- 06 Apr, 2016 40 commits
-
-
Mathias Nyman authored
BugLink: http://bugs.launchpad.net/bugs/1519623Signed-off-by:
Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 9508e3b7) Signed-off-by:
Tim Gardner <tim.gardner@canonical.com>
-
Mathias Nyman authored
BugLink: http://bugs.launchpad.net/bugs/1519623 The same way as SuperSpeed devices show "5000" as device speed we wan't to show "10000" as the default speed for SuperSpeedPlus devices in sysfs. Signed-off-by:
-
Mathias Nyman authored
BugLink: http://bugs.launchpad.net/bugs/1519623 A hcd roothub that supports HCD_USB31 is running at SuperSpeedPlus speed Signed-off-by:
-
Mathias Nyman authored
BugLink: http://bugs.launchpad.net/bugs/1519623 Add a new USB_SPEED_SUPER_PLUS device speed, and make sure usb core can handle the new speed. In most cases the behaviour is the same as with USB_SPEED_SUPER SuperSpeed devices. In a few places we add a "Plus" string to inform the user of the new speed. Signed-off-by:
-
Tyler Hicks authored
When header files in security/apparmor/includes/ pull in other header files in that directory, they should only include the file name. This fixes a build failure reported by Tycho when using `make bindeb-pkg` to build the Ubuntu kernel tree but, confusingly, isn't seen when building with `fakeroot debian/rules binary-generic`. Signed-off-by:
Tyler Hicks <tyhicks@canonical.com> Reported-by:
Tycho Andersen <tycho.andersen@canonical.com> Cc: John Johansen <john.johansen@canonical.com> Signed-off-by:
-
Harald Freudenberger authored
BugLink: http://bugs.launchpad.net/bugs/1558275 When the prng device driver calls misc_register() there is the possibility to also provide the recommented file permissions. This fix now gives useful values (0644) where previously just the default was used (resulting in 0600 for the device file). Signed-off-by:
Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by:
Martin Schwidefsky <schwidefsky@de.ibm.com> (cherry picked from commit 74b2375e) Signed-off-by:
-
Hui Wang authored
BugLink: http://bugs.launchpad.net/bugs/1564712 The front mic jack (pink color) can't detect any plug or unplug. After applying this fix, both detecting function and recording function work well. BugLink: https://bugs.launchpad.net/bugs/1564712 Cc: stable@vger.kernel.org Signed-off-by:
Hui Wang <hui.wang@canonical.com> Signed-off-by:
Takashi Iwai <tiwai@suse.de> (back ported from commit e549d190) Signed-off-by:
-
Takashi Iwai authored
BugLink: http://bugs.launchpad.net/bugs/1556228 Just like CX20722, CX7024 codec also requires the power down at reboot in order to reduce the noise at reboot/shutdown. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=113511 Cc: <stable@vger.kernel.org> Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1565765Signed-off-by:
-
Josh Boyer authored
BugLink: http://bugs.launchpad.net/bugs/1566221 There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it in a secure modules environment. Signed-off-by:
Josh Boyer <jwboyer@fedoraproject.org> Signed-off-by:
-
Josh Boyer authored
BugLink: http://bugs.launchpad.net/bugs/1566221 UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit for use with efi_enabled. Signed-off-by:
-
Josh Boyer authored
BugLink: http://bugs.launchpad.net/bugs/1566221 The functionality of the config option is dependent upon the platform being UEFI based. Reflect this in the config deps. Signed-off-by:
-
Matthew Garrett authored
BugLink: http://bugs.launchpad.net/bugs/1566221 UEFI Secure Boot provides a mechanism for ensuring that the firmware will only load signed bootloaders and kernels. Certain use cases may also require that all kernel modules also be signed. Add a configuration option that enforces this automatically when enabled. Signed-off-by:
Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1566221 Defer enforcing signed module loading, but other secure boot checks are still valid. Signed-off-by:
-
Matthew Garrett authored
