Update Debian-specific patches
This commit is contained in:
parent
1f6993644f
commit
678d15cdb5
|
@ -1,4 +1,4 @@
|
||||||
From deb1109883e7a969c1532e10efdb2c55d64f4b9c Mon Sep 17 00:00:00 2001
|
From 43a7e8759162fa25aea203ce732f177bc6f15cdb Mon Sep 17 00:00:00 2001
|
||||||
From: Dorian Stoll <dorian.stoll@tmsp.io>
|
From: Dorian Stoll <dorian.stoll@tmsp.io>
|
||||||
Date: Sun, 22 Sep 2019 22:44:16 +0200
|
Date: Sun, 22 Sep 2019 22:44:16 +0200
|
||||||
Subject: [PATCH] Add secureboot pre-signing to the kernel
|
Subject: [PATCH] Add secureboot pre-signing to the kernel
|
||||||
|
@ -21,10 +21,10 @@ Signed-off-by: Dorian Stoll <dorian.stoll@tmsp.io>
|
||||||
create mode 100755 scripts/sign_kernel.sh
|
create mode 100755 scripts/sign_kernel.sh
|
||||||
|
|
||||||
diff --git a/.gitignore b/.gitignore
|
diff --git a/.gitignore b/.gitignore
|
||||||
index 70ec6037fa7a..9097532c1a1a 100644
|
index 7f86e0837909..04aaae490610 100644
|
||||||
--- a/.gitignore
|
--- a/.gitignore
|
||||||
+++ b/.gitignore
|
+++ b/.gitignore
|
||||||
@@ -151,6 +151,9 @@ signing_key.priv
|
@@ -152,6 +152,9 @@ signing_key.priv
|
||||||
signing_key.x509
|
signing_key.x509
|
||||||
x509.genkey
|
x509.genkey
|
||||||
|
|
||||||
|
@ -35,7 +35,7 @@ index 70ec6037fa7a..9097532c1a1a 100644
|
||||||
/all.config
|
/all.config
|
||||||
/alldef.config
|
/alldef.config
|
||||||
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
|
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
|
||||||
index b39975977c03..30adea5508d6 100644
|
index fdc2e3abd615..c7a374c7ceaf 100644
|
||||||
--- a/arch/x86/Makefile
|
--- a/arch/x86/Makefile
|
||||||
+++ b/arch/x86/Makefile
|
+++ b/arch/x86/Makefile
|
||||||
@@ -283,6 +283,7 @@ endif
|
@@ -283,6 +283,7 @@ endif
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
From 2cd850987436405547384feb707200c7dad4a675 Mon Sep 17 00:00:00 2001
|
From be7a0019f698b236692d06f6beff99d44f3802b5 Mon Sep 17 00:00:00 2001
|
||||||
From: Ben Hutchings <ben@decadent.org.uk>
|
From: Ben Hutchings <ben@decadent.org.uk>
|
||||||
Date: Mon, 7 Sep 2020 02:51:53 +0100
|
Date: Mon, 7 Sep 2020 02:51:53 +0100
|
||||||
Subject: [PATCH 1/2] Export symbols needed by Android drivers
|
Subject: [PATCH 1/2] Export symbols needed by Android drivers
|
||||||
|
@ -20,7 +20,7 @@ Export the currently un-exported symbols they depend on.
