[linux] 01/01: Update to 4.14-rc2
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Oct 1 19:26:27 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch master
in repository linux.
commit 6c9c81696618874465c51db0019195a501e4910e
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun Oct 1 20:26:01 2017 +0100
Update to 4.14-rc2
aufs: Update support patchset to aufs4.x-rcN-20171002
---
debian/changelog | 9 ++
...nable-auto-loading-when-built-as-a-module.patch | 23 -----
.../bugfix/all/disable-some-marvell-phys.patch | 22 ++---
...-the-required-netlink-attributes-presence.patch | 36 -------
...-aty-do-not-leak-uninitialized-padding-in.patch | 30 ------
...re-symbol-versions-for-symbols-exported-f.patch | 39 --------
...don-t-allow-l2-to-access-the-hardware-cr8.patch | 34 -------
...vmx-do-not-bug-on-out-of-bounds-guest-irq.patch | 52 -----------
...-build-fix-libunwind-feature-detection-on.patch | 4 +-
...on-t-warn-about-expected-w+x-pages-on-xen.patch | 6 +-
...about-raid5-6-being-experimental-at-mount.patch | 4 +-
debian/patches/debian/dfsg/firmware-cleanup.patch | 34 -------
.../revert-gpu-host1x-add-iommu-support.patch | 27 +++---
debian/patches/debian/tools-perf-install.patch | 16 +++-
debian/patches/debian/tools-perf-version.patch | 10 +-
debian/patches/debian/version.patch | 18 ++--
debian/patches/features/all/aufs4/aufs4-base.patch | 84 ++++++++++++-----
debian/patches/features/all/aufs4/aufs4-mmap.patch | 64 ++++++-------
.../features/all/aufs4/aufs4-standalone.patch | 104 +++++++++++++--------
...lity-to-lock-down-access-to-the-running-k.patch | 23 ++---
...wn-the-kernel-if-booted-in-secure-boot-mo.patch | 8 +-
...d-a-sysrq-option-to-exit-secure-boot-mode.patch | 10 +-
...strict-debugfs-interface-when-the-kernel-.patch | 10 +-
.../all/lockdown/0060-Lock-down-TIOCSSERIAL.patch | 6 +-
...arvell-armada-37xx-Enable-uSD-on-ESPRESSO.patch | 71 --------------
debian/patches/series | 7 --
debian/patches/series-orig | 1 -
27 files changed, 240 insertions(+), 512 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 7d93840..560f604 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+linux (4.14~rc2-1~exp1) UNRELEASED; urgency=medium
+
+ * New upstream release candidate
+
+ [ Ben Hutchings ]
+ * aufs: Update support patchset to aufs4.x-rcN-20171002
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sun, 01 Oct 2017 19:34:09 +0100
+
linux (4.13.4-1) unstable; urgency=medium
* New upstream stable update:
diff --git a/debian/patches/bugfix/all/bfq-re-enable-auto-loading-when-built-as-a-module.patch b/debian/patches/bugfix/all/bfq-re-enable-auto-loading-when-built-as-a-module.patch
deleted file mode 100644
index 040f85b..0000000
--- a/debian/patches/bugfix/all/bfq-re-enable-auto-loading-when-built-as-a-module.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Sat, 12 Aug 2017 22:27:06 +0100
-Subject: bfq: Re-enable auto-loading when built as a module
-
-The block core requests modules with the "-iosched" name suffix, but
-bfq no longer has that suffix. Add an alias.
-
-Fixes: ea25da48086d ("block, bfq: split bfq-iosched.c into multiple ...")
-Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
----
- block/bfq-iosched.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/block/bfq-iosched.c
-+++ b/block/bfq-iosched.c
-@@ -4974,6 +4974,7 @@ static struct elevator_type iosched_bfq_
- .elevator_name = "bfq",
- .elevator_owner = THIS_MODULE,
- };
-+MODULE_ALIAS("bfq-iosched");
-
- static int __init bfq_init(void)
- {
diff --git a/debian/patches/bugfix/all/disable-some-marvell-phys.patch b/debian/patches/bugfix/all/disable-some-marvell-phys.patch
index 3c40fe1..8a42a65 100644
--- a/debian/patches/bugfix/all/disable-some-marvell-phys.patch
+++ b/debian/patches/bugfix/all/disable-some-marvell-phys.patch
@@ -16,25 +16,25 @@ correctness.
--- a/drivers/net/phy/marvell.c
+++ b/drivers/net/phy/marvell.c
-@@ -964,6 +964,7 @@ static int m88e1118_config_init(struct p
- return phy_write(phydev, MII_BMCR, BMCR_RESET);
+@@ -956,6 +956,7 @@ static int m88e1118_config_init(struct p
+ return genphy_soft_reset(phydev);
}
+#if 0
static int m88e1149_config_init(struct phy_device *phydev)
{
int err;
-@@ -989,7 +990,9 @@ static int m88e1149_config_init(struct p
+@@ -981,7 +982,9 @@ static int m88e1149_config_init(struct p
- return phy_write(phydev, MII_BMCR, BMCR_RESET);
+ return genphy_soft_reset(phydev);
}
+#endif
+#if 0
static int m88e1145_config_init_rgmii(struct phy_device *phydev)
{
- int err;
-@@ -1083,6 +1086,7 @@ static int m88e1145_config_init(struct p
+ int temp;
+@@ -1063,6 +1066,7 @@ static int m88e1145_config_init(struct p
return 0;
}
@@ -42,7 +42,7 @@ correctness.
/**
* fiber_lpa_to_ethtool_lpa_t
-@@ -2079,6 +2083,7 @@ static struct phy_driver marvell_drivers
+@@ -2059,6 +2063,7 @@ static struct phy_driver marvell_drivers
.get_strings = marvell_get_strings,
.get_stats = marvell_get_stats,
},
@@ -50,7 +50,7 @@ correctness.
{
.phy_id = MARVELL_PHY_ID_88E1145,
.phy_id_mask = MARVELL_PHY_ID_MASK,
-@@ -2097,6 +2102,8 @@ static struct phy_driver marvell_drivers
+@@ -2077,6 +2082,8 @@ static struct phy_driver marvell_drivers
.get_strings = marvell_get_strings,
.get_stats = marvell_get_stats,
},
@@ -59,7 +59,7 @@ correctness.
{
.phy_id = MARVELL_PHY_ID_88E1149R,
.phy_id_mask = MARVELL_PHY_ID_MASK,
-@@ -2115,6 +2122,8 @@ static struct phy_driver marvell_drivers
+@@ -2095,6 +2102,8 @@ static struct phy_driver marvell_drivers
.get_strings = marvell_get_strings,
.get_stats = marvell_get_stats,
},
@@ -68,7 +68,7 @@ correctness.
{
.phy_id = MARVELL_PHY_ID_88E1240,
.phy_id_mask = MARVELL_PHY_ID_MASK,
-@@ -2133,6 +2142,7 @@ static struct phy_driver marvell_drivers
+@@ -2113,6 +2122,7 @@ static struct phy_driver marvell_drivers
.get_strings = marvell_get_strings,
.get_stats = marvell_get_stats,
},
@@ -76,7 +76,7 @@ correctness.
{
.phy_id = MARVELL_PHY_ID_88E1116R,
.phy_id_mask = MARVELL_PHY_ID_MASK,
-@@ -2260,9 +2270,9 @@ static struct mdio_device_id __maybe_unu
+@@ -2240,9 +2250,9 @@ static struct mdio_device_id __maybe_unu
{ MARVELL_PHY_ID_88E1111, MARVELL_PHY_ID_MASK },
{ MARVELL_PHY_ID_88E1118, MARVELL_PHY_ID_MASK },
{ MARVELL_PHY_ID_88E1121R, MARVELL_PHY_ID_MASK },
diff --git a/debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch b/debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
deleted file mode 100644
index 6eab4bd..0000000
--- a/debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Vladis Dronov <vdronov at redhat.com>
-Date: Tue, 12 Sep 2017 22:21:21 +0000
-Subject: nl80211: check for the required netlink attributes presence
-Origin: https://marc.info/?l=linux-wireless&m=150525493517953&w=2
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-12153
-
-nl80211_set_rekey_data() does not check if the required attributes
-NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing
-NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by
-users with CAP_NET_ADMIN privilege and may result in NULL dereference
-and a system crash. Add a check for the required attributes presence.
-This patch is based on the patch by bo Zhang.
-
-This fixes CVE-2017-12153.
-
-References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046
-Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload")
-Cc: <stable at vger.kernel.org> # v3.1-rc1
-Reported-by: bo Zhang <zhangbo5891001 at gmail.com>
-Signed-off-by: Vladis Dronov <vdronov at redhat.com>
----
- net/wireless/nl80211.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/net/wireless/nl80211.c
-+++ b/net/wireless/nl80211.c
-@@ -10873,6 +10873,9 @@ static int nl80211_set_rekey_data(struct
- if (err)
- return err;
-
-+ if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
-+ !tb[NL80211_REKEY_DATA_KCK])
-+ return -EINVAL;
- if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
- return -ERANGE;
- if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
diff --git a/debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch b/debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
deleted file mode 100644
index 2d056c3..0000000
--- a/debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Vladis Dronov <vdronov at redhat.com>
-Date: Mon, 4 Sep 2017 16:00:50 +0200
-Subject: video: fbdev: aty: do not leak uninitialized padding in clk to
- userspace
-Origin: https://git.kernel.org/linus/8e75f7a7a00461ef6d91797a60b606367f6e344d
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14156
-
-'clk' is copied to a userland with padding byte(s) after 'vclk_post_div'
-field unitialized, leaking data from the stack. Fix this ensuring all of
-'clk' is initialized to zero.