BugLink: http://bugs.launchpad.net/bugs/1566221 Writing to MSRs should not be allowed if module loading is restricted, since it could lead to execution of arbitrary code in kernel mode. Based on a patch by Kees Cook. Cc: Kees Cook <keescook@chromium.org> Signed-off-by:
-
Matthew Garrett authored
BugLink: http://bugs.launchpad.net/bugs/1566221 kexec permits the loading and execution of arbitrary code in ring 0, which is something that module signing enforcement is meant to prevent. It makes sense to disable kexec in this situation. Signed-off-by:
-
Josh Boyer authored
BugLink: http://bugs.launchpad.net/bugs/1566221 This option allows userspace to pass the RSDP address to the kernel, which makes it possible for a user to circumvent any restrictions imposed on loading modules. Disable it in that case. Signed-off-by:
Josh Boyer <jwboyer@redhat.com> Signed-off-by:
-
Matthew Garrett authored
BugLink: http://bugs.launchpad.net/bugs/1566221 Allowing users to write to address space makes it possible for the kernel to be subverted, avoiding module loading restrictions. Prevent this when any restrictions have been imposed on loading modules. Signed-off-by:
-
Matthew Garrett authored
BugLink: http://bugs.launchpad.net/bugs/1566221 We have no way of validating what all of the Asus WMI methods do on a given machine, and there's a risk that some will allow hardware state to be manipulated in such a way that arbitrary code can be executed in the kernel, circumventing module loading restrictions. Prevent that if any of these features are enabled. Signed-off-by:
-
Matthew Garrett authored
BugLink: http://bugs.launchpad.net/bugs/1566221 custom_method effectively allows arbitrary access to system memory, making it possible for an attacker to circumvent restrictions on module loading. Disable it if any such restrictions have been enabled. Signed-off-by:
-
Matthew Garrett authored
BugLink: http://bugs.launchpad.net/bugs/1566221 IO port access would permit users to gain access to PCI configuration registers, which in turn (on a lot of hardware) give access to MMIO register space. This would potentially permit root to trigger arbitrary DMA, so lock it down by default. Signed-off-by:
-
Matthew Garrett authored
BugLink: http://bugs.launchpad.net/bugs/1566221 Any hardware that can potentially generate DMA has to be locked down from userspace in order to avoid it being possible for an attacker to modify kernel code, allowing them to circumvent disabled module loading or module signing. Default to paranoid - in future we can potentially relax this for sufficiently IOMMU-isolated devices. Signed-off-by:
-
Matthew Garrett authored
BugLink: http://bugs.launchpad.net/bugs/1566221 Provide a single call to allow kernel code to determine whether the system has been configured to either disable module loading entirely or to load only modules signed with a trusted key. Bugzilla: N/A Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd Signed-off-by:
-
Andy Whitcroft authored
Signed-off-by:Andy Whitcroft <apw@canonical.com>
-
Jake Oshins authored
BugLink: http://bugs.launchpad.net/bugs/1565967 Add a new driver which exposes a root PCI bus whenever a PCI Express device is passed through to a guest VM under Hyper-V. The device can be single- or multi-function. The interrupts for the devices are managed by an IRQ domain, implemented within the driver. [bhelgaas: fold in race condition fix (http://lkml.kernel.org/r/1456340196-13717-1-git-send-email-jakeo@microsoft.com)] Signed-off-by:
Jake Oshins <jakeo@microsoft.com> Signed-off-by:
Bjorn Helgaas <bhelgaas@google.com> (cherry picked from commit 4daace0d) Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1565967Signed-off-by:
-
Jake Oshins authored
BugLink: http://bugs.launchpad.net/bugs/1565967 If pci_host_bridge_msi_domain() can't find an IRQ domain through the OF tree, try to look it up directly through the fwnode_handle. [bhelgaas: changelog] Signed-off-by:
-
Jake Oshins authored
BugLink: http://bugs.launchpad.net/bugs/1565967 Add an fwnode_handle to the x86 struct pci_sysdata, which will be used to locate an IRQ domain associated with a root PCI bus. [bhelgaas: changelog] Signed-off-by:
