10 +20,10 @@ Export the currently un-exported symbols they depend on.
|
|||
7 files changed, 10 insertions(+)
|
||||
|
||||
diff --git a/fs/file.c b/fs/file.c
|
||||
index 7893ea161d77..066f90a4f572 100644
|
||||
index 3e4a4dfa38fca..bdded3fcdbd87 100644
|
||||
--- a/fs/file.c
|
||||
+++ b/fs/file.c
|
||||
@@ -814,6 +814,7 @@ struct file *close_fd_get_file(unsigned int fd)
|
||||
@@ -816,6 +816,7 @@ struct file *close_fd_get_file(unsigned int fd)
|
||||
|
||||
return file;
|
||||
}
|
||||
|
@ -32,10 +32,10 @@ index 7893ea161d77..066f90a4f572 100644
|
|||
void do_close_on_exec(struct files_struct *files)
|
||||
{
|
||||
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
|
||||
index a68d1276bab0..5e5adf3f4f49 100644
|
||||
index 802551e0009bf..2698c78062b2f 100644
|
||||
--- a/kernel/sched/core.c
|
||||
+++ b/kernel/sched/core.c
|
||||
@@ -7227,6 +7227,7 @@ static bool is_nice_reduction(const struct task_struct *p, const int nice)
|
||||
@@ -7253,6 +7253,7 @@ static bool is_nice_reduction(const struct task_struct *p, const int nice)
|
||||
|
||||
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE));
|
||||
}
|
||||
|
@ -44,10 +44,10 @@ index a68d1276bab0..5e5adf3f4f49 100644
|
|||
/*
|
||||
* can_nice - check if a task can reduce its nice value
|
||||
diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c
|
||||
index 133b74730738..a2a3381ede73 100644
|
||||
index 802d98cf2de31..8eec46f066d86 100644
|
||||
--- a/kernel/sched/wait.c
|
||||
+++ b/kernel/sched/wait.c
|
||||
@@ -247,6 +247,7 @@ void __wake_up_pollfree(struct wait_queue_head *wq_head)
|
||||
@@ -252,6 +252,7 @@ void __wake_up_pollfree(struct wait_queue_head *wq_head)
|
||||
/* POLLFREE must have cleared the queue. */
|
||||
WARN_ON_ONCE(waitqueue_active(wq_head));
|
||||
}
|
||||
|
@ -56,7 +56,7 @@ index 133b74730738..a2a3381ede73 100644
|
|||
/*
|
||||
* Note: we use "set_current_state()" _after_ the wait-queue add,
|
||||
diff --git a/kernel/task_work.c b/kernel/task_work.c
|
||||
index 065e1ef8fc8d..7d06ea82a53e 100644
|
||||
index 95a7e1b7f1dab..972c3280337e8 100644
|
||||
--- a/kernel/task_work.c
|
||||
+++ b/kernel/task_work.c
|
||||
@@ -73,6 +73,7 @@ int task_work_add(struct task_struct *task, struct callback_head *work,
|
||||
|
@ -68,22 +68,22 @@ index 065e1ef8fc8d..7d06ea82a53e 100644
|
|||
/**
|
||||
* task_work_cancel_match - cancel a pending work added by task_work_add()
|
||||
diff --git a/mm/memory.c b/mm/memory.c
|
||||
index 5ce82a76201d..c20d92584f25 100644
|
||||
index 517221f013035..b747095cfea68 100644
|
||||
--- a/mm/memory.c
|
||||
+++ b/mm/memory.c
|
||||
@@ -1755,6 +1755,7 @@ void zap_page_range_single(struct vm_area_struct *vma, unsigned long address,
|
||||
mmu_notifier_invalidate_range_end(&range);
|
||||
@@ -1770,6 +1770,7 @@ void zap_page_range_single(struct vm_area_struct *vma, unsigned long address,
|
||||
tlb_finish_mmu(&tlb);
|
||||
hugetlb_zap_end(vma, details);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(zap_page_range_single);
|
||||
|
||||
/**
|
||||
* zap_vma_ptes - remove ptes mapping the vma
|
||||
diff --git a/mm/shmem.c b/mm/shmem.c
|
||||
index e40a08c5c6d7..3082bd4dfd52 100644
|
||||
index 69595d3418829..e155894de651c 100644
|
||||
--- a/mm/shmem.c
|
||||
+++ b/mm/shmem.c
|
||||
@@ -4351,6 +4351,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
|
||||
@@ -4871,6 +4871,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -92,10 +92,10 @@ index e40a08c5c6d7..3082bd4dfd52 100644
|
|||
/**
|
||||
* shmem_read_folio_gfp - read into page cache, using specified page allocation flags.