|
||||||
7 files changed, 10 insertions(+)
|
7 files changed, 10 insertions(+)
|
||||||
|
|
||||||
diff --git a/fs/file.c b/fs/file.c
|
diff --git a/fs/file.c b/fs/file.c
|
||||||
index 7893ea161d770..066f90a4f572f 100644
|
index 7893ea161d77..066f90a4f572 100644
|
||||||
--- a/fs/file.c
|
--- a/fs/file.c
|
||||||
+++ b/fs/file.c
|
+++ b/fs/file.c
|
||||||
@@ -814,6 +814,7 @@ struct file *close_fd_get_file(unsigned int fd)
|
@@ -814,6 +814,7 @@ struct file *close_fd_get_file(unsigned int fd)
|
||||||
|
@ -32,10 +32,10 @@ index 7893ea161d770..066f90a4f572f 100644
|
||||||
void do_close_on_exec(struct files_struct *files)
|
void do_close_on_exec(struct files_struct *files)
|
||||||
{
|
{
|
||||||
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
|
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
|
||||||
index 0d18c3969f904..d1e20b1aad9c3 100644
|
index a68d1276bab0..5e5adf3f4f49 100644
|
||||||
--- a/kernel/sched/core.c
|
--- a/kernel/sched/core.c
|
||||||
+++ b/kernel/sched/core.c
|
+++ b/kernel/sched/core.c
|
||||||
@@ -7183,6 +7183,7 @@ static bool is_nice_reduction(const struct task_struct *p, const int nice)
|
@@ -7227,6 +7227,7 @@ static bool is_nice_reduction(const struct task_struct *p, const int nice)
|
||||||
|
|
||||||
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE));
|
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE));
|
||||||
}
|
}
|
||||||
|
@ -44,7 +44,7 @@ index 0d18c3969f904..d1e20b1aad9c3 100644
|
||||||
/*
|
/*
|
||||||
* can_nice - check if a task can reduce its nice value
|
* can_nice - check if a task can reduce its nice value
|
||||||
diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c
|
diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c
|
||||||
index 133b74730738b..a2a3381ede737 100644
|
index 133b74730738..a2a3381ede73 100644
|
||||||
--- a/kernel/sched/wait.c
|
--- a/kernel/sched/wait.c
|
||||||
+++ b/kernel/sched/wait.c
|
+++ b/kernel/sched/wait.c
|
||||||
@@ -247,6 +247,7 @@ void __wake_up_pollfree(struct wait_queue_head *wq_head)
|
@@ -247,6 +247,7 @@ void __wake_up_pollfree(struct wait_queue_head *wq_head)
|
||||||
|
@ -56,7 +56,7 @@ index 133b74730738b..a2a3381ede737 100644
|
||||||
/*
|
/*
|
||||||
* Note: we use "set_current_state()" _after_ the wait-queue add,
|
* Note: we use "set_current_state()" _after_ the wait-queue add,
|
||||||
diff --git a/kernel/task_work.c b/kernel/task_work.c
|
diff --git a/kernel/task_work.c b/kernel/task_work.c
|
||||||
index 065e1ef8fc8d7..7d06ea82a53e4 100644
|
index 065e1ef8fc8d..7d06ea82a53e 100644
|
||||||
--- a/kernel/task_work.c
|
--- a/kernel/task_work.c
|
||||||
+++ b/kernel/task_work.c
|
+++ b/kernel/task_work.c
|
||||||
@@ -73,6 +73,7 @@ int task_work_add(struct task_struct *task, struct callback_head *work,
|
@@ -73,6 +73,7 @@ int task_work_add(struct task_struct *task, struct callback_head *work,
|
||||||
|
@ -68,10 +68,10 @@ index 065e1ef8fc8d7..7d06ea82a53e4 100644
|
||||||
/**
|
/**
|
||||||
* task_work_cancel_match - cancel a pending work added by task_work_add()
|
* task_work_cancel_match - cancel a pending work added by task_work_add()
|
||||||
diff --git a/mm/memory.c b/mm/memory.c
|
diff --git a/mm/memory.c b/mm/memory.c
|
||||||
index 01a23ad48a042..8762b48854243 100644
|
index 5ce82a76201d..c20d92584f25 100644
|
||||||
--- a/mm/memory.c
|
--- a/mm/memory.c
|
||||||
+++ b/mm/memory.c
|
+++ b/mm/memory.c
|
||||||
@@ -1728,6 +1728,7 @@ void zap_page_range_single(struct vm_area_struct *vma, unsigned long address,
|
@@ -1755,6 +1755,7 @@ void zap_page_range_single(struct vm_area_struct *vma, unsigned long address,
|
||||||
mmu_notifier_invalidate_range_end(&range);
|
mmu_notifier_invalidate_range_end(&range);
|
||||||
tlb_finish_mmu(&tlb);
|
tlb_finish_mmu(&tlb);
|
||||||
}
|
}
|
||||||
|
@ -80,10 +80,10 @@ index 01a23ad48a042..8762b48854243 100644
|
||||||
/**
|
/**
|
||||||
* zap_vma_ptes - remove ptes mapping the vma
|
* zap_vma_ptes - remove ptes mapping the vma
|
||||||
diff --git a/mm/shmem.c b/mm/shmem.c
|
diff --git a/mm/shmem.c b/mm/shmem.c
|
||||||
index 448f393d8ab2b..b14ac0867f27d 100644
|
index e40a08c5c6d7..3082bd4dfd52 100644
|
||||||
--- a/mm/shmem.c
|
--- a/mm/shmem.c
|
||||||
+++ b/mm/shmem.c
|
+++ b/mm/shmem.c
|
||||||
@@ -4318,6 +4318,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
|
@@ -4351,6 +4351,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -92,38 +92,41 @@ index 448f393d8ab2b..b14ac0867f27d 100644
|
||||||
/**
|
/**
|
||||||
* shmem_read_folio_gfp - read into page cache, using specified page allocation flags.