-
Srinivas Pandruvada authored
BugLink: http://bugs.launchpad.net/bugs/1559923 There are several reports of freeze on enabling HWP (Hardware PStates) feature on Skylake-based systems by the Intel P-states driver. The root cause is identified as the HWP interrupts causing BIOS code to freeze. HWP interrupts use the thermal LVT which can be handled by Linux natively, but on the affected Skylake-based systems SMM will respond to it by default. This is a problem for several reasons: - On the affected systems the SMM thermal LVT handler is broken (it will crash when invoked) and a BIOS update is necessary to fix it. - With thermal interrupt handled in SMM we lose all of the reporting features of the arch/x86/kernel/cpu/mcheck/therm_throt driver. - Some thermal drivers like x86-package-temp depend on the thermal threshold interrupts signaled via the thermal LVT. - The HWP interrupts are useful for debugging and tuning performance (if the kernel can handle them). The native handling of thermal interrupts needs to be enabled because of that. This requires some way to tell SMM that the OS can handle thermal interrupts. That can be done by using _OSC/_PDC in processor scope very early during ACPI initialization. The meaning of _OSC/_PDC bit 12 in processor scope is whether or not the OS supports native handling of interrupts for Collaborative Processor Performance Control (CPPC) notifications. Since on HWP-capable systems CPPC is a firmware interface to HWP, setting this bit effectively tells the firmware that the OS will handle thermal interrupts natively going forward. For details on _OSC/_PDC refer to: http://www.intel.com/content/www/us/en/standards/processor-vendor-specific-acpi-specification.html To implement the _OSC/_PDC handshake as described, introduce a new function, acpi_early_processor_osc(), that walks the ACPI namespace looking for ACPI processor objects and invokes _OSC for them with bit 12 in the capabilities buffer set and terminates the namespace walk on the first success. Also modify intel_thermal_interrupt() to clear HWP status bits in the HWP_STATUS MSR to acknowledge HWP interrupts (which prevents them from firing continuously). Signed-off-by:
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> [ rjw: Subject & changelog, function rename ] Signed-off-by:
Rafael J. Wysocki <rafael.j.wysocki@intel.com> (cherry picked from commit a2121167) Signed-off-by:
-
Colin Ian King authored
Fixes two issues: * Add support 32 bit FS_IOC32_{GET|SET}FLAGS compat ioctls for (powerpc64 big endian mode) * Fix aarch64 compilation, missing hrtime_t and timestruc_t types BugLink: http://bugs.launchpad.net/bugs/1564591Signed-off-by:Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Boqun Feng authored
BugLink: http://bugs.launchpad.net/bugs/1556096 Implement cmpxchg{,64}_relaxed and atomic{,64}_cmpxchg_relaxed, based on which _release variants can be built. To avoid superfluous barriers in _acquire variants, we implement these operations with assembly code rather use __atomic_op_acquire() to build them automatically. For the same reason, we keep the assembly implementation of fully ordered cmpxchg operations. However, we don't do the similar for _release, because that will require putting barriers in the middle of ll/sc loops, which is probably a bad idea. Note cmpxchg{,64}_relaxed and atomic{,64}_cmpxchg_relaxed are not compiler barriers. Signed-off-by:
Boqun Feng <boqun.feng@gmail.com> Signed-off-by:
Michael Ellerman <mpe@ellerman.id.au> (cherry picked from commit 56c08e6d) Signed-off-by:
-
Boqun Feng authored
BugLink: http://bugs.launchpad.net/bugs/1556096 Implement xchg{,64}_relaxed and atomic{,64}_xchg_relaxed, based on these _relaxed variants, release/acquire variants and fully ordered versions can be built. Note that xchg{,64}_relaxed and atomic_{,64}_xchg_relaxed are not compiler barriers. Signed-off-by:
-
Boqun Feng authored