|
||||
diff --git a/security/security.c b/security/security.c
|
||||
index d5ff7ff45b77..79cc02ff5971 100644
|
||||
index 23b129d482a7c..eeb7162a02674 100644
|
||||
--- a/security/security.c
|
||||
+++ b/security/security.c
|
||||
@@ -798,6 +798,7 @@ int security_binder_set_context_mgr(const struct cred *mgr)
|
||||
@@ -799,6 +799,7 @@ int security_binder_set_context_mgr(const struct cred *mgr)
|
||||
{
|
||||
return call_int_hook(binder_set_context_mgr, 0, mgr);
|
||||
}
|
||||
|
@ -103,7 +103,7 @@ index d5ff7ff45b77..79cc02ff5971 100644
|
|||
|
||||
/**
|
||||
* security_binder_transaction() - Check if a binder transaction is allowed
|
||||
@@ -813,6 +814,7 @@ int security_binder_transaction(const struct cred *from,
|
||||
@@ -814,6 +815,7 @@ int security_binder_transaction(const struct cred *from,
|
||||
{
|
||||
return call_int_hook(binder_transaction, 0, from, to);
|
||||
}
|
||||
|
@ -111,7 +111,7 @@ index d5ff7ff45b77..79cc02ff5971 100644
|
|||
|
||||
/**
|
||||
* security_binder_transfer_binder() - Check if a binder transfer is allowed
|
||||
@@ -828,6 +830,7 @@ int security_binder_transfer_binder(const struct cred *from,
|
||||
@@ -829,6 +831,7 @@ int security_binder_transfer_binder(const struct cred *from,
|
||||
{
|
||||
return call_int_hook(binder_transfer_binder, 0, from, to);
|
||||
}
|
||||
|
@ -119,7 +119,7 @@ index d5ff7ff45b77..79cc02ff5971 100644
|
|||
|
||||
/**
|
||||
* security_binder_transfer_file() - Check if a binder file xfer is allowed
|
||||
@@ -844,6 +847,7 @@ int security_binder_transfer_file(const struct cred *from,
|
||||
@@ -845,6 +848,7 @@ int security_binder_transfer_file(const struct cred *from,
|
||||
{
|
||||
return call_int_hook(binder_transfer_file, 0, from, to, file);
|
||||
}
|
||||
|
@ -128,5 +128,5 @@ index d5ff7ff45b77..79cc02ff5971 100644
|
|||
/**
|
||||
* security_ptrace_access_check() - Check if tracing is allowed
|
||||
--
|
||||
2.41.0
|
||||
2.42.1
|
||||
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
From fbfaff58fe821fa93ceeb17e034886a6d8447207 Mon Sep 17 00:00:00 2001
|
||||
From: Maximilian Luz <luzmaximilian@gmail.com>
|
||||
Date: Mon, 20 Nov 2023 22:54:05 +0100
|
||||
Subject: [PATCH] Partially revert "integrity: Only use machine keyring when
|
||||
uefi_check_trust_mok_keys is true"
|
||||
|
||||
This partially reverts commit 3d6ae1a5d0c2019d274284859f556dcb64aa98a7.
|
||||
|
||||
MokListTrustedRT doesn't seem to be set by the Shim version used by
|
||||
Ubuntu and Debian. Therefore, these systems don't trust the MOK keys on
|
||||
newer kernels. While pre-5.19 kernels silently disregard the untrusted
|
||||
keys and (without signature enforcement enabled) still load external
|
||||
modules (tainting the kernel), on 5.19 kernels, this breaks module
|
||||
loading. Therefore, revert this change.