-
-References: https://github.com/torvalds/linux/pull/441
-Reported-by: sohu0106 <sohu0106 at 126.com>
-Signed-off-by: Vladis Dronov <vdronov at redhat.com>
-Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie at samsung.com>
----
- drivers/video/fbdev/aty/atyfb_base.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/video/fbdev/aty/atyfb_base.c
-+++ b/drivers/video/fbdev/aty/atyfb_base.c
-@@ -1861,7 +1861,7 @@ static int atyfb_ioctl(struct fb_info *i
- #if defined(DEBUG) && defined(CONFIG_FB_ATY_CT)
- case ATYIO_CLKR:
- if (M64_HAS(INTEGRATED)) {
-- struct atyclk clk;
-+ struct atyclk clk = { 0 };
- union aty_pll *pll = &par->pll;
- u32 dsp_config = pll->ct.dsp_config;
- u32 dsp_on_off = pll->ct.dsp_on_off;
diff --git a/debian/patches/bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch b/debian/patches/bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch
deleted file mode 100644
index 7e6e0ac..0000000
--- a/debian/patches/bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Tue, 18 Jul 2017 23:44:25 +0100
-Subject: alpha: Restore symbol versions for symbols exported from assembly
-Forwarded: https://marc.info/?l=linux-alpha&m=150042247925108&w=2
-
-Add <asm/asm-prototypes.h> so that genksyms knows the types of
-these symbols and can generate CRCs for them.
-
-Fixes: 00fc0e0dda62 ("alpha: move exports to actual definitions")
-Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
----
- arch/alpha/include/asm/asm-prototypes.h | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
- create mode 100644 arch/alpha/include/asm/asm-prototypes.h
-
-diff --git a/arch/alpha/include/asm/asm-prototypes.h b/arch/alpha/include/asm/asm-prototypes.h
-new file mode 100644
-index 000000000000..d12c68ea340b
---- /dev/null
-+++ b/arch/alpha/include/asm/asm-prototypes.h
-@@ -0,0 +1,18 @@
-+#include <linux/spinlock.h>
-+
-+#include <asm/checksum.h>
-+#include <asm/console.h>
-+#include <asm/page.h>
-+#include <asm/string.h>
-+#include <asm/uaccess.h>
-+
-+#include <asm-generic/asm-prototypes.h>
-+
-+extern void __divl(void);
-+extern void __reml(void);
-+extern void __divq(void);
-+extern void __remq(void);
-+extern void __divlu(void);
-+extern void __remlu(void);
-+extern void __divqu(void);
-+extern void __remqu(void);
diff --git a/debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch b/debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
deleted file mode 100644
index f82767d..0000000
--- a/debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Jim Mattson <jmattson at google.com>
-Date: Tue, 12 Sep 2017 13:02:54 -0700
-Subject: kvm: nVMX: Don't allow L2 to access the hardware CR8
-Origin: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-12154
-
-If L1 does not specify the "use TPR shadow" VM-execution control in
-vmcs12, then L0 must specify the "CR8-load exiting" and "CR8-store
-exiting" VM-execution controls in vmcs02. Failure to do so will give
-the L2 VM unrestricted read/write access to the hardware CR8.
-
-This fixes CVE-2017-12154.
-
-Signed-off-by: Jim Mattson <jmattson at google.com>
-Reviewed-by: David Hildenbrand <david at redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
----
- arch/x86/kvm/vmx.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -10103,6 +10103,11 @@ static int prepare_vmcs02(struct kvm_vcp
- if (exec_control & CPU_BASED_TPR_SHADOW) {
- vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, -1ull);
- vmcs_write32(TPR_THRESHOLD, vmcs12->tpr_threshold);
-+ } else {
-+#ifdef CONFIG_X86_64
-+ exec_control |= CPU_BASED_CR8_LOAD_EXITING |
-+ CPU_BASED_CR8_STORE_EXITING;
-+#endif
- }
-
- /*
diff --git a/debian/patches/bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch b/debian/patches/bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch
deleted file mode 100644
index 91c990c..0000000
--- a/debian/patches/bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From: =?UTF-8?q?Jan=20H=2E=20Sch=C3=B6nherr?= <jschoenh at amazon.de>
-Date: Thu, 7 Sep 2017 19:02:30 +0100
-Subject: KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Origin: https://git.kernel.org/linus/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000252
-
-The value of the guest_irq argument to vmx_update_pi_irte() is
-ultimately coming from a KVM_IRQFD API call. Do not BUG() in
-vmx_update_pi_irte() if the value is out-of bounds. (Especially,
-since KVM as a whole seems to hang after that.)
-
-Instead, print a message only once if we find that we don't have a
-route for a certain IRQ (which can be out-of-bounds or within the
-array).
-
-This fixes CVE-2017-1000252.
-
-Fixes: efc644048ecde54 ("KVM: x86: Update IRTE for posted-interrupts")
-Signed-off-by: Jan H. Schönherr <jschoenh at amazon.de>
-Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
----
- arch/x86/kvm/vmx.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -11377,7 +11377,7 @@ static int vmx_update_pi_irte(struct kvm
- struct kvm_lapic_irq irq;
- struct kvm_vcpu *vcpu;
- struct vcpu_data vcpu_info;
-- int idx, ret = -EINVAL;
-+ int idx, ret = 0;
-
- if (!kvm_arch_has_assigned_device(kvm) ||
- !irq_remapping_cap(IRQ_POSTING_CAP) ||
-@@ -11386,7 +11386,12 @@ static int vmx_update_pi_irte(struct kvm
-
- idx = srcu_read_lock(&kvm->irq_srcu);
- irq_rt = srcu_dereference(kvm->irq_routing, &kvm->irq_srcu);
-- BUG_ON(guest_irq >= irq_rt->nr_rt_entries);
-+ if (guest_irq >= irq_rt->nr_rt_entries ||
-+ hlist_empty(&irq_rt->map[guest_irq])) {
-+ pr_warn_once("no route for guest_irq %u/%u (broken user space?)\n",
-+ guest_irq, irq_rt->nr_rt_entries);
-+ goto out;
-+ }
-
- hlist_for_each_entry(e, &irq_rt->map[guest_irq], link) {
- if (e->type != KVM_IRQ_ROUTING_MSI)
diff --git a/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch b/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
index 3d511fe..cfbf98e 100644
--- a/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
+++ b/debian/patches/bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
@@ -11,8 +11,8 @@ It broke feature detection that was working just fine for us.
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
-@@ -38,7 +38,7 @@ ifeq ($(ARCH),x86)
- LIBUNWIND_LIBS = -lunwind -lunwind-x86_64
+@@ -38,7 +38,7 @@ ifeq ($(SRCARCH),x86)
+ LIBUNWIND_LIBS = -lunwind-x86_64 -lunwind -llzma
$(call detected,CONFIG_X86_64)
else
- LIBUNWIND_LIBS = -lunwind-x86 -llzma -lunwind
diff --git a/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch b/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
index 6cb31f9..6827c94 100644
--- a/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
+++ b/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
@@ -13,15 +13,15 @@ other W+X cases. So add a condition to the WARN_ON.
---
--- a/arch/x86/mm/dump_pagetables.c
+++ b/arch/x86/mm/dump_pagetables.c
-@@ -17,6 +17,7 @@
+@@ -18,6 +18,7 @@
#include <linux/init.h>
#include <linux/sched.h>
#include <linux/seq_file.h>
+#include <xen/xen.h>
- #include <asm/kasan.h>
#include <asm/pgtable.h>
-@@ -220,7 +221,7 @@ static void note_page(struct seq_file *m
+
+@@ -231,7 +232,7 @@ static void note_page(struct seq_file *m
pgprotval_t pr = pgprot_val(st->current_prot);
if (st->check_wx && (pr & _PAGE_RW) && !(pr & _PAGE_NX)) {
diff --git a/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch b/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch
index 533feaf..4a1943d 100644
--- a/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch
+++ b/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch
@@ -17,8 +17,8 @@ Signed-off-by: Adam Borowski <kilobyte at angband.pl>
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
-@@ -3098,6 +3098,15 @@ retry_root_backup:
- btrfs_set_opt(fs_info->mount_opt, SSD);
+@@ -3060,6 +3060,15 @@ retry_root_backup:
+ btrfs_set_and_info(fs_info, SSD, "enabling ssd optimizations");
}
+ if ((fs_info->avail_data_alloc_bits |
diff --git a/debian/patches/debian/dfsg/firmware-cleanup.patch b/debian/patches/debian/dfsg/firmware-cleanup.patch
deleted file mode 100644
index 760918c..0000000
--- a/debian/patches/debian/dfsg/firmware-cleanup.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Tue, 15 Mar 2011 04:48:15 +0000
-Subject: Remove the entire firmware directory
-Forwarded: no
-
-Some of this is DFSG-free, but it has been moved to firmware-free so
-we don't need it in linux-2.6 as well.