BugLink: http://bugs.launchpad.net/bugs/1556096 On powerpc, acquire and release semantics can be achieved with lightweight barriers("lwsync" and "ctrl+isync"), which can be used to implement __atomic_op_{acquire,release}. For release semantics, since we only need to ensure all memory accesses that issue before must take effects before the -store- part of the atomics, "lwsync" is what we only need. On the platform without "lwsync", "sync" should be used. Therefore in __atomic_op_release() we use PPC_RELEASE_BARRIER. For acquire semantics, "lwsync" is what we only need for the similar reason. However on the platform without "lwsync", we can use "isync" rather than "sync" as an acquire barrier. Therefore in __atomic_op_acquire() we use PPC_ACQUIRE_BARRIER, which is barrier() on UP, "lwsync" if available and "isync" otherwise. Implement atomic{,64}_{add,sub,inc,dec}_return_relaxed, and build other variants with these helpers. Signed-off-by:
-
Boqun Feng authored
BugLink: http://bugs.launchpad.net/bugs/1556096 Some architectures may have their special barriers for acquire, release and fence semantics, so that general memory barriers(smp_mb__*_atomic()) in the default __atomic_op_*() may be too strong, so allow architectures to define their own helpers which can overwrite the default helpers. Signed-off-by:
-
David Leonard authored
Fixed invocation of dh_shlibdeps when cross-compiling with do_linux_tools=true. Without being told where to find the crossdev libs, dh_shlibdeps will emit these warnings and fail the linux-tools package: Debug: binary-acm7xxx ... dh_shlibdeps -plinux-headers-4.4.0-15-generic arm-linux-gnueabihf-objdump: .../asn1_compiler: File format not recognized arm-linux-gnueabihf-objdump: .../extract-cert: File format not recognized ... For example: archtriple=arm-linux-gnueabihf flavour=generic dpkg-architecture -t $archtriple -c fakeroot \ debian/rules \ binary-$flavour binary-perarch \ AUTOBUILD=true \ abi_suffix= \ do_linux_tools=true \ do_tools=true \ do_tools_usbip=false \ do_tools_cpupower=false \ do_tools_perf=true \ do_tools_x86=false Signed-off-by:David Leonard <david.leonard@opengear.com> Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1564206Signed-off-by:
-
Ming Lei authored
BugLink: http://bugs.launchpad.net/bugs/1546439 The initialization of partition's percpu_ref should have been done before sending out KOBJ_ADD, which may cause userspace to read partition table. This patch should fix this issue. Reported-by:
Naveen Kaje <nkaje@codeaurora.org> Fixes: 6c71013e(block: partition: convert percpu ref) Signed-off-by:
Ming Lei <ming.lei@canonical.com> Signed-off-by:
-
Serge Hallyn authored
BugLink: http://bugs.launchpad.net/bugs/1563921 our mountinfo output now shows 'nsroot='. If userspace like criu copy/pastes mount options from there into a new mount command, we should ignore it. Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Tested-by:
-
Tim Gardner authored
cking> so, all the ZFS tests on powerpc64 pass except one test, which is ioctl FS_IOC_GETFLAGS where the cmd is being barfed up somewhere in the ioctl 32/64 thunking. I've filed a bug upstream. Since that ioctl is not frequently used, I think we should enable powerpc64 and fix up the ioctl as a SRU later on. Signed-off-by: -
Haiyang Zhang authored
BugLink: http://bugs.launchpad.net/bugs/1563688 During hot add, vmbus_device_register() is called from vmbus_onoffer(), on the same workqueue as the subchannel offer message work-queue, so subchannel offer won't be processed until the vmbus_device_register()/... /netvsc_probe() is done. Also, vmbus_device_register() is called with channel_mutex locked, which prevents subchannel processing too. So the "waiting for sub-channel processing" will not success in hot add case. But, in usual module loading, the netvsc_probe() is called from different code path, and doesn't fail. This patch resolves the deadlock during NIC hot-add, and speeds up NIC loading time. Signed-off-by:
Haiyang Zhang <haiyangz@microsoft.com> Reviewed-by:
K. Y. Srinivasan <kys@microsoft.com> Signed-off-by:
David S. Miller <davem@davemloft.net> (cherry picked from commit d66ab514) Signed-off-by:
-