|
||||
---
|
||||
security/integrity/platform_certs/machine_keyring.c | 9 +--------
|
||||
1 file changed, 1 insertion(+), 8 deletions(-)
|
||||
|
||||
diff --git a/security/integrity/platform_certs/machine_keyring.c b/security/integrity/platform_certs/machine_keyring.c
|
||||
index a401640a63cd1..a1ad244cbf86d 100644
|
||||
--- a/security/integrity/platform_certs/machine_keyring.c
|
||||
+++ b/security/integrity/platform_certs/machine_keyring.c
|
||||
@@ -51,14 +51,7 @@ void __init add_to_machine_keyring(const char *source, const void *data, size_t
|
||||
*/
|
||||
static __init bool uefi_check_trust_mok_keys(void)
|
||||
{
|
||||
- struct efi_mokvar_table_entry *mokvar_entry;
|
||||
-
|
||||
- mokvar_entry = efi_mokvar_entry_find("MokListTrustedRT");
|
||||
-
|
||||
- if (mokvar_entry)
|
||||
- return true;
|
||||
-
|
||||
- return false;
|
||||
+ return true;
|
||||
}
|
||||
|
||||
static bool __init trust_moklist(void)
|
||||
--
|
||||
2.42.1
|
||||
|
|
@ -1,102 +0,0 @@
|
|||
From 9564bb04930ddcffa8b859ccf48ca40767ec8da4 Mon Sep 17 00:00:00 2001
|
||||
From: Maximilian Luz <luzmaximilian@gmail.com>
|
||||
Date: Fri, 26 Aug 2022 21:24:36 +0200
|
||||
Subject: [PATCH] Revert "integrity: Only use machine keyring when
|
||||
uefi_check_trust_mok_keys is true"
|
||||
|
||||
This reverts commit 3d6ae1a5d0c2019d274284859f556dcb64aa98a7.
|
||||
|
||||
MokListTrustedRT doesn't seem to be set by the Shim version used by
|
||||
Ubuntu and Debian. Therefore, these systems don't trust the MOK keys on
|
||||
newer kernels. While pre-5.19 kernels silently disregard the untrusted
|
||||
keys and (without signature enforcement enabled) still load external
|
||||
modules (tainting the kernel), on 5.19 kernels, this breaks module
|
||||
loading. Therefore, revert this change.
|
||||
|
||||
See https://github.com/linux-surface/linux-surface/issues/906.
|
||||
---
|
||||
security/integrity/digsig.c | 2 +-
|
||||
security/integrity/integrity.h | 5 -----
|
||||
.../integrity/platform_certs/keyring_handler.c | 2 +-
|
||||
.../integrity/platform_certs/machine_keyring.c | 16 ----------------
|
||||
4 files changed, 2 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
|
||||
index 6f31ffe23c48..590cd07b804b 100644
|
||||
--- a/security/integrity/digsig.c
|
||||
+++ b/security/integrity/digsig.c
|
||||
@@ -113,7 +113,7 @@ static int __init __integrity_init_keyring(const unsigned int id,
|
||||
} else {
|
||||
if (id == INTEGRITY_KEYRING_PLATFORM)
|
||||
set_platform_trusted_keys(keyring[id]);
|
||||
- if (id == INTEGRITY_KEYRING_MACHINE && trust_moklist())
|
||||
+ if (id == INTEGRITY_KEYRING_MACHINE)
|
||||
set_machine_trusted_keys(keyring[id]);
|
||||
if (id == INTEGRITY_KEYRING_IMA)
|
||||
load_module_cert(keyring[id]);
|
||||
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
|
||||
index 7167a6e99bdc..1dbb494c86c0 100644
|
||||
--- a/security/integrity/integrity.h
|
||||
+++ b/security/integrity/integrity.h
|
||||
@@ -320,14 +320,9 @@ static inline void __init add_to_platform_keyring(const char *source,
|
||||
|
||||
#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
|
||||
void __init add_to_machine_keyring(const char *source, const void *data, size_t len);
|
||||
-bool __init trust_moklist(void);
|
||||
#else
|
||||
static inline void __init add_to_machine_keyring(const char *source,
|