|
* shmem_read_folio_gfp - read into page cache, using specified page allocation flags.
|
||||||
diff --git a/security/security.c b/security/security.c
|
diff --git a/security/security.c b/security/security.c
|
||||||
index cf6cc576736f3..5401a0c5a1472 100644
|
index d5ff7ff45b77..79cc02ff5971 100644
|
||||||
--- a/security/security.c
|
--- a/security/security.c
|
||||||
+++ b/security/security.c
|
+++ b/security/security.c
|
||||||
@@ -782,24 +782,28 @@ int security_binder_set_context_mgr(const struct cred *mgr)
|
@@ -798,6 +798,7 @@ int security_binder_set_context_mgr(const struct cred *mgr)
|
||||||
{
|
{
|
||||||
return call_int_hook(binder_set_context_mgr, 0, mgr);
|
return call_int_hook(binder_set_context_mgr, 0, mgr);
|
||||||
}
|
}
|
||||||
+EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
|
+EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
|
||||||
|
|
||||||
int security_binder_transaction(const struct cred *from,
|
/**
|
||||||
const struct cred *to)
|
* security_binder_transaction() - Check if a binder transaction is allowed
|
||||||
|
@@ -813,6 +814,7 @@ int security_binder_transaction(const struct cred *from,
|
||||||
{
|
{
|
||||||
return call_int_hook(binder_transaction, 0, from, to);
|
return call_int_hook(binder_transaction, 0, from, to);
|
||||||
}
|
}
|
||||||
+EXPORT_SYMBOL_GPL(security_binder_transaction);
|
+EXPORT_SYMBOL_GPL(security_binder_transaction);
|
||||||
|
|
||||||
int security_binder_transfer_binder(const struct cred *from,
|
/**
|
||||||
const struct cred *to)
|
* security_binder_transfer_binder() - Check if a binder transfer is allowed
|
||||||
|
@@ -828,6 +830,7 @@ int security_binder_transfer_binder(const struct cred *from,
|
||||||
{
|
{
|
||||||
return call_int_hook(binder_transfer_binder, 0, from, to);
|
return call_int_hook(binder_transfer_binder, 0, from, to);
|
||||||
}
|
}
|
||||||
+EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
|
+EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
|
||||||
|
|
||||||
int security_binder_transfer_file(const struct cred *from,
|
/**
|
||||||
const struct cred *to, struct file *file)
|
* security_binder_transfer_file() - Check if a binder file xfer is allowed
|
||||||
|
@@ -844,6 +847,7 @@ int security_binder_transfer_file(const struct cred *from,
|
||||||
{
|
{
|
||||||
return call_int_hook(binder_transfer_file, 0, from, to, file);
|
return call_int_hook(binder_transfer_file, 0, from, to, file);
|
||||||
}
|
}
|
||||||
+EXPORT_SYMBOL_GPL(security_binder_transfer_file);
|
+EXPORT_SYMBOL_GPL(security_binder_transfer_file);
|
||||||
|
|
||||||
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
|
/**
|
||||||
{
|
* security_ptrace_access_check() - Check if tracing is allowed
|
||||||
--
|
--
|
||||||
2.40.1
|
2.41.0
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
From e79c4bebdeeb42325394c95fa13f36042f9a34fa Mon Sep 17 00:00:00 2001
|
From 9564bb04930ddcffa8b859ccf48ca40767ec8da4 Mon Sep 17 00:00:00 2001
|
||||||
From: Maximilian Luz <luzmaximilian@gmail.com>
|
From: Maximilian Luz <luzmaximilian@gmail.com>
|
||||||
Date: Fri, 26 Aug 2022 21:24:36 +0200
|
Date: Fri, 26 Aug 2022 21:24:36 +0200
|
||||||
Subject: [PATCH] Revert "integrity: Only use machine keyring when
|
Subject: [PATCH] Revert "integrity: Only use machine keyring when
|
||||||
|
@ -22,7 +22,7 @@ See https://github.com/linux-surface/linux-surface/issues/906.