-
-diff --git a/Makefile b/Makefile
-index d6592b6..9afac11 100644
---- a/Makefile
-+++ b/Makefile
-@@ -487,7 +487,7 @@ scripts: scripts_basic include/config/auto.conf include/config/tristate.conf
-
- # Objects we will link into vmlinux / subdirs we need to visit
- init-y := init/
--drivers-y := drivers/ sound/ firmware/
-+drivers-y := drivers/ sound/
- net-y := net/
- libs-y := lib/
- core-y := usr/
-diff --git a/scripts/Makefile.fwinst b/scripts/Makefile.fwinst
-index 6bf8e87..2f6db83 100644
---- a/scripts/Makefile.fwinst
-+++ b/scripts/Makefile.fwinst
-@@ -13,7 +13,7 @@ src := $(obj)
- -include $(objtree)/.config
-
- include scripts/Kbuild.include
--include $(src)/Makefile
-+-include $(src)/Makefile
-
- include scripts/Makefile.host
-
diff --git a/debian/patches/debian/revert-gpu-host1x-add-iommu-support.patch b/debian/patches/debian/revert-gpu-host1x-add-iommu-support.patch
index 8a0efca..4fbb8df 100644
--- a/debian/patches/debian/revert-gpu-host1x-add-iommu-support.patch
+++ b/debian/patches/debian/revert-gpu-host1x-add-iommu-support.patch
@@ -20,9 +20,10 @@ to avoid when combining the two address mapping APIs. But with XEN
enabled and ARM_LPAE not enabled, as in the armmp config, dma_addr_t
is 64-bit while phys_addr_t is 32-bit.
-It also reverts the commit fea20995976f4b2e8968f852a18e280487d42f0d
+It also reverts commit fea20995976f4b2e8968f852a18e280487d42f0d
"gpu: host1x: Free the IOMMU domain when there is no device to attach"
-which depends on it.
+and commit 8b3f5ac6b55f5f3f60723a58f14ec235a5b8cfe
+"gpu: host1x: Don't fail on NULL bo physical address" which depend on it.
---
--- a/drivers/gpu/host1x/cdma.c
@@ -327,7 +328,7 @@ which depends on it.
job->num_unpins = 0;
-@@ -191,16 +190,12 @@ static unsigned int pin_job(struct host1
+@@ -191,12 +190,12 @@ static unsigned int pin_job(struct host1
dma_addr_t phys_addr;
reloc->target.bo = host1x_bo_get(reloc->target.bo);
@@ -338,15 +339,12 @@ which depends on it.
- }
phys_addr = host1x_bo_pin(reloc->target.bo, &sgt);
-- if (!phys_addr) {
-- err = -EINVAL;
+ if (!phys_addr)
- goto unpin;
-- }
++ goto unpin;
job->addr_phys[job->num_unpins] = phys_addr;
job->unpins[job->num_unpins].bo = reloc->target.bo;
-@@ -210,67 +205,28 @@ static unsigned int pin_job(struct host1
+@@ -206,63 +205,28 @@ static unsigned int pin_job(struct host1
for (i = 0; i < job->num_gathers; i++) {
struct host1x_job_gather *g = &job->gathers[i];
@@ -366,12 +364,9 @@ which depends on it.
- }
phys_addr = host1x_bo_pin(g->bo, &sgt);
-- if (!phys_addr) {
-- err = -EINVAL;
+ if (!phys_addr)
- goto unpin;
-- }
--
++ goto unpin;
+
- if (!IS_ENABLED(CONFIG_TEGRA_HOST1X_FIREWALL) && host->domain) {
- for_each_sg(sgt->sgl, sg, sgt->nents, j)
- gather_size += sg->length;
@@ -402,7 +397,7 @@ which depends on it.
- }
-
- job->gather_addr_phys[i] = job->addr_phys[job->num_unpins];
-
+-
+ job->addr_phys[job->num_unpins] = phys_addr;
job->unpins[job->num_unpins].bo = g->bo;
job->unpins[job->num_unpins].sgt = sgt;
@@ -419,7 +414,7 @@ which depends on it.
}
static int do_relocs(struct host1x_job *job, struct host1x_job_gather *g)
-@@ -639,8 +595,8 @@ int host1x_job_pin(struct host1x_job *jo
+@@ -631,8 +595,8 @@ int host1x_job_pin(struct host1x_job *jo
host1x_syncpt_load(host->syncpt + i);
/* pin memory */
@@ -430,7 +425,7 @@ which depends on it.
goto out;
if (IS_ENABLED(CONFIG_TEGRA_HOST1X_FIREWALL)) {
-@@ -688,19 +644,11 @@ EXPORT_SYMBOL(host1x_job_pin);
+@@ -680,19 +644,11 @@ EXPORT_SYMBOL(host1x_job_pin);
void host1x_job_unpin(struct host1x_job *job)
{
diff --git a/debian/patches/debian/tools-perf-install.patch b/debian/patches/debian/tools-perf-install.patch
index 5c56199..d242c6e 100644
--- a/debian/patches/debian/tools-perf-install.patch
+++ b/debian/patches/debian/tools-perf-install.patch
@@ -3,11 +3,11 @@ Date: Fri, 07 Oct 2011 21:37:52 +0100
Subject: Install perf scripts non-executable
Forwarded: no
-[bwh: Forward-ported to 3.12]
+[bwh: Forward-ported to 4.13]
--- a/tools/perf/Makefile.perf
+++ b/tools/perf/Makefile.perf
-@@ -677,8 +677,8 @@ endif
+@@ -750,8 +750,8 @@ endif
ifndef NO_LIBPERL
$(call QUIET_INSTALL, perl-scripts) \
$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/Perf-Trace-Util/lib/Perf/Trace'; \
@@ -18,7 +18,7 @@ Forwarded: no
$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/bin'; \
$(INSTALL) scripts/perl/bin/* -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/perl/bin'
endif
-@@ -686,23 +686,23 @@ ifndef NO_LIBPYTHON
+@@ -759,27 +759,27 @@ ifndef NO_LIBPYTHON
$(call QUIET_INSTALL, python-scripts) \
$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/python/Perf-Trace-Util/lib/Perf/Trace'; \
$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/scripts/python/bin'; \
@@ -43,8 +43,14 @@ Forwarded: no
- $(INSTALL) tests/attr.py '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests'; \
+ $(INSTALL) -m 644 tests/attr.py '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests'; \
$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'; \
-- $(INSTALL) tests/attr/* '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'
-+ $(INSTALL) -m 644 tests/attr/* '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'
+- $(INSTALL) tests/attr/* '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'; \
++ $(INSTALL) -m 644 tests/attr/* '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/attr'; \
+ $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell'; \
+- $(INSTALL) tests/shell/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell'; \
++ $(INSTALL) -m 644 tests/shell/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell'; \
+ $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell/lib'; \
+- $(INSTALL) tests/shell/lib/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell/lib'
++ $(INSTALL) -m 644 tests/shell/lib/*.sh '$(DESTDIR_SQ)$(perfexec_instdir_SQ)/tests/shell/lib'
install-bin: install-tools install-tests install-traceevent-plugins
diff --git a/debian/patches/debian/tools-perf-version.patch b/debian/patches/debian/tools-perf-version.patch
index cb4bad6..4e99ee4 100644
--- a/debian/patches/debian/tools-perf-version.patch
+++ b/debian/patches/debian/tools-perf-version.patch
@@ -9,7 +9,7 @@ version-dependent name. And do the same for trace.]
--- a/tools/perf/Makefile.perf
+++ b/tools/perf/Makefile.perf
-@@ -649,23 +649,23 @@ endif
+@@ -721,23 +721,23 @@ endif
install-tools: all install-gtk
$(call QUIET_INSTALL, binaries) \
$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(bindir_SQ)'; \
@@ -39,7 +39,7 @@ version-dependent name. And do the same for trace.]
$(call QUIET_INSTALL, perf-archive) \
$(INSTALL) $(OUTPUT)perf-archive -t '$(DESTDIR_SQ)$(perfexec_instdir_SQ)'
$(call QUIET_INSTALL, perf-with-kcore) \
-@@ -692,7 +692,7 @@ ifndef NO_LIBPYTHON
+@@ -765,7 +765,7 @@ ifndef NO_LIBPYTHON
endif
$(call QUIET_INSTALL, perf_completion-script) \
$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(sysconfdir_SQ)/bash_completion.d'; \
@@ -48,7 +48,7 @@ version-dependent name. And do the same for trace.]
$(call QUIET_INSTALL, perf-tip) \
$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(tip_instdir_SQ)'; \
$(INSTALL) Documentation/tips.txt -t '$(DESTDIR_SQ)$(tip_instdir_SQ)'
-@@ -713,7 +713,7 @@ install-python_ext:
+@@ -790,7 +790,7 @@ install-python_ext:
# 'make install-doc' should call 'make -C Documentation install'
$(INSTALL_DOC_TARGETS):
@@ -80,11 +80,11 @@ version-dependent name. And do the same for trace.]