||||
const void *data, size_t len)
|
||||
{
|
||||
}
|
||||
-static inline bool __init trust_moklist(void)
|
||||
-{
|
||||
- return false;
|
||||
-}
|
||||
#endif
|
||||
diff --git a/security/integrity/platform_certs/keyring_handler.c b/security/integrity/platform_certs/keyring_handler.c
|
||||
index 8a1124e4d769..b22e0125a483 100644
|
||||
--- a/security/integrity/platform_certs/keyring_handler.c
|
||||
+++ b/security/integrity/platform_certs/keyring_handler.c
|
||||
@@ -61,7 +61,7 @@ __init efi_element_handler_t get_handler_for_db(const efi_guid_t *sig_type)
|
||||
__init efi_element_handler_t get_handler_for_mok(const efi_guid_t *sig_type)
|
||||
{
|
||||
if (efi_guidcmp(*sig_type, efi_cert_x509_guid) == 0) {
|
||||
- if (IS_ENABLED(CONFIG_INTEGRITY_MACHINE_KEYRING) && trust_moklist())
|
||||
+ if (IS_ENABLED(CONFIG_INTEGRITY_MACHINE_KEYRING))
|
||||
return add_to_machine_keyring;
|
||||
else
|
||||
return add_to_platform_keyring;
|
||||
diff --git a/security/integrity/platform_certs/machine_keyring.c b/security/integrity/platform_certs/machine_keyring.c
|
||||
index 7aaed7950b6e..09fd8f20c756 100644
|
||||
--- a/security/integrity/platform_certs/machine_keyring.c
|
||||
+++ b/security/integrity/platform_certs/machine_keyring.c
|
||||
@@ -8,8 +8,6 @@
|
||||
#include <linux/efi.h>
|
||||
#include "../integrity.h"
|
||||
|
||||
-static bool trust_mok;
|
||||
-
|
||||
static __init int machine_keyring_init(void)
|
||||
{
|
||||
int rc;
|
||||
@@ -61,17 +59,3 @@ static __init bool uefi_check_trust_mok_keys(void)
|
||||
|
||||
return false;
|
||||
}
|
||||
-
|
||||
-bool __init trust_moklist(void)
|
||||
-{
|
||||
- static bool initialized;
|
||||
-
|
||||
- if (!initialized) {
|
||||
- initialized = true;
|
||||
-
|
||||
- if (uefi_check_trust_mok_keys())
|
||||
- trust_mok = true;
|
||||
- }
|
||||
-
|
||||
- return trust_mok;
|
||||
-}
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -1,59 +0,0 @@
|
|||
From 8459746f889d72794c164d18423344686267a451 Mon Sep 17 00:00:00 2001
|
||||
From: Tony Lindgren <tony@atomide.com>
|
||||
Date: Thu, 5 Oct 2023 10:56:42 +0300
|
||||
Subject: [PATCH] serial: core: Fix checks for tx runtime PM state
|
||||
|
||||
commit 81a61051e0ce5fd7e09225c0d5985da08c7954a7 upstream.
|
||||
|
||||
Maximilian reported that surface_serial_hub serdev tx does not work during
|
||||
system suspend. During system suspend, runtime PM gets disabled in
|
||||
__device_suspend_late(), and tx is unable to wake-up the serial core port
|
||||
device that we use to check if tx is safe to start. Johan summarized the
|
||||
regression noting that serdev tx no longer always works as earlier when the
|
||||
serdev device is runtime PM active.
|
||||
|
||||
The serdev device and the serial core controller devices are siblings of
|
||||
the serial port hardware device. The runtime PM usage count from serdev
|
||||
device does not propagate to the serial core device siblings, it only
|
||||
propagates to the parent.
|
||||
|
||||
In addition to the tx issue for suspend, testing for the serial core port
|
||||
device can cause an unnecessary delay in enabling tx while waiting for the
|
||||
serial core port device to wake-up. The serial core port device wake-up is
|
||||
only needed to flush pending tx when the serial port hardware device was
|
||||
in runtime PM suspended state.