|
||||||
4 files changed, 2 insertions(+), 23 deletions(-)
|
4 files changed, 2 insertions(+), 23 deletions(-)
|
||||||
|
|
||||||
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
|
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
|
||||||
index f2193c531f4a4..4a1d0bb2ffd42 100644
|
index 6f31ffe23c48..590cd07b804b 100644
|
||||||
--- a/security/integrity/digsig.c
|
--- a/security/integrity/digsig.c
|
||||||
+++ b/security/integrity/digsig.c
|
+++ b/security/integrity/digsig.c
|
||||||
@@ -113,7 +113,7 @@ static int __init __integrity_init_keyring(const unsigned int id,
|
@@ -113,7 +113,7 @@ static int __init __integrity_init_keyring(const unsigned int id,
|
||||||
|
@ -35,7 +35,7 @@ index f2193c531f4a4..4a1d0bb2ffd42 100644
|
||||||
if (id == INTEGRITY_KEYRING_IMA)
|
if (id == INTEGRITY_KEYRING_IMA)
|
||||||
load_module_cert(keyring[id]);
|
load_module_cert(keyring[id]);
|
||||||
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
|
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
|
||||||
index 7167a6e99bdc0..1dbb494c86c07 100644
|
index 7167a6e99bdc..1dbb494c86c0 100644
|
||||||
--- a/security/integrity/integrity.h
|
--- a/security/integrity/integrity.h
|
||||||
+++ b/security/integrity/integrity.h
|
+++ b/security/integrity/integrity.h
|
||||||
@@ -320,14 +320,9 @@ static inline void __init add_to_platform_keyring(const char *source,
|
@@ -320,14 +320,9 @@ static inline void __init add_to_platform_keyring(const char *source,
|
||||||
|
@ -54,7 +54,7 @@ index 7167a6e99bdc0..1dbb494c86c07 100644
|
||||||
-}
|
-}
|
||||||
#endif
|
#endif
|
||||||
diff --git a/security/integrity/platform_certs/keyring_handler.c b/security/integrity/platform_certs/keyring_handler.c
|
diff --git a/security/integrity/platform_certs/keyring_handler.c b/security/integrity/platform_certs/keyring_handler.c
|
||||||
index 8a1124e4d7696..b22e0125a4833 100644
|
index 8a1124e4d769..b22e0125a483 100644
|
||||||
--- a/security/integrity/platform_certs/keyring_handler.c
|
--- a/security/integrity/platform_certs/keyring_handler.c
|
||||||
+++ b/security/integrity/platform_certs/keyring_handler.c
|
+++ b/security/integrity/platform_certs/keyring_handler.c
|
||||||
@@ -61,7 +61,7 @@ __init efi_element_handler_t get_handler_for_db(const efi_guid_t *sig_type)
|
@@ -61,7 +61,7 @@ __init efi_element_handler_t get_handler_for_db(const efi_guid_t *sig_type)
|
||||||
|
@ -67,7 +67,7 @@ index 8a1124e4d7696..b22e0125a4833 100644
|
||||||
else
|
else
|
||||||
return add_to_platform_keyring;
|
return add_to_platform_keyring;
|
||||||
diff --git a/security/integrity/platform_certs/machine_keyring.c b/security/integrity/platform_certs/machine_keyring.c
|
diff --git a/security/integrity/platform_certs/machine_keyring.c b/security/integrity/platform_certs/machine_keyring.c
|
||||||
index 7aaed7950b6e3..09fd8f20c7560 100644
|
index 7aaed7950b6e..09fd8f20c756 100644
|
||||||
--- a/security/integrity/platform_certs/machine_keyring.c
|
--- a/security/integrity/platform_certs/machine_keyring.c
|
||||||