-# $(INSTALL) -m 644 $(DOC_MAN7) $(DESTDIR)$(man7dir)
+ sed -e 's/"PERF\\-/"PERF_$(VERSION)\\-/' -e 's/fBperf-/fBperf_$(VERSION)-/g' $^ > $(DESTDIR)$(man1dir)/perf_$(VERSION)$*.1
- install-man: check-man-tools man
+ install-man: check-man-tools man do-install-man
--- a/tools/perf/util/Build
+++ b/tools/perf/util/Build
-@@ -162,6 +162,7 @@ CFLAGS_rbtree.o += -Wno-unused-pa
+@@ -179,6 +179,7 @@ CFLAGS_libstring.o += -Wno-unused-pa
CFLAGS_hweight.o += -Wno-unused-parameter -DETC_PERFCONFIG="BUILD_STR($(ETC_PERFCONFIG_SQ))"
CFLAGS_parse-events.o += -Wno-redundant-decls
CFLAGS_header.o += -include $(OUTPUT)PERF-VERSION-FILE
diff --git a/debian/patches/debian/version.patch b/debian/patches/debian/version.patch
index 2c91d78..9a9f434 100644
--- a/debian/patches/debian/version.patch
+++ b/debian/patches/debian/version.patch
@@ -9,7 +9,7 @@ are set.
--- a/Makefile
+++ b/Makefile
-@@ -1038,7 +1038,7 @@ endif
+@@ -1055,7 +1055,7 @@ endif
prepare2: prepare3 prepare-compiler-check outputmakefile asm-generic
prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
@@ -18,7 +18,7 @@ are set.
$(cmd_crmodverdir)
archprepare: archheaders archscripts prepare1 scripts_basic
-@@ -1099,6 +1099,16 @@ define filechk_version.h
+@@ -1116,6 +1116,16 @@ define filechk_version.h
echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';)
endef
@@ -35,7 +35,7 @@ are set.
$(version_h): $(srctree)/Makefile FORCE
$(call filechk,version.h)
$(Q)rm -f $(old_version_h)
-@@ -1106,6 +1116,9 @@ $(version_h): $(srctree)/Makefile FORCE
+@@ -1123,6 +1133,9 @@ $(version_h): $(srctree)/Makefile FORCE
include/generated/utsrelease.h: include/config/kernel.release FORCE
$(call filechk,utsrelease.h)
@@ -99,18 +99,18 @@ are set.
#include <asm/pgtable.h>
#include <asm/io.h>
-@@ -1366,8 +1367,9 @@ void show_regs(struct pt_regs * regs)
+@@ -1382,8 +1383,9 @@ void show_regs(struct pt_regs * regs)
- printk("NIP: "REG" LR: "REG" CTR: "REG"\n",
+ printk("NIP: "REG" LR: "REG" CTR: "REG"\n",
regs->nip, regs->link, regs->ctr);
- printk("REGS: %p TRAP: %04lx %s (%s)\n",
- regs, regs->trap, print_tainted(), init_utsname()->release);
+ printk("REGS: %p TRAP: %04lx %s (%s%s)\n",
+ regs, regs->trap, print_tainted(), init_utsname()->release,
+ LINUX_PACKAGE_ID);
- printk("MSR: "REG" ", regs->msr);
+ printk("MSR: "REG" ", regs->msr);
print_msr_bits(regs->msr);
- printk(" CR: %08lx XER: %08lx\n", regs->ccr, regs->xer);
+ pr_cont(" CR: %08lx XER: %08lx\n", regs->ccr, regs->xer);
--- a/kernel/hung_task.c
+++ b/kernel/hung_task.c
@@ -20,6 +20,7 @@
@@ -121,7 +121,7 @@ are set.
/*
* The number of tasks checked:
-@@ -113,10 +114,11 @@ static void check_hung_task(struct task_
+@@ -114,10 +115,11 @@ static void check_hung_task(struct task_
sysctl_hung_task_warnings--;
pr_err("INFO: task %s:%d blocked for more than %ld seconds.\n",
t->comm, t->pid, timeout);
@@ -145,7 +145,7 @@ are set.
#include <linux/uaccess.h>
#include <asm/sections.h>
-@@ -3086,11 +3087,12 @@ void __init dump_stack_set_arch_desc(con
+@@ -3118,11 +3119,12 @@ void __init dump_stack_set_arch_desc(con
*/
void dump_stack_print_info(const char *log_lvl)
{
diff --git a/debian/patches/features/all/aufs4/aufs4-base.patch b/debian/patches/features/all/aufs4/aufs4-base.patch
index 49b5423..6c15636 100644
--- a/debian/patches/features/all/aufs4/aufs4-base.patch
+++ b/debian/patches/features/all/aufs4/aufs4-base.patch
@@ -1,7 +1,7 @@
From: J. R. Okajima <hooanon05 at yahoo.co.jp>
-Date: Fri Aug 25 18:02:16 2017 +0900
+Date: Thu Sep 28 22:42:44 2017 +0900
Subject: aufs4.x-rcN base patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/9aa6b2e732a0ae7057e247cabc7bd6869714e8a3
+Origin: https://github.com/sfjro/aufs4-standalone/tree/2fd397407f9d85de19dd837bc1a48b3872582366
Bug-Debian: https://bugs.debian.org/541828
Patch headers added by debian/patches/features/all/aufs4/gen-patch
@@ -9,10 +9,10 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
aufs4.x-rcN base patch
diff --git a/MAINTAINERS b/MAINTAINERS
-index 6f7721d..b320f68 100644
+index 6671f37..2cadb88 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
-@@ -2392,6 +2392,19 @@ F: include/linux/audit.h
+@@ -2465,6 +2465,19 @@ F: include/linux/audit.h
F: include/uapi/linux/audit.h
F: kernel/audit*
@@ -33,10 +33,10 @@ index 6f7721d..b320f68 100644
M: Miguel Ojeda Sandonis <miguel.ojeda.sandonis at gmail.com>
W: http://miguelojeda.es/auxdisplay.htm
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
-index ef83349..4551210 100644
+index 85de673..d44de9d 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
-@@ -707,6 +707,24 @@ static inline int is_loop_device(struct file *file)
+@@ -686,6 +686,24 @@ static inline int is_loop_device(struct file *file)
return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR;
}
@@ -75,7 +75,7 @@ index f901413..e3719a5 100644
void (*finish)(void *))
{
diff --git a/fs/fcntl.c b/fs/fcntl.c
-index 3b01b64..659760e 100644
+index 448a111..f51c2cf 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -31,7 +31,7 @@
@@ -97,10 +97,10 @@ index 3b01b64..659760e 100644
return error;
diff --git a/fs/inode.c b/fs/inode.c
-index 5037059..73820bf 100644
+index d1e35b5..f7800d6 100644
--- a/fs/inode.c
+++ b/fs/inode.c
-@@ -1641,7 +1641,7 @@ EXPORT_SYMBOL(generic_update_time);
+@@ -1655,7 +1655,7 @@ EXPORT_SYMBOL(generic_update_time);
* This does the actual work of updating an inodes time or version. Must have
* had called mnt_want_write() before calling this.
*/
@@ -109,13 +109,30 @@ index 5037059..73820bf 100644
{
int (*update_time)(struct inode *, struct timespec *, int);
+diff --git a/fs/namespace.c b/fs/namespace.c
+index 54059b1..4f508a1 100644
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -844,6 +844,12 @@ static inline int check_mnt(struct mount *mnt)
+ return mnt->mnt_ns == current->nsproxy->mnt_ns;
+ }
+
++/* for aufs, CONFIG_AUFS_BR_FUSE */
++int is_current_mnt_ns(struct vfsmount *mnt)
++{
++ return check_mnt(real_mount(mnt));
++}
++
+ /*
+ * vfsmount lock must be held for write
+ */
diff --git a/fs/read_write.c b/fs/read_write.c
-index 0cc7033..6e542f0 100644
+index a2b9a47..cfd7de4 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
-@@ -473,6 +473,28 @@ ssize_t __vfs_write(struct file *file, const char __user *p, size_t count,
+@@ -483,6 +483,28 @@ ssize_t __vfs_write(struct file *file, const char __user *p, size_t count,
+ return -EINVAL;
}
- EXPORT_SYMBOL(__vfs_write);
+vfs_readf_t vfs_readf(struct file *file)
+{
@@ -139,14 +156,14 @@ index 0cc7033..6e542f0 100644
+ return ERR_PTR(-ENOSYS);
+}
+
- ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos)
+ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
{
mm_segment_t old_fs;
diff --git a/fs/splice.c b/fs/splice.c
-index ae41201..9753304 100644
+index f3084cc..eb888c6 100644
--- a/fs/splice.c
+++ b/fs/splice.c
-@@ -853,8 +853,8 @@ EXPORT_SYMBOL(generic_splice_sendpage);
+@@ -837,8 +837,8 @@ EXPORT_SYMBOL(generic_splice_sendpage);
/*
* Attempt to initiate a splice from pipe to file.
*/
@@ -157,7 +174,7 @@ index ae41201..9753304 100644
{
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *,
loff_t *, size_t, unsigned int);
-@@ -870,9 +870,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+@@ -854,9 +854,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
/*
* Attempt to initiate a splice from a file to a pipe.
*/
@@ -171,7 +188,7 @@ index ae41201..9753304 100644
ssize_t (*splice_read)(struct file *, loff_t *,
struct pipe_inode_info *, size_t, unsigned int);
diff --git a/fs/sync.c b/fs/sync.c
-index 2a54c1f..7a5fa3f 100644
+index a576aa2..eb61780 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -27,7 +27,7 @@
@@ -196,10 +213,10 @@ index 61eb82c..e700888 100644
static inline void fput_light(struct file *file, int fput_needed)
{
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index 6e1fd5d..9421ed0 100644
+index 339e737..b024533 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
-@@ -1262,6 +1262,7 @@ extern void fasync_free(struct fasync_struct *);
+@@ -1264,6 +1264,7 @@ extern void fasync_free(struct fasync_struct *);
/* can be called from interrupts */
extern void kill_fasync(struct fasync_struct **, int, int);
@@ -207,7 +224,7 @@ index 6e1fd5d..9421ed0 100644
extern void __f_setown(struct file *filp, struct pid *, enum pid_type, int force);
extern int f_setown(struct file *filp, unsigned long arg, int force);
extern void f_delown(struct file *filp);
-@@ -1683,6 +1684,7 @@ struct file_operations {
+@@ -1710,6 +1711,7 @@ struct file_operations {
ssize_t (*sendpage) (struct file *, struct page *, int, size_t, loff_t *, int);
unsigned long (*get_unmapped_area)(struct file *, unsigned long, unsigned long, unsigned long, unsigned long);
int (*check_flags)(int);
@@ -215,7 +232,7 @@ index 6e1fd5d..9421ed0 100644
int (*flock) (struct file *, int, struct file_lock *);
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int);
ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int);
-@@ -1753,6 +1755,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
+@@ -1780,6 +1782,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
struct iovec *fast_pointer,
struct iovec **ret_pointer);
@@ -226,9 +243,9 @@ index 6e1fd5d..9421ed0 100644
+vfs_writef_t vfs_writef(struct file *file);
+
extern ssize_t __vfs_read(struct file *, char __user *, size_t, loff_t *);
- extern ssize_t __vfs_write(struct file *, const char __user *, size_t, loff_t *);
extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *);
-@@ -2157,6 +2165,7 @@ extern int current_umask(void);
+ extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *);
+@@ -2182,6 +2190,7 @@ extern int current_umask(void);
extern void ihold(struct inode * inode);
extern void iput(struct inode *);
extern int generic_update_time(struct inode *, struct timespec *, int);
@@ -236,7 +253,7 @@ index 6e1fd5d..9421ed0 100644
/* /sys/fs */
extern struct kobject *fs_kobj;
-@@ -2437,6 +2446,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb)
+@@ -2462,6 +2471,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb)
return false;
}
#endif
@@ -244,6 +261,25 @@ index 6e1fd5d..9421ed0 100644
extern int sync_filesystem(struct super_block *);
extern const struct file_operations def_blk_fops;
extern const struct file_operations def_chr_fops;
+diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h
+index 12b2ab5..8b810d1 100644
+--- a/include/linux/mnt_namespace.h
++++ b/include/linux/mnt_namespace.h
+@@ -5,11 +5,14 @@
+ struct mnt_namespace;
+ struct fs_struct;
+ struct user_namespace;
++struct vfsmount;
+
+ extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *,
+ struct user_namespace *, struct fs_struct *);
+ extern void put_mnt_ns(struct mnt_namespace *ns);
+
++extern int is_current_mnt_ns(struct vfsmount *mnt);
++
+ extern const struct file_operations proc_mounts_operations;
+ extern const struct file_operations proc_mountinfo_operations;
+ extern const struct file_operations proc_mountstats_operations;
diff --git a/include/linux/splice.h b/include/linux/splice.h
index db42746..12f3a5a 100644
--- a/include/linux/splice.h
diff --git a/debian/patches/features/all/aufs4/aufs4-mmap.patch b/debian/patches/features/all/aufs4/aufs4-mmap.patch
index 93d5bd7..177ca74 100644
--- a/debian/patches/features/all/aufs4/aufs4-mmap.patch
+++ b/debian/patches/features/all/aufs4/aufs4-mmap.patch
@@ -1,7 +1,7 @@
From: J. R. Okajima <hooanon05 at yahoo.co.jp>
-Date: Fri Aug 25 18:02:16 2017 +0900
+Date: Fri Sep 22 11:57:33 2017 +0900
Subject: aufs4.x-rcN mmap patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/9aa6b2e732a0ae7057e247cabc7bd6869714e8a3
+Origin: https://github.com/sfjro/aufs4-standalone/tree/2fd397407f9d85de19dd837bc1a48b3872582366
Bug-Debian: https://bugs.debian.org/541828
Patch headers added by debian/patches/features/all/aufs4/gen-patch
@@ -9,10 +9,10 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
aufs4.x-rcN mmap patch
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 719c2e9..a1b7968 100644
+index ad3b076..ad4a50d 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
-@@ -1986,7 +1986,7 @@ static int map_files_get_link(struct dentry *dentry, struct path *path)
+@@ -1987,7 +1987,7 @@ static int map_files_get_link(struct dentry *dentry, struct path *path)
down_read(&mm->mmap_sem);
vma = find_exact_vma(mm, vm_start, vm_end);
if (vma && vma->vm_file) {
@@ -38,10 +38,10 @@ index 7563437..7c0dc0f 100644
ino = inode->i_ino;
}
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index fe8f326..b2f7f1a 100644
+index 5589b4b..f60aea2 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
-@@ -293,7 +293,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+@@ -309,7 +309,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
const char *name = NULL;
if (file) {
@@ -53,7 +53,7 @@ index fe8f326..b2f7f1a 100644
dev = inode->i_sb->s_dev;
ino = inode->i_ino;
pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
-@@ -1640,7 +1643,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1734,7 +1737,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
struct proc_maps_private *proc_priv = &numa_priv->proc_maps;
struct vm_area_struct *vma = v;
struct numa_maps *md = &numa_priv->md;
@@ -63,10 +63,10 @@ index fe8f326..b2f7f1a 100644
struct mm_walk walk = {
.hugetlb_entry = gather_hugetlb_stats,
diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
-index 23266694..58e59b6 100644
+index b00b7660..93e8a86 100644
--- a/fs/proc/task_nommu.c
+++ b/fs/proc/task_nommu.c
-@@ -157,7 +157,10 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma,
+@@ -155,7 +155,10 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma,
file = vma->vm_file;
if (file) {
@@ -79,10 +79,10 @@ index 23266694..58e59b6 100644
ino = inode->i_ino;
pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT;
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 46b9ac5..62ba1c3 100644
+index f8c10d3..7241686 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
-@@ -1306,6 +1306,28 @@ static inline int fixup_user_fault(struct task_struct *tsk,
+@@ -1348,6 +1348,28 @@ static inline int fixup_user_fault(struct task_struct *tsk,
}
#endif
@@ -112,10 +112,10 @@ index 46b9ac5..62ba1c3 100644
unsigned int gup_flags);
extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
-index 3cadee0..d0142c1 100644
+index 46f4ecf5..1340df3 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
-@@ -259,6 +259,7 @@ struct vm_region {
+@@ -260,6 +260,7 @@ struct vm_region {
unsigned long vm_top; /* region allocated to here */
unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */
struct file *vm_file; /* the backing file or NULL */
@@ -123,19 +123,19 @@ index 3cadee0..d0142c1 100644
int vm_usage; /* region usage count (access under nommu_region_sem) */
bool vm_icache_flushed : 1; /* true if the icache has been flushed for
-@@ -333,6 +334,7 @@ struct vm_area_struct {
+@@ -334,6 +335,7 @@ struct vm_area_struct {
unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE
units */
struct file * vm_file; /* File we map to (can be NULL). */
+ struct file *vm_prfile; /* shadow of vm_file */
void * vm_private_data; /* was vm_pte (shared mem) */
- #ifndef CONFIG_MMU
+ atomic_long_t swap_readahead_info;
diff --git a/kernel/fork.c b/kernel/fork.c
-index e075b77..af14572 100644
+index 1064618..8937405 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
-@@ -663,7 +663,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm,
+@@ -672,7 +672,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm,
struct inode *inode = file_inode(file);
struct address_space *mapping = file->f_mapping;
@@ -145,7 +145,7 @@ index e075b77..af14572 100644
atomic_dec(&inode->i_writecount);
i_mmap_lock_write(mapping);
diff --git a/mm/Makefile b/mm/Makefile
-index 411bd24..e7de927 100644
+index e3ac3ae..745b26c 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -39,7 +39,7 @@ obj-y := filemap.o mempool.o oom_kill.o \
@@ -158,10 +158,10 @@ index 411bd24..e7de927 100644
obj-y += init-mm.o
diff --git a/mm/filemap.c b/mm/filemap.c
-index a497024..9389040 100644
+index 870971e..045dd0e 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
-@@ -2541,7 +2541,7 @@ int filemap_page_mkwrite(struct vm_fault *vmf)
+@@ -2582,7 +2582,7 @@ int filemap_page_mkwrite(struct vm_fault *vmf)
int ret = VM_FAULT_LOCKED;
sb_start_pagefault(inode->i_sb);
@@ -171,10 +171,10 @@ index a497024..9389040 100644
if (page->mapping != inode->i_mapping) {
unlock_page(page);
diff --git a/mm/mmap.c b/mm/mmap.c
-index f19efcf..7fdd59e 100644
+index 680506f..081406a 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
-@@ -170,7 +170,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
+@@ -171,7 +171,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
if (vma->vm_ops && vma->vm_ops->close)
vma->vm_ops->close(vma);
if (vma->vm_file)
@@ -183,7 +183,7 @@ index f19efcf..7fdd59e 100644
mpol_put(vma_policy(vma));
kmem_cache_free(vm_area_cachep, vma);
return next;
-@@ -895,7 +895,7 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
+@@ -896,7 +896,7 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
if (remove_next) {
if (file) {
uprobe_munmap(next, next->vm_start, next->vm_end);
@@ -192,7 +192,7 @@ index f19efcf..7fdd59e 100644
}
if (next->anon_vma)
anon_vma_merge(vma, next);
-@@ -1745,8 +1745,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1746,8 +1746,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
return addr;
unmap_and_free_vma:
@@ -202,7 +202,7 @@ index f19efcf..7fdd59e 100644
/* Undo any partial mapping done by a device driver. */
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
-@@ -2568,7 +2568,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2569,7 +2569,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
goto out_free_mpol;
if (new->vm_file)
@@ -211,7 +211,7 @@ index f19efcf..7fdd59e 100644
if (new->vm_ops && new->vm_ops->open)
new->vm_ops->open(new);
-@@ -2587,7 +2587,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2588,7 +2588,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
if (new->vm_ops && new->vm_ops->close)
new->vm_ops->close(new);
if (new->vm_file)
@@ -220,7 +220,7 @@ index f19efcf..7fdd59e 100644
unlink_anon_vmas(new);
out_free_mpol:
mpol_put(vma_policy(new));
-@@ -2741,7 +2741,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -2750,7 +2750,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
struct vm_area_struct *vma;
unsigned long populate = 0;
unsigned long ret = -EINVAL;
@@ -229,7 +229,7 @@ index f19efcf..7fdd59e 100644
pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.\n",
current->comm, current->pid);
-@@ -2816,10 +2816,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -2825,10 +2825,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
}
}
@@ -258,7 +258,7 @@ index f19efcf..7fdd59e 100644
out:
up_write(&mm->mmap_sem);
if (populate)
-@@ -3110,7 +3127,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -3136,7 +3153,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
if (anon_vma_clone(new_vma, vma))
goto out_free_mempol;
if (new_vma->vm_file)
@@ -268,7 +268,7 @@ index f19efcf..7fdd59e 100644
new_vma->vm_ops->open(new_vma);
vma_link(mm, new_vma, prev, rb_link, rb_parent);
diff --git a/mm/nommu.c b/mm/nommu.c
-index fc184f5..637ea81 100644
+index 17c00d9..4bcdf94 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -641,7 +641,7 @@ static void __put_nommu_region(struct vm_region *region)
@@ -289,7 +289,7 @@ index fc184f5..637ea81 100644
put_nommu_region(vma->vm_region);
kmem_cache_free(vm_area_cachep, vma);
}
-@@ -1326,7 +1326,7 @@ unsigned long do_mmap(struct file *file,
+@@ -1321,7 +1321,7 @@ unsigned long do_mmap(struct file *file,
goto error_just_free;
}
}
@@ -298,7 +298,7 @@ index fc184f5..637ea81 100644
kmem_cache_free(vm_region_jar, region);
region = pregion;
result = start;
-@@ -1401,10 +1401,10 @@ unsigned long do_mmap(struct file *file,
+@@ -1396,10 +1396,10 @@ unsigned long do_mmap(struct file *file,
up_write(&nommu_region_sem);
error:
if (region->vm_file)
diff --git a/debian/patches/features/all/aufs4/aufs4-standalone.patch b/debian/patches/features/all/aufs4/aufs4-standalone.patch
index 7fe91ea..09a6100 100644
--- a/debian/patches/features/all/aufs4/aufs4-standalone.patch
+++ b/debian/patches/features/all/aufs4/aufs4-standalone.patch
@@ -1,7 +1,7 @@
From: J. R. Okajima <hooanon05 at yahoo.co.jp>
-Date: Fri Aug 25 18:02:16 2017 +0900
+Date: Thu Sep 28 22:42:44 2017 +0900
Subject: aufs4.x-rcN standalone patch
-Origin: https://github.com/sfjro/aufs4-standalone/tree/9aa6b2e732a0ae7057e247cabc7bd6869714e8a3
+Origin: https://github.com/sfjro/aufs4-standalone/tree/2fd397407f9d85de19dd837bc1a48b3872582366
Bug-Debian: https://bugs.debian.org/541828
Patch headers added by debian/patches/features/all/aufs4/gen-patch
@@ -29,7 +29,7 @@ index e3719a5..3203470 100644
/**
* d_ancestor - search for an ancestor
diff --git a/fs/exec.c b/fs/exec.c
-index 62175cb..f0b6fdd 100644
+index ac34d97..f42757e 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path)
@@ -41,7 +41,7 @@ index 62175cb..f0b6fdd 100644
#ifdef CONFIG_USELIB
/*
diff --git a/fs/fcntl.c b/fs/fcntl.c
-index 659760e..5c37087 100644
+index f51c2cf..58bf222 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -84,6 +84,7 @@ int setfl(int fd, struct file * filp, unsigned long arg)
@@ -53,7 +53,7 @@ index 659760e..5c37087 100644
static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
int force)
diff --git a/fs/file_table.c b/fs/file_table.c
-index 72e861a..01ae52f 100644
+index 61517f5..c6bab39c 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -148,6 +148,7 @@ struct file *get_empty_filp(void)
@@ -64,7 +64,7 @@ index 72e861a..01ae52f 100644
/**
* alloc_file - allocate and initialize a 'struct file'
-@@ -260,6 +261,7 @@ void flush_delayed_fput(void)
+@@ -258,6 +259,7 @@ void flush_delayed_fput(void)
{
delayed_fput(NULL);
}
@@ -72,7 +72,7 @@ index 72e861a..01ae52f 100644
static DECLARE_DELAYED_WORK(delayed_fput_work, delayed_fput);
-@@ -302,6 +304,7 @@ void __fput_sync(struct file *file)
+@@ -300,6 +302,7 @@ void __fput_sync(struct file *file)
}
EXPORT_SYMBOL(fput);
@@ -80,19 +80,19 @@ index 72e861a..01ae52f 100644
void put_filp(struct file *file)
{
-@@ -310,6 +313,7 @@ void put_filp(struct file *file)
+@@ -308,6 +311,7 @@ void put_filp(struct file *file)
file_free(file);
}
}
+EXPORT_SYMBOL_GPL(put_filp);
void __init files_init(void)
- {
+ {
diff --git a/fs/inode.c b/fs/inode.c
-index 73820bf..7db829e 100644
+index f7800d6..f31a6c7 100644
--- a/fs/inode.c
+++ b/fs/inode.c
-@@ -1650,6 +1650,7 @@ int update_time(struct inode *inode, struct timespec *time, int flags)
+@@ -1664,6 +1664,7 @@ int update_time(struct inode *inode, struct timespec *time, int flags)
return update_time(inode, time, flags);
}
@@ -101,10 +101,10 @@ index 73820bf..7db829e 100644
/**
* touch_atime - update the access time
diff --git a/fs/namespace.c b/fs/namespace.c
-index f8893dc..c55d949 100644
+index 4f508a1..c872ba2 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -463,6 +463,7 @@ void __mnt_drop_write(struct vfsmount *mnt)
+@@ -515,6 +515,7 @@ void __mnt_drop_write(struct vfsmount *mnt)
mnt_dec_writers(real_mount(mnt));
preempt_enable();
}
@@ -112,7 +112,15 @@ index f8893dc..c55d949 100644
/**
* mnt_drop_write - give up write access to a mount
-@@ -1823,6 +1824,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
+@@ -849,6 +850,7 @@ int is_current_mnt_ns(struct vfsmount *mnt)
+ {
+ return check_mnt(real_mount(mnt));
+ }
++EXPORT_SYMBOL_GPL(is_current_mnt_ns);
+
+ /*
+ * vfsmount lock must be held for write
+@@ -1885,6 +1887,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
}
return 0;
}
@@ -193,7 +201,7 @@ index 9991f88..117042c 100644
/*
* Destroy all marks in destroy_list, waits for SRCU period to finish before
diff --git a/fs/open.c b/fs/open.c
-index 35bb784..92e08c5 100644
+index 7ea1184..6e2e241 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
@@ -213,10 +221,18 @@ index 35bb784..92e08c5 100644
static int do_dentry_open(struct file *f,
struct inode *inode,
diff --git a/fs/read_write.c b/fs/read_write.c
-index 6e542f0..c6fa090 100644
+index cfd7de4..8623bd3 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
-@@ -483,6 +483,7 @@ vfs_readf_t vfs_readf(struct file *file)
+@@ -453,6 +453,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
+
+ return ret;
+ }
++EXPORT_SYMBOL_GPL(vfs_read);
+
+ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos)
+ {
+@@ -493,6 +494,7 @@ vfs_readf_t vfs_readf(struct file *file)
return new_sync_read;
return ERR_PTR(-ENOSYS);
}
@@ -224,19 +240,27 @@ index 6e542f0..c6fa090 100644
vfs_writef_t vfs_writef(struct file *file)
{
-@@ -494,6 +495,7 @@ vfs_writef_t vfs_writef(struct file *file)
+@@ -504,6 +506,7 @@ vfs_writef_t vfs_writef(struct file *file)
return new_sync_write;
return ERR_PTR(-ENOSYS);
}
+EXPORT_SYMBOL_GPL(vfs_writef);
- ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos)
+ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
+ {
+@@ -573,6 +576,7 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_
+
+ return ret;
+ }
++EXPORT_SYMBOL_GPL(vfs_write);
+
+ static inline loff_t file_pos_read(struct file *file)
{
diff --git a/fs/splice.c b/fs/splice.c
-index 9753304..b38e036 100644
+index eb888c6..7ab89d2 100644
--- a/fs/splice.c
+++ b/fs/splice.c
-@@ -866,6 +866,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+@@ -850,6 +850,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
return splice_write(pipe, out, ppos, len, flags);
}
@@ -244,7 +268,7 @@ index 9753304..b38e036 100644
/*
* Attempt to initiate a splice from a file to a pipe.
-@@ -895,6 +896,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
+@@ -879,6 +880,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
return splice_read(in, ppos, pipe, len, flags);
}
@@ -253,7 +277,7 @@ index 9753304..b38e036 100644
/**
* splice_direct_to_actor - splices data directly between two non-pipes
diff --git a/fs/sync.c b/fs/sync.c
-index 7a5fa3f..c9b9d46 100644
+index eb61780..32c5a05 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -38,6 +38,7 @@ int __sync_filesystem(struct super_block *sb, int wait)
@@ -265,10 +289,10 @@ index 7a5fa3f..c9b9d46 100644
/*
* Write out and wait upon all dirty data associated with this
diff --git a/fs/xattr.c b/fs/xattr.c
-index 464c94b..0234d49 100644
+index 4424f7f..15431ff 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
-@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
+@@ -297,6 +297,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
*xattr_value = value;
return error;
}
@@ -277,19 +301,19 @@ index 464c94b..0234d49 100644
ssize_t
__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
diff --git a/kernel/task_work.c b/kernel/task_work.c
-index d513051..e056d54 100644
+index 836a72a..aa00d49 100644
--- a/kernel/task_work.c
+++ b/kernel/task_work.c
-@@ -119,3 +119,4 @@ void task_work_run(void)
+@@ -115,3 +115,4 @@ void task_work_run(void)
} while (work);
}
}
+EXPORT_SYMBOL_GPL(task_work_run);
diff --git a/security/commoncap.c b/security/commoncap.c
-index 7abebd7..c079ce4 100644
+index c25e0d2..9551659 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
-@@ -1062,12 +1062,14 @@ int cap_mmap_addr(unsigned long addr)
+@@ -1269,12 +1269,14 @@ int cap_mmap_addr(unsigned long addr)
}
return ret;
}
@@ -325,10 +349,10 @@ index 03c1652..f88c84b 100644
int devcgroup_inode_mknod(int mode, dev_t dev)
{
diff --git a/security/security.c b/security/security.c
-index 3013237..342ce8b 100644
+index 4bf0f57..b30d1e1 100644
--- a/security/security.c
+++ b/security/security.c
-@@ -535,6 +535,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry)
+@@ -530,6 +530,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry)
return 0;
return call_int_hook(path_rmdir, 0, dir, dentry);
}
@@ -336,7 +360,7 @@ index 3013237..342ce8b 100644
int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
-@@ -551,6 +552,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry,
+@@ -546,6 +547,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry,
return 0;
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
@@ -344,7 +368,7 @@ index 3013237..342ce8b 100644
int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
-@@ -559,6 +561,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
+@@ -554,6 +556,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
return 0;
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
@@ -352,7 +376,7 @@ index 3013237..342ce8b 100644
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
const struct path *new_dir, struct dentry *new_dentry,
-@@ -586,6 +589,7 @@ int security_path_truncate(const struct path *path)
+@@ -581,6 +584,7 @@ int security_path_truncate(const struct path *path)
return 0;
return call_int_hook(path_truncate, 0, path);
}
@@ -360,7 +384,7 @@ index 3013237..342ce8b 100644
int security_path_chmod(const struct path *path, umode_t mode)
{
-@@ -593,6 +597,7 @@ int security_path_chmod(const struct path *path, umode_t mode)
+@@ -588,6 +592,7 @@ int security_path_chmod(const struct path *path, umode_t mode)
return 0;
return call_int_hook(path_chmod, 0, path, mode);
}
@@ -368,7 +392,7 @@ index 3013237..342ce8b 100644
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
-@@ -600,6 +605,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
+@@ -595,6 +600,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
return 0;
return call_int_hook(path_chown, 0, path, uid, gid);
}
@@ -376,7 +400,7 @@ index 3013237..342ce8b 100644
int security_path_chroot(const struct path *path)
{
-@@ -685,6 +691,7 @@ int security_inode_readlink(struct dentry *dentry)
+@@ -680,6 +686,7 @@ int security_inode_readlink(struct dentry *dentry)
return 0;
return call_int_hook(inode_readlink, 0, dentry);
}
@@ -384,7 +408,7 @@ index 3013237..342ce8b 100644
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
-@@ -700,6 +707,7 @@ int security_inode_permission(struct inode *inode, int mask)
+@@ -695,6 +702,7 @@ int security_inode_permission(struct inode *inode, int mask)
return 0;
return call_int_hook(inode_permission, 0, inode, mask);
}
@@ -392,7 +416,7 @@ index 3013237..342ce8b 100644
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
-@@ -871,6 +879,7 @@ int security_file_permission(struct file *file, int mask)
+@@ -866,6 +874,7 @@ int security_file_permission(struct file *file, int mask)
return fsnotify_perm(file, mask);
}
@@ -400,7 +424,7 @@ index 3013237..342ce8b 100644
int security_file_alloc(struct file *file)
{
-@@ -930,6 +939,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
+@@ -925,6 +934,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
return ret;
return ima_file_mmap(file, prot);
}
diff --git a/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch b/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
index ece981a..7134fd6 100644
--- a/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
+++ b/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
@@ -20,13 +20,11 @@ Signed-off-by: David Howells <dhowells at redhat.com>
5 files changed, 78 insertions(+)
create mode 100644 security/lock_down.c
-diff --git a/include/linux/kernel.h b/include/linux/kernel.h
-index 4c26dc3a8295..b820a80dc949 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
-@@ -275,6 +275,15 @@ extern int oops_may_print(void);
- void do_exit(long error_code) __noreturn;
- void complete_and_exit(struct completion *, long) __noreturn;
+@@ -287,6 +287,15 @@ static inline void refcount_error_report
+ { }
+ #endif
+#ifdef CONFIG_LOCK_DOWN_KERNEL
+extern bool kernel_is_locked_down(void);
@@ -40,11 +38,9 @@ index 4c26dc3a8295..b820a80dc949 100644
/* Internal, do not use. */
int __must_check _kstrtoul(const char *s, unsigned int base, unsigned long *res);
int __must_check _kstrtol(const char *s, unsigned int base, long *res);
-diff --git a/include/linux/security.h b/include/linux/security.h
-index af675b576645..68bab18ddd57 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
-@@ -1698,5 +1698,16 @@ static inline void free_secdata(void *secdata)
+@@ -1753,5 +1753,16 @@ static inline void free_secdata(void *se
{ }
#endif /* CONFIG_SECURITY */
@@ -61,11 +57,9 @@ index af675b576645..68bab18ddd57 100644
+
#endif /* ! __LINUX_SECURITY_H */
-diff --git a/security/Kconfig b/security/Kconfig
-index 3ff1bf91080e..e3830171bdcb 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -198,6 +198,21 @@ config STATIC_USERMODEHELPER_PATH
+@@ -214,6 +214,21 @@ config STATIC_USERMODEHELPER_PATH
If you wish for all usermode helper programs to be disabled,
specify an empty string here (i.e. "").
@@ -87,20 +81,15 @@ index 3ff1bf91080e..e3830171bdcb 100644
source security/selinux/Kconfig
source security/smack/Kconfig
source security/tomoyo/Kconfig
-diff --git a/security/Makefile b/security/Makefile
-index f2d71cdb8e19..8c4a43e3d4e0 100644
--- a/security/Makefile
+++ b/security/Makefile
-@@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
+@@ -29,3 +29,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
# Object integrity file lists
subdir-$(CONFIG_INTEGRITY) += integrity
obj-$(CONFIG_INTEGRITY) += integrity/
+
+# Allow the kernel to be locked down
+obj-$(CONFIG_LOCK_DOWN_KERNEL) += lock_down.o
-diff --git a/security/lock_down.c b/security/lock_down.c
-new file mode 100644
-index 000000000000..5788c60ff4e1
--- /dev/null
+++ b/security/lock_down.c
@@ -0,0 +1,40 @@
diff --git a/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
index 7bc8d5a..a1ad17b 100644
--- a/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+++ b/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
@@ -17,7 +17,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -1827,6 +1827,18 @@ config EFI_MIXED
+@@ -1886,6 +1886,18 @@ config EFI_MIXED
If unsure, say N.
@@ -38,15 +38,15 @@ Signed-off-by: David Howells <dhowells at redhat.com>
prompt "Enable seccomp to safely compute untrusted bytecode"
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -69,6 +69,7 @@
- #include <linux/crash_dump.h>
+@@ -70,6 +70,7 @@
#include <linux/tboot.h>
#include <linux/jiffies.h>
+ #include <linux/mem_encrypt.h>
+#include <linux/security.h>
#include <linux/usb/xhci-dbgp.h>
#include <video/edid.h>
-@@ -1191,7 +1192,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1204,7 +1205,12 @@ void __init setup_arch(char **cmdline_p)
break;
case efi_secureboot_mode_enabled:
set_bit(EFI_SECURE_BOOT, &efi.flags);
diff --git a/debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch b/debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
index 9f3e663..b388639 100644
--- a/debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
+++ b/debian/patches/features/all/lockdown/0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch
@@ -21,7 +21,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -1839,6 +1839,16 @@ config EFI_SECURE_BOOT_LOCK_DOWN
+@@ -1898,6 +1898,16 @@ config EFI_SECURE_BOOT_LOCK_DOWN
image. Say Y here to automatically lock down the kernel when a
system boots with UEFI Secure Boot enabled.
@@ -40,8 +40,8 @@ Signed-off-by: David Howells <dhowells at redhat.com>
prompt "Enable seccomp to safely compute untrusted bytecode"
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -71,6 +71,11 @@
- #include <linux/jiffies.h>
+@@ -72,6 +72,11 @@
+ #include <linux/mem_encrypt.h>
#include <linux/security.h>
+#include <linux/fips.h>
@@ -52,7 +52,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
#include <linux/usb/xhci-dbgp.h>
#include <video/edid.h>
-@@ -1336,6 +1341,32 @@ void __init i386_reserve_resources(void)
+@@ -1353,6 +1358,32 @@ void __init i386_reserve_resources(void)
#endif /* CONFIG_X86_32 */
@@ -87,7 +87,7 @@ Signed-off-by: David Howells <dhowells at redhat.com>
};
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
-@@ -387,6 +387,7 @@ static int uinput_allocate_device(struct
+@@ -408,6 +408,7 @@ static int uinput_allocate_device(struct
if (!udev->dev)
return -ENOMEM;
diff --git a/debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch b/debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
index abe1ca5..d4d2e17 100644
--- a/debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
+++ b/debian/patches/features/all/lockdown/0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch
@@ -16,11 +16,9 @@ Signed-off-by: David Howells <dhowells at redhat.com>
drivers/platform/x86/asus-wmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
-diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
-index 8fe5890bf539..feef25076813 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
-@@ -1900,6 +1900,9 @@ static int show_dsts(struct seq_file *m, void *data)
+@@ -1905,6 +1905,9 @@ static int show_dsts(struct seq_file *m,
int err;
u32 retval = -1;
@@ -30,7 +28,7 @@ index 8fe5890bf539..feef25076813 100644
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
if (err < 0)
-@@ -1916,6 +1919,9 @@ static int show_devs(struct seq_file *m, void *data)
+@@ -1921,6 +1924,9 @@ static int show_devs(struct seq_file *m,
int err;
u32 retval = -1;
@@ -40,7 +38,7 @@ index 8fe5890bf539..feef25076813 100644
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
&retval);
-@@ -1940,6 +1946,9 @@ static int show_call(struct seq_file *m, void *data)
+@@ -1945,6 +1951,9 @@ static int show_call(struct seq_file *m,
union acpi_object *obj;
acpi_status status;
@@ -48,5 +46,5 @@ index 8fe5890bf539..feef25076813 100644
+ return -EPERM;
+
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
- 1, asus->debug.method_id,
+ 0, asus->debug.method_id,
&input, &output);
diff --git a/debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch b/debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
index 0858aac..cf19c3c 100644
--- a/debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
+++ b/debian/patches/features/all/lockdown/0060-Lock-down-TIOCSSERIAL.patch
@@ -14,12 +14,10 @@ Signed-off-by: David Howells <dhowells at redhat.com>
drivers/tty/serial/serial_core.c | 6 ++++++
1 file changed, 6 insertions(+)
-diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
-index 3fe56894974a..4181b0004de9 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
-@@ -821,6 +821,12 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
- new_flags = new_info->flags;
+@@ -842,6 +842,12 @@ static int uart_set_info(struct tty_stru
+ new_flags = (__force upf_t)new_info->flags;
old_custom_divisor = uport->custom_divisor;
+ if ((change_port || change_irq) && kernel_is_locked_down()) {
diff --git a/debian/patches/features/arm64/ARM64-dts-marvell-armada-37xx-Enable-uSD-on-ESPRESSO.patch b/debian/patches/features/arm64/ARM64-dts-marvell-armada-37xx-Enable-uSD-on-ESPRESSO.patch
deleted file mode 100644
index f9088ec..0000000
--- a/debian/patches/features/arm64/ARM64-dts-marvell-armada-37xx-Enable-uSD-on-ESPRESSO.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From: Marcin Wojtas <mw at semihalf.com>
-Date: Fri, 21 Jul 2017 01:50:36 +0200
-Subject: [PATCH] ARM64: dts: marvell: armada-37xx: Enable uSD on ESPRESSObin
-Origin: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=9be778f6c6d8f90ff2fad88d1770e2a7843aee43
-Bug-Debian: https://bugs.debian.org/871049
-
-The ESPRESSObin board exposes one of the SDHCI interfaces
-via J1 uSD slot. This patch enables it.
-
-Tested-by: Miquel Raynal <miquel.raynal at free-electrons.com>
-Signed-off-by: Marcin Wojtas <mw at semihalf.com>
-Signed-off-by: Zbigniew Bodek <zbodek at gmail.com>
-[gregory.clement at free-electrons.com: removed "no-1-8-v"]
-Signed-off-by: Gregory CLEMENT <gregory.clement at free-electrons.com>
----
- .../boot/dts/marvell/armada-3720-espressobin.dts | 25 ++++++++++++++++++++++
- 1 file changed, 25 insertions(+)
-
-diff --git a/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts b/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts
-index b1af3f988b29..2ce52ba74f73 100644
---- a/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts
-+++ b/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts
-@@ -45,6 +45,7 @@
-
- /dts-v1/;
-
-+#include <dt-bindings/gpio/gpio.h>
- #include "armada-372x.dtsi"
-
- / {
-@@ -59,6 +60,20 @@
- device_type = "memory";
- reg = <0x00000000 0x00000000 0x00000000 0x20000000>;
- };
-+
-+ vcc_sd_reg1: regulator {
-+ compatible = "regulator-gpio";
-+ regulator-name = "vcc_sd1";
-+ regulator-min-microvolt = <1800000>;
-+ regulator-max-microvolt = <3300000>;
-+ regulator-boot-on;
-+
-+ gpios = <&gpionb 4 GPIO_ACTIVE_HIGH>;
-+ gpios-states = <0>;
-+ states = <1800000 0x1
-+ 3300000 0x0>;
-+ enable-active-high;
-+ };
- };
-
- /* J9 */
-@@ -71,6 +86,16 @@
- status = "okay";
- };
-
-+/* J1 */
-+&sdhci1 {
-+ wp-inverted;
-+ bus-width = <4>;
-+ cd-gpios = <&gpionb 3 GPIO_ACTIVE_LOW>;
-+ marvell,pad-type = "sd";
-+ vqmmc-supply = <&vcc_sd_reg1>;
-+ status = "okay";
-+};
-+
- /* Exported on the micro USB connector J5 through an FTDI */
- &uart0 {
- status = "okay";
---
-2.13.2
-
diff --git a/debian/patches/series b/debian/patches/series
index c69216e..6a11588 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -69,7 +69,6 @@ features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch
features/mips/MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch
features/x86/x86-memtest-WARN-if-bad-RAM-found.patch
features/x86/x86-make-x32-syscall-support-conditional.patch
-features/arm64/ARM64-dts-marvell-armada-37xx-Enable-uSD-on-ESPRESSO.patch
# Miscellaneous bug fixes
bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
@@ -77,7 +76,6 @@ bugfix/all/disable-some-marvell-phys.patch
bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
-bugfix/all/bfq-re-enable-auto-loading-when-built-as-a-module.patch
# Miscellaneous features
@@ -113,15 +111,10 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
-bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
-bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch
-bugfix/x86/kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch
bugfix/all/fix-infoleak-in-waitid-2.patch
# Fix exported symbol versions
-bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch
bugfix/all/module-disable-matching-missing-version-crc.patch
# ABI maintenance
diff --git a/debian/patches/series-orig b/debian/patches/series-orig
index 3294794..7a4e0e9 100644
--- a/debian/patches/series-orig
+++ b/debian/patches/series-orig
@@ -3,5 +3,4 @@
+ debian/dfsg/vs6624-disable.patch
+ debian/dfsg/drivers-net-appletalk-cops.patch
+ debian/dfsg/video-remove-nvidiafb-and-rivafb.patch
-+ debian/dfsg/firmware-cleanup.patch
X debian/dfsg/files-1
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list