|
||||
|
||||
To fix the regression, we need to check the runtime PM state of the parent
|
||||
serial port hardware device for tx instead of the serial core port device.
|
||||
|
||||
As the serial port device drivers may or may not implement runtime PM, we
|
||||
need to also add a check for pm_runtime_enabled().
|
||||
|
||||
Reported-by: Maximilian Luz <luzmaximilian@gmail.com>
|
||||
Cc: stable <stable@kernel.org>
|
||||
Fixes: 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM")
|
||||
Signed-off-by: Tony Lindgren <tony@atomide.com>
|
||||
Tested-by: Maximilian Luz <luzmaximilian@gmail.com>
|
||||
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
|
||||
Link: https://lore.kernel.org/r/20231005075644.25936-1-tony@atomide.com
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
---
|
||||
drivers/tty/serial/serial_core.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
|
||||
index bf63a045fdc8..83c419ac78bc 100644
|
||||
--- a/drivers/tty/serial/serial_core.c
|
||||
+++ b/drivers/tty/serial/serial_core.c
|
||||
@@ -157,7 +157,7 @@ static void __uart_start(struct tty_struct *tty)
|
||||
* enabled, serial_port_runtime_resume() calls start_tx() again
|
||||
* after enabling the device.
|
||||
*/
|
||||
- if (pm_runtime_active(&port_dev->dev))
|
||||
+ if (!pm_runtime_enabled(port->dev) || pm_runtime_active(port->dev))
|
||||
port->ops->start_tx(port);
|
||||
pm_runtime_mark_last_busy(&port_dev->dev);
|
||||
pm_runtime_put_autosuspend(&port_dev->dev);
|
||||
--
|
||||
2.42.0
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 9917ce49cb4e0d91977f11ce5b04b15856a0d82c Mon Sep 17 00:00:00 2001
|
||||
From 2802d75f2b216a35c6a976c0064fcc0e20d82e4b Mon Sep 17 00:00:00 2001
|
||||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 22 Jun 2018 17:27:00 +0100
|
||||
Subject: [PATCH 2/2] android: Enable building ashmem and binder as modules
|
||||
|
@ -26,7 +26,7 @@ Consequently, the ashmem part of this patch has been removed.
|
|||
3 files changed, 6 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig
|
||||
index 07aa8ae0a058..94a3a86f9bd4 100644
|
||||
index 07aa8ae0a058c..94a3a86f9bd4f 100644
|
||||
--- a/drivers/android/Kconfig
|
||||
+++ b/drivers/android/Kconfig
|
||||
@@ -2,7 +2,7 @@
|
||||
|
@ -39,7 +39,7 @@ index 07aa8ae0a058..94a3a86f9bd4 100644
|
|||
default n
|
||||
help
|
||||
diff --git a/drivers/android/Makefile b/drivers/android/Makefile
|
||||
index c9d3d0c99c25..55411d9a9c2a 100644
|
||||
index c9d3d0c99c257..55411d9a9c2a1 100644
|
||||
--- a/drivers/android/Makefile
|
||||
+++ b/drivers/android/Makefile
|
||||
@@ -1,6 +1,7 @@
|
||||
|
@ -54,7 +54,7 @@ index c9d3d0c99c25..55411d9a9c2a 100644
|
|||
+binder_linux-$(CONFIG_ANDROID_BINDERFS) += binderfs.o
|
||||
+binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
|
||||
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
|
||||
index 662a2a2e2e84..98fcbb0c8325 100644
|
||||
index e3db8297095a2..eef695eff0025 100644
|
||||
--- a/drivers/android/binder_alloc.c
|
||||
+++ b/drivers/android/binder_alloc.c
|
||||
@@ -38,7 +38,7 @@ enum {
|
||||
|
@ -67,5 +67,5 @@ index 662a2a2e2e84..98fcbb0c8325 100644
|
|||
|
||||
#define binder_alloc_debug(mask, x...) \
|
||||
--
|
||||
2.41.0
|
||||
2.42.1
|
||||
|
||||
|
|
Loading…
Reference in a new issue