+++ b/security/integrity/platform_certs/machine_keyring.c
|
+++ b/security/integrity/platform_certs/machine_keyring.c
|
||||||
@@ -8,8 +8,6 @@
|
@@ -8,8 +8,6 @@
|
||||||
|
@ -98,5 +98,5 @@ index 7aaed7950b6e3..09fd8f20c7560 100644
|
||||||
- return trust_mok;
|
- return trust_mok;
|
||||||
-}
|
-}
|
||||||
--
|
--
|
||||||
2.40.1
|
2.41.0
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
From bcc03c72770a9602dcf6afe560346ef02ae84e1e Mon Sep 17 00:00:00 2001
|
From 9917ce49cb4e0d91977f11ce5b04b15856a0d82c Mon Sep 17 00:00:00 2001
|
||||||
From: Ben Hutchings <ben@decadent.org.uk>
|
From: Ben Hutchings <ben@decadent.org.uk>
|
||||||
Date: Fri, 22 Jun 2018 17:27:00 +0100
|
Date: Fri, 22 Jun 2018 17:27:00 +0100
|
||||||
Subject: [PATCH 2/2] android: Enable building ashmem and binder as modules
|
Subject: [PATCH 2/2] android: Enable building ashmem and binder as modules
|
||||||
|
@ -26,7 +26,7 @@ Consequently, the ashmem part of this patch has been removed.
|
||||||
3 files changed, 6 insertions(+), 5 deletions(-)
|
3 files changed, 6 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig
|
diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig
|
||||||
index 07aa8ae0a058c..94a3a86f9bd4f 100644
|
index 07aa8ae0a058..94a3a86f9bd4 100644
|
||||||
--- a/drivers/android/Kconfig
|
--- a/drivers/android/Kconfig
|
||||||
+++ b/drivers/android/Kconfig
|
+++ b/drivers/android/Kconfig
|
||||||
@@ -2,7 +2,7 @@
|
@@ -2,7 +2,7 @@
|
||||||
|
@ -39,7 +39,7 @@ index 07aa8ae0a058c..94a3a86f9bd4f 100644
|
||||||
default n
|
default n
|
||||||
help
|
help
|
||||||
diff --git a/drivers/android/Makefile b/drivers/android/Makefile
|
diff --git a/drivers/android/Makefile b/drivers/android/Makefile
|
||||||
index c9d3d0c99c257..55411d9a9c2a1 100644
|
index c9d3d0c99c25..55411d9a9c2a 100644
|
||||||
--- a/drivers/android/Makefile
|
--- a/drivers/android/Makefile
|
||||||
+++ b/drivers/android/Makefile
|
+++ b/drivers/android/Makefile
|
||||||
@@ -1,6 +1,7 @@
|
@@ -1,6 +1,7 @@
|
||||||
|
@ -54,7 +54,7 @@ index c9d3d0c99c257..55411d9a9c2a1 100644
|
||||||
+binder_linux-$(CONFIG_ANDROID_BINDERFS) += binderfs.o
|
+binder_linux-$(CONFIG_ANDROID_BINDERFS) += binderfs.o
|
||||||
+binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
|
+binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
|
||||||
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
|
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
|
||||||
index 55a3c3c2409f0..7014ec2f212b5 100644
|
index 662a2a2e2e84..98fcbb0c8325 100644
|
||||||
--- a/drivers/android/binder_alloc.c
|
--- a/drivers/android/binder_alloc.c
|
||||||
+++ b/drivers/android/binder_alloc.c
|
+++ b/drivers/android/binder_alloc.c
|
||||||
@@ -38,7 +38,7 @@ enum {
|
@@ -38,7 +38,7 @@ enum {
|
||||||
|
@ -67,5 +67,5 @@ index 55a3c3c2409f0..7014ec2f212b5 100644
|
||||||
|
|
||||||
#define binder_alloc_debug(mask, x...) \
|
#define binder_alloc_debug(mask, x...) \
|
||||||
--
|
--
|
||||||
2.40.1
|
2.41.0
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue