diff --git a/debian/changelog b/debian/changelog index ca747c8eb..b912cd734 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,13 @@ -linux (4.11.11-2) UNRELEASED; urgency=medium +linux (4.12.2-1~exp1) UNRELEASED; urgency=medium + * New upstream release: https://kernelnewbies.org/Linux_4.12 + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.1 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.2 + + [ Ben Hutchings ] * Add script to regenerate lockdown patch series from git + * [rt] Disable until it is updated for 4.12 or later -- Ben Hutchings Tue, 18 Jul 2017 00:04:07 +0100 diff --git a/debian/config/defines b/debian/config/defines index 5ac9c6e92..03e509c38 100644 --- a/debian/config/defines +++ b/debian/config/defines @@ -95,7 +95,7 @@ debug-info: true signed-modules: false [featureset-rt_base] -enabled: true +enabled: false [description] part-long-up: This kernel is not suitable for SMP (multi-processor, diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch index fe0d5f1b1..7f9d96def 100644 --- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch +++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch @@ -53,7 +53,7 @@ upstream submission. /* disable MPU */ --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c -@@ -734,10 +734,8 @@ static enum ucode_state request_microcod +@@ -732,10 +732,8 @@ static enum ucode_state request_microcod if (c->x86 >= 0x15) snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); @@ -168,7 +168,7 @@ upstream submission. --- a/drivers/bluetooth/btmrvl_sdio.c +++ b/drivers/bluetooth/btmrvl_sdio.c -@@ -452,8 +452,6 @@ static int btmrvl_sdio_download_helper(s +@@ -455,8 +455,6 @@ static int btmrvl_sdio_download_helper(s ret = request_firmware(&fw_helper, card->helper, &card->func->dev); if ((ret < 0) || !fw_helper) { @@ -177,7 +177,7 @@ upstream submission. ret = -ENOENT; goto done; } -@@ -552,8 +550,6 @@ static int btmrvl_sdio_download_fw_w_hel +@@ -555,8 +553,6 @@ static int btmrvl_sdio_download_fw_w_hel ret = request_firmware(&fw_firmware, card->firmware, &card->func->dev); if ((ret < 0) || !fw_firmware) { @@ -203,7 +203,7 @@ upstream submission. fw->size, fw_name); --- a/drivers/dma/imx-sdma.c +++ b/drivers/dma/imx-sdma.c -@@ -1438,11 +1438,8 @@ static void sdma_load_firmware(const str +@@ -1453,11 +1453,8 @@ static void sdma_load_firmware(const str const struct sdma_script_start_addrs *addr; unsigned short *ram_code; @@ -233,7 +233,7 @@ upstream submission. where = 0; --- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c -@@ -1821,10 +1821,8 @@ gf100_gr_ctor_fw_legacy(struct gf100_gr +@@ -1833,10 +1833,8 @@ gf100_gr_ctor_fw_legacy(struct gf100_gr if (ret) { snprintf(f, sizeof(f), "nouveau/%s", fwname); ret = request_firmware(&fw, f, device->dev); @@ -252,50 +252,47 @@ upstream submission. rc = request_firmware(&fw, FIRMWARE_NAME, &pdev->dev); platform_device_unregister(pdev); - if (rc) { -- printk(KERN_ERR "r128_cce: Failed to load firmware \"%s\"\n", +- pr_err("r128_cce: Failed to load firmware \"%s\"\n", - FIRMWARE_NAME); + if (rc) return rc; - } if (fw->size != 256 * 8) { - printk(KERN_ERR + pr_err("r128_cce: Bogus length %zu in firmware \"%s\"\n", --- a/drivers/gpu/drm/radeon/ni.c +++ b/drivers/gpu/drm/radeon/ni.c -@@ -837,10 +837,6 @@ int ni_init_microcode(struct radeon_devi +@@ -830,9 +830,6 @@ int ni_init_microcode(struct radeon_devi out: if (err) { - if (err != -EINVAL) -- printk(KERN_ERR -- "ni_cp: Failed to load firmware \"%s\"\n", +- pr_err("ni_cp: Failed to load firmware \"%s\"\n", - fw_name); release_firmware(rdev->pfp_fw); rdev->pfp_fw = NULL; release_firmware(rdev->me_fw); --- a/drivers/gpu/drm/radeon/r100.c +++ b/drivers/gpu/drm/radeon/r100.c -@@ -1041,10 +1041,7 @@ static int r100_cp_init_microcode(struct +@@ -1041,9 +1041,7 @@ static int r100_cp_init_microcode(struct } err = request_firmware(&rdev->me_fw, fw_name, rdev->dev); - if (err) { -- printk(KERN_ERR "radeon_cp: Failed to load firmware \"%s\"\n", -- fw_name); +- pr_err("radeon_cp: Failed to load firmware \"%s\"\n", fw_name); - } else if (rdev->me_fw->size % 8) { + if (err == 0 && rdev->me_fw->size % 8) { - printk(KERN_ERR - "radeon_cp: Bogus length %zu in firmware \"%s\"\n", + pr_err("radeon_cp: Bogus length %zu in firmware \"%s\"\n", rdev->me_fw->size, fw_name); + err = -EINVAL; --- a/drivers/gpu/drm/radeon/r600.c +++ b/drivers/gpu/drm/radeon/r600.c -@@ -2599,10 +2599,6 @@ int r600_init_microcode(struct radeon_de +@@ -2593,9 +2593,6 @@ int r600_init_microcode(struct radeon_de out: if (err) { - if (err != -EINVAL) -- printk(KERN_ERR -- "r600_cp: Failed to load firmware \"%s\"\n", +- pr_err("r600_cp: Failed to load firmware \"%s\"\n", - fw_name); release_firmware(rdev->pfp_fw); rdev->pfp_fw = NULL; @@ -316,7 +313,7 @@ upstream submission. ret = qib_ibsd_ucode_loaded(dd->pport, fw); --- a/drivers/input/touchscreen/atmel_mxt_ts.c +++ b/drivers/input/touchscreen/atmel_mxt_ts.c -@@ -2714,10 +2714,8 @@ static int mxt_load_fw(struct device *de +@@ -2715,10 +2715,8 @@ static int mxt_load_fw(struct device *de int ret; ret = request_firmware(&fw, fn, dev); @@ -505,7 +502,7 @@ upstream submission. if (state->microcode == NULL) { --- a/drivers/media/dvb-frontends/drxk_hard.c +++ b/drivers/media/dvb-frontends/drxk_hard.c -@@ -6280,10 +6280,6 @@ static void load_firmware_cb(const struc +@@ -6281,10 +6281,6 @@ static void load_firmware_cb(const struc dprintk(1, ": %s\n", fw ? "firmware loaded" : "firmware not loaded"); if (!fw) { @@ -911,7 +908,7 @@ upstream submission. pr_err("ERROR: Firmware size mismatch (have %zu, expected %d)\n", --- a/drivers/media/pci/cx23885/cx23885-cards.c +++ b/drivers/media/pci/cx23885/cx23885-cards.c -@@ -2339,10 +2339,7 @@ void cx23885_card_setup(struct cx23885_d +@@ -2338,10 +2338,7 @@ void cx23885_card_setup(struct cx23885_d cinfo.rev, filename); ret = request_firmware(&fw, filename, &dev->pci->dev); @@ -1022,7 +1019,7 @@ upstream submission. pdata = (__le32 *) &dev->fw_data->fw->data[fw_size - 8]; --- a/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c +++ b/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c -@@ -95,10 +95,8 @@ int s5p_mfc_load_firmware(struct s5p_mfc +@@ -66,10 +66,8 @@ int s5p_mfc_load_firmware(struct s5p_mfc } } @@ -1031,7 +1028,7 @@ upstream submission. + if (err != 0) return -EINVAL; - } - if (fw_blob->size > dev->fw_size) { + if (fw_blob->size > dev->fw_buf.size) { mfc_err("MFC firmware is too big to be loaded\n"); release_firmware(fw_blob); --- a/drivers/media/pci/saa7164/saa7164-fw.c @@ -1081,7 +1078,7 @@ upstream submission. /* parse the firmware */ --- a/drivers/net/ethernet/3com/typhoon.c +++ b/drivers/net/ethernet/3com/typhoon.c -@@ -1284,11 +1284,8 @@ typhoon_request_firmware(struct typhoon +@@ -1283,11 +1283,8 @@ typhoon_request_firmware(struct typhoon return 0; err = request_firmware(&typhoon_fw, FIRMWARE_NAME, &tp->pdev->dev); @@ -1176,7 +1173,7 @@ upstream submission. if (rc) { --- a/drivers/net/ethernet/broadcom/tg3.c +++ b/drivers/net/ethernet/broadcom/tg3.c -@@ -11350,11 +11350,8 @@ static int tg3_request_firmware(struct t +@@ -11357,11 +11357,8 @@ static int tg3_request_firmware(struct t { const struct tg3_firmware_hdr *fw_hdr; @@ -1284,7 +1281,7 @@ upstream submission. for (i = 0; i < fw->size; i++) { --- a/drivers/net/ethernet/sun/cassini.c +++ b/drivers/net/ethernet/sun/cassini.c -@@ -816,11 +816,8 @@ static void cas_saturn_firmware_init(str +@@ -817,11 +817,8 @@ static void cas_saturn_firmware_init(str return; err = request_firmware(&fw, fw_name, &cp->pdev->dev); @@ -1314,7 +1311,7 @@ upstream submission. fw->size, fw_name[predef]); --- a/drivers/net/usb/kaweth.c +++ b/drivers/net/usb/kaweth.c -@@ -392,10 +392,8 @@ static int kaweth_download_firmware(stru +@@ -390,10 +390,8 @@ static int kaweth_download_firmware(stru int ret; ret = request_firmware(&fw, fwname, &kaweth->dev->dev); @@ -1369,7 +1366,7 @@ upstream submission. fwh = (struct at76_fw_header *)(fwe->fw->data); --- a/drivers/net/wireless/ath/ath9k/hif_usb.c +++ b/drivers/net/wireless/ath/ath9k/hif_usb.c -@@ -1161,9 +1161,6 @@ static void ath9k_hif_usb_firmware_cb(co +@@ -1162,9 +1162,6 @@ static void ath9k_hif_usb_firmware_cb(co if (!ret) return; @@ -1509,18 +1506,15 @@ upstream submission. else --- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c -@@ -222,10 +222,8 @@ static int iwl_request_firmware(struct i - sprintf(tag, "%d", drv->fw_index); +@@ -230,8 +230,6 @@ static int iwl_request_firmware(struct i } -- if (drv->fw_index < drv->trans->cfg->ucode_api_min) { + if (drv->fw_index < cfg->ucode_api_min) { - IWL_ERR(drv, "no suitable firmware found!\n"); -+ if (drv->fw_index < drv->trans->cfg->ucode_api_min) - return -ENOENT; -- } - - snprintf(drv->firmware_name, sizeof(drv->firmware_name), "%s%s.ucode", - name_pre, tag); +- + if (cfg->ucode_api_min == cfg->ucode_api_max) { + IWL_ERR(drv, "%s%d is required\n", fw_pre_name, + cfg->ucode_api_max); --- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c +++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c @@ -818,8 +818,6 @@ static int if_usb_prog_firmware(struct i @@ -1534,7 +1528,7 @@ upstream submission. } --- a/drivers/net/wireless/marvell/mwifiex/main.c +++ b/drivers/net/wireless/marvell/mwifiex/main.c -@@ -521,11 +521,8 @@ static void mwifiex_fw_dpc(const struct +@@ -522,11 +522,8 @@ static int _mwifiex_fw_dpc(const struct struct wireless_dev *wdev; struct completion *fw_done = adapter->fw_done; @@ -1628,7 +1622,7 @@ upstream submission. --- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c +++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -@@ -1665,7 +1665,6 @@ static int ezusb_probe(struct usb_interf +@@ -1678,7 +1678,6 @@ static int ezusb_probe(struct usb_interf if (ezusb_firmware_download(upriv, &firmware) < 0) goto error; } else { @@ -1868,7 +1862,7 @@ upstream submission. } --- a/drivers/scsi/ipr.c +++ b/drivers/scsi/ipr.c -@@ -4041,10 +4041,8 @@ static ssize_t ipr_store_update_fw(struc +@@ -4083,10 +4083,8 @@ static ssize_t ipr_store_update_fw(struc if (endline) *endline = '\0'; @@ -1941,7 +1935,7 @@ upstream submission. if (qla82xx_validate_firmware_blob(vha, --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -5956,8 +5956,6 @@ qla2x00_request_firmware(scsi_qla_host_t +@@ -5967,8 +5967,6 @@ qla2x00_request_firmware(scsi_qla_host_t goto out; if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) { @@ -2342,7 +2336,7 @@ upstream submission. --- a/drivers/usb/serial/ti_usb_3410_5052.c +++ b/drivers/usb/serial/ti_usb_3410_5052.c -@@ -1702,10 +1702,8 @@ static int ti_download_firmware(struct t +@@ -1696,10 +1696,8 @@ static int ti_download_firmware(struct t } check_firmware: @@ -2499,7 +2493,7 @@ upstream submission. snd_emu1010_fpga_read(emu, EMU_HANA_ID, ®); --- a/sound/pci/hda/hda_intel.c +++ b/sound/pci/hda/hda_intel.c -@@ -1827,10 +1827,8 @@ static void azx_firmware_cb(const struct +@@ -1958,10 +1958,8 @@ static void azx_firmware_cb(const struct struct azx *chip = card->private_data; struct pci_dev *pci = chip->pci; diff --git a/debian/patches/bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch b/debian/patches/bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch index 808268719..de4a9d0b4 100644 --- a/debian/patches/bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch +++ b/debian/patches/bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch @@ -30,21 +30,12 @@ Signed-off-by: Ben Hutchings include include/config/auto.conf include scripts/Kbuild.include -@@ -22,7 +22,7 @@ include $(src)/Makefile - - PHONY += __dtbs_install_prep - __dtbs_install_prep: --ifeq ("$(dtbinst-root)", "$(obj)") -+ifeq ("$(dtbinst_root)", "$(obj)") - $(Q)mkdir -p $(INSTALL_DTBS_PATH) - endif - -@@ -33,7 +33,7 @@ dtbinst-dirs := $(dts-dirs) +@@ -27,7 +27,7 @@ dtbinst-dirs := $(dts-dirs) quiet_cmd_dtb_install = INSTALL $< cmd_dtb_install = mkdir -p $(2); cp $< $(2) -install-dir = $(patsubst $(dtbinst-root)%,$(INSTALL_DTBS_PATH)%,$(obj)) +install-dir = $(patsubst $(dtbinst_root)%,$(INSTALL_DTBS_PATH)%,$(obj)) - $(dtbinst-files) $(dtbinst-dirs): | __dtbs_install_prep - + $(dtbinst-files): %.dtb: $(obj)/%.dtb + $(call cmd,dtb_install,$(install-dir)) diff --git a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch index 2b136e642..4c523500a 100644 --- a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch +++ b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch @@ -26,14 +26,14 @@ Signed-off-by: Ben Hutchings # Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586) cc-option = $(call try-run,\ -- $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2)) -+ $(CC) $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2)) +- $(CC) -Werror $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2)) ++ $(CC) -Werror $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2)) # cc-option-yn # Usage: flag := $(call cc-option-yn,-march=winchip-c6) cc-option-yn = $(call try-run,\ -- $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n) -+ $(CC) $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n) +- $(CC) -Werror $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n) ++ $(CC) -Werror $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n) # cc-option-align # Prefix align with either -falign or -malign @@ -41,8 +41,8 @@ Signed-off-by: Ben Hutchings # cc-disable-warning # Usage: cflags-y += $(call cc-disable-warning,unused-but-set-variable) cc-disable-warning = $(call try-run,\ -- $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1))) -+ $(CC) $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1))) +- $(CC) -Werror $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1))) ++ $(CC) -Werror $(NOSTDINC_FLAGS) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1))) # cc-name # Expands to either gcc or clang @@ -60,7 +60,7 @@ Signed-off-by: Ben Hutchings # cc-ifversion # Usage: EXTRA_CFLAGS += $(call cc-ifversion, -lt, 0402, -O1) -@@ -156,7 +157,7 @@ cc-ldoption = $(call try-run,\ +@@ -160,7 +161,7 @@ cc-ldoption = $(call try-run,\ # ld-option # Usage: LDFLAGS += $(call ld-option, -X) ld-option = $(call try-run,\ @@ -71,7 +71,7 @@ Signed-off-by: Ben Hutchings # Usage: KBUILD_ARFLAGS := $(call ar-option,D) --- a/Makefile +++ b/Makefile -@@ -642,6 +642,8 @@ endif +@@ -648,6 +648,8 @@ endif KBUILD_CFLAGS += $(call cc-ifversion, -lt, 0409, \ $(call cc-disable-warning,maybe-uninitialized,)) @@ -80,7 +80,7 @@ Signed-off-by: Ben Hutchings # Tell gcc to never replace conditional load with a non-conditional one KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) -@@ -760,7 +762,7 @@ KBUILD_CFLAGS += $(call cc-option, -fno- +@@ -787,7 +789,7 @@ KBUILD_CFLAGS += $(call cc-option,-fdata endif # arch Makefile may override CC so keep this after arch Makefile is included diff --git a/debian/patches/bugfix/all/nfsv4-fix-callback-server-shutdown.patch b/debian/patches/bugfix/all/nfsv4-fix-callback-server-shutdown.patch deleted file mode 100644 index 8533317bf..000000000 --- a/debian/patches/bugfix/all/nfsv4-fix-callback-server-shutdown.patch +++ /dev/null @@ -1,147 +0,0 @@ -From: Trond Myklebust -Date: Wed, 26 Apr 2017 11:55:27 -0400 -Subject: [2/2] NFSv4: Fix callback server shutdown -Origin: https://git.kernel.org/linus/ed6473ddc704a2005b9900ca08e236ebb2d8540a -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9059 - -We want to use kthread_stop() in order to ensure the threads are -shut down before we tear down the nfs_callback_info in nfs_callback_down. - -Tested-and-reviewed-by: Kinglong Mee -Reported-by: Kinglong Mee -Fixes: bb6aeba736ba9 ("NFSv4.x: Switch to using svc_set_num_threads()...") -Signed-off-by: Trond Myklebust -Signed-off-by: J. Bruce Fields ---- - fs/nfs/callback.c | 24 ++++++++++++++++-------- - include/linux/sunrpc/svc.h | 1 + - net/sunrpc/svc.c | 38 ++++++++++++++++++++++++++++++++++++++ - 3 files changed, 55 insertions(+), 8 deletions(-) - ---- a/fs/nfs/callback.c -+++ b/fs/nfs/callback.c -@@ -75,7 +75,10 @@ nfs4_callback_svc(void *vrqstp) - - set_freezable(); - -- while (!kthread_should_stop()) { -+ while (!kthread_freezable_should_stop(NULL)) { -+ -+ if (signal_pending(current)) -+ flush_signals(current); - /* - * Listen for a request on the socket - */ -@@ -84,6 +87,8 @@ nfs4_callback_svc(void *vrqstp) - continue; - svc_process(rqstp); - } -+ svc_exit_thread(rqstp); -+ module_put_and_exit(0); - return 0; - } - -@@ -102,9 +107,10 @@ nfs41_callback_svc(void *vrqstp) - - set_freezable(); - -- while (!kthread_should_stop()) { -- if (try_to_freeze()) -- continue; -+ while (!kthread_freezable_should_stop(NULL)) { -+ -+ if (signal_pending(current)) -+ flush_signals(current); - - prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE); - spin_lock_bh(&serv->sv_cb_lock); -@@ -120,11 +126,13 @@ nfs41_callback_svc(void *vrqstp) - error); - } else { - spin_unlock_bh(&serv->sv_cb_lock); -- schedule(); -+ if (!kthread_should_stop()) -+ schedule(); - finish_wait(&serv->sv_cb_waitq, &wq); - } -- flush_signals(current); - } -+ svc_exit_thread(rqstp); -+ module_put_and_exit(0); - return 0; - } - -@@ -220,14 +228,14 @@ err_bind: - static struct svc_serv_ops nfs40_cb_sv_ops = { - .svo_function = nfs4_callback_svc, - .svo_enqueue_xprt = svc_xprt_do_enqueue, -- .svo_setup = svc_set_num_threads, -+ .svo_setup = svc_set_num_threads_sync, - .svo_module = THIS_MODULE, - }; - #if defined(CONFIG_NFS_V4_1) - static struct svc_serv_ops nfs41_cb_sv_ops = { - .svo_function = nfs41_callback_svc, - .svo_enqueue_xprt = svc_xprt_do_enqueue, -- .svo_setup = svc_set_num_threads, -+ .svo_setup = svc_set_num_threads_sync, - .svo_module = THIS_MODULE, - }; - ---- a/include/linux/sunrpc/svc.h -+++ b/include/linux/sunrpc/svc.h -@@ -470,6 +470,7 @@ void svc_pool_map_put(void); - struct svc_serv * svc_create_pooled(struct svc_program *, unsigned int, - struct svc_serv_ops *); - int svc_set_num_threads(struct svc_serv *, struct svc_pool *, int); -+int svc_set_num_threads_sync(struct svc_serv *, struct svc_pool *, int); - int svc_pool_stats_open(struct svc_serv *serv, struct file *file); - void svc_destroy(struct svc_serv *); - void svc_shutdown_net(struct svc_serv *, struct net *); ---- a/net/sunrpc/svc.c -+++ b/net/sunrpc/svc.c -@@ -795,6 +795,44 @@ svc_set_num_threads(struct svc_serv *ser - } - EXPORT_SYMBOL_GPL(svc_set_num_threads); - -+/* destroy old threads */ -+static int -+svc_stop_kthreads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) -+{ -+ struct task_struct *task; -+ unsigned int state = serv->sv_nrthreads-1; -+ -+ /* destroy old threads */ -+ do { -+ task = choose_victim(serv, pool, &state); -+ if (task == NULL) -+ break; -+ kthread_stop(task); -+ nrservs++; -+ } while (nrservs < 0); -+ return 0; -+} -+ -+int -+svc_set_num_threads_sync(struct svc_serv *serv, struct svc_pool *pool, int nrservs) -+{ -+ if (pool == NULL) { -+ /* The -1 assumes caller has done a svc_get() */ -+ nrservs -= (serv->sv_nrthreads-1); -+ } else { -+ spin_lock_bh(&pool->sp_lock); -+ nrservs -= pool->sp_nrthreads; -+ spin_unlock_bh(&pool->sp_lock); -+ } -+ -+ if (nrservs > 0) -+ return svc_start_kthreads(serv, pool, nrservs); -+ if (nrservs < 0) -+ return svc_stop_kthreads(serv, pool, nrservs); -+ return 0; -+} -+EXPORT_SYMBOL_GPL(svc_set_num_threads_sync); -+ - /* - * Called from a server thread as it's exiting. Caller must hold the "service - * mutex" for the service. diff --git a/debian/patches/bugfix/all/sunrpc-refactor-svc_set_num_threads.patch b/debian/patches/bugfix/all/sunrpc-refactor-svc_set_num_threads.patch deleted file mode 100644 index 5fae92876..000000000 --- a/debian/patches/bugfix/all/sunrpc-refactor-svc_set_num_threads.patch +++ /dev/null @@ -1,154 +0,0 @@ -From: Trond Myklebust -Date: Wed, 26 Apr 2017 11:55:26 -0400 -Subject: [1/2] SUNRPC: Refactor svc_set_num_threads() -Origin: https://git.kernel.org/linus/9e0d87680d689f1758185851c3da6eafb16e71e1 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9059 - -Refactor to separate out the functions of starting and stopping threads -so that they can be used in other helpers. - -Signed-off-by: Trond Myklebust -Tested-and-reviewed-by: Kinglong Mee -Signed-off-by: J. Bruce Fields ---- - net/sunrpc/svc.c | 96 ++++++++++++++++++++++++++++++++++---------------------- - 1 file changed, 58 insertions(+), 38 deletions(-) - -diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c -index a08aeb56b8e4..98dc33ae738b 100644 ---- a/net/sunrpc/svc.c -+++ b/net/sunrpc/svc.c -@@ -702,59 +702,32 @@ choose_victim(struct svc_serv *serv, struct svc_pool *pool, unsigned int *state) - return task; - } - --/* -- * Create or destroy enough new threads to make the number -- * of threads the given number. If `pool' is non-NULL, applies -- * only to threads in that pool, otherwise round-robins between -- * all pools. Caller must ensure that mutual exclusion between this and -- * server startup or shutdown. -- * -- * Destroying threads relies on the service threads filling in -- * rqstp->rq_task, which only the nfs ones do. Assumes the serv -- * has been created using svc_create_pooled(). -- * -- * Based on code that used to be in nfsd_svc() but tweaked -- * to be pool-aware. -- */ --int --svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) -+/* create new threads */ -+static int -+svc_start_kthreads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) - { - struct svc_rqst *rqstp; - struct task_struct *task; - struct svc_pool *chosen_pool; -- int error = 0; - unsigned int state = serv->sv_nrthreads-1; - int node; - -- if (pool == NULL) { -- /* The -1 assumes caller has done a svc_get() */ -- nrservs -= (serv->sv_nrthreads-1); -- } else { -- spin_lock_bh(&pool->sp_lock); -- nrservs -= pool->sp_nrthreads; -- spin_unlock_bh(&pool->sp_lock); -- } -- -- /* create new threads */ -- while (nrservs > 0) { -+ do { - nrservs--; - chosen_pool = choose_pool(serv, pool, &state); - - node = svc_pool_map_get_node(chosen_pool->sp_id); - rqstp = svc_prepare_thread(serv, chosen_pool, node); -- if (IS_ERR(rqstp)) { -- error = PTR_ERR(rqstp); -- break; -- } -+ if (IS_ERR(rqstp)) -+ return PTR_ERR(rqstp); - - __module_get(serv->sv_ops->svo_module); - task = kthread_create_on_node(serv->sv_ops->svo_function, rqstp, - node, "%s", serv->sv_name); - if (IS_ERR(task)) { -- error = PTR_ERR(task); - module_put(serv->sv_ops->svo_module); - svc_exit_thread(rqstp); -- break; -+ return PTR_ERR(task); - } - - rqstp->rq_task = task; -@@ -763,15 +736,62 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) - - svc_sock_update_bufs(serv); - wake_up_process(task); -- } -+ } while (nrservs > 0); -+ -+ return 0; -+} -+ -+ -+/* destroy old threads */ -+static int -+svc_signal_kthreads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) -+{ -+ struct task_struct *task; -+ unsigned int state = serv->sv_nrthreads-1; -+ - /* destroy old threads */ -- while (nrservs < 0 && -- (task = choose_victim(serv, pool, &state)) != NULL) { -+ do { -+ task = choose_victim(serv, pool, &state); -+ if (task == NULL) -+ break; - send_sig(SIGINT, task, 1); - nrservs++; -+ } while (nrservs < 0); -+ -+ return 0; -+} -+ -+/* -+ * Create or destroy enough new threads to make the number -+ * of threads the given number. If `pool' is non-NULL, applies -+ * only to threads in that pool, otherwise round-robins between -+ * all pools. Caller must ensure that mutual exclusion between this and -+ * server startup or shutdown. -+ * -+ * Destroying threads relies on the service threads filling in -+ * rqstp->rq_task, which only the nfs ones do. Assumes the serv -+ * has been created using svc_create_pooled(). -+ * -+ * Based on code that used to be in nfsd_svc() but tweaked -+ * to be pool-aware. -+ */ -+int -+svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) -+{ -+ if (pool == NULL) { -+ /* The -1 assumes caller has done a svc_get() */ -+ nrservs -= (serv->sv_nrthreads-1); -+ } else { -+ spin_lock_bh(&pool->sp_lock); -+ nrservs -= pool->sp_nrthreads; -+ spin_unlock_bh(&pool->sp_lock); - } - -- return error; -+ if (nrservs > 0) -+ return svc_start_kthreads(serv, pool, nrservs); -+ if (nrservs < 0) -+ return svc_signal_kthreads(serv, pool, nrservs); -+ return 0; - } - EXPORT_SYMBOL_GPL(svc_set_num_threads); - diff --git a/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch b/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch index 9d07fbc41..a8b64755e 100644 --- a/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch +++ b/debian/patches/bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch @@ -7,23 +7,13 @@ It is not correct to test that a syscall works on the build system's kernel. We might be building on an earlier kernel version or with security restrictions that block bpf(). -Also fix the test for whether __NR_bpf is defined. - Signed-off-by: Ben Hutchings --- --- a/tools/build/feature/test-bpf.c +++ b/tools/build/feature/test-bpf.c -@@ -9,6 +9,7 @@ - # define __NR_bpf 321 - # elif defined(__aarch64__) - # define __NR_bpf 280 -+# else - # error __NR_bpf not defined. libbpf does not support your arch. - # endif - #endif -@@ -27,9 +28,5 @@ int main(void) - attr.log_level = 0; +@@ -31,9 +31,5 @@ int main(void) attr.kern_version = 0; + attr.prog_flags = 0; - /* - * Test existence of __NR_bpf and BPF_PROG_LOAD. diff --git a/debian/patches/bugfix/all/tracing-Use-strlcpy-instead-of-strcpy-in-__trace_fin.patch b/debian/patches/bugfix/all/tracing-Use-strlcpy-instead-of-strcpy-in-__trace_fin.patch deleted file mode 100644 index 2a97a2d4e..000000000 --- a/debian/patches/bugfix/all/tracing-Use-strlcpy-instead-of-strcpy-in-__trace_fin.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Amey Telawane -Date: Wed, 3 May 2017 15:41:14 +0530 -Subject: tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() -Origin: https://git.kernel.org/linus/e09e28671cda63e6308b31798b997639120e2a21 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-0605 - -Strcpy is inherently not safe, and strlcpy() should be used instead. -__trace_find_cmdline() uses strcpy() because the comms saved must have a -terminating nul character, but it doesn't hurt to add the extra protection -of using strlcpy() instead of strcpy(). - -Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@linaro.org - -Signed-off-by: Amey Telawane -[AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10 -https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477] -Signed-off-by: Amit Pundir -[ Updated change log and removed the "- 1" from len parameter ] -Signed-off-by: Steven Rostedt (VMware) ---- - kernel/trace/trace.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/kernel/trace/trace.c -+++ b/kernel/trace/trace.c -@@ -1862,7 +1862,7 @@ static void __trace_find_cmdline(int pid - - map = savedcmd->map_pid_to_cmdline[pid]; - if (map != NO_CMDLINE_MAP) -- strcpy(comm, get_saved_cmdlines(map)); -+ strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN); - else - strcpy(comm, "<...>"); - } diff --git a/debian/patches/bugfix/all/usbip-Fix-potential-format-overflow-in-userspace-too.patch b/debian/patches/bugfix/all/usbip-Fix-potential-format-overflow-in-userspace-too.patch deleted file mode 100644 index 77bdc937e..000000000 --- a/debian/patches/bugfix/all/usbip-Fix-potential-format-overflow-in-userspace-too.patch +++ /dev/null @@ -1,106 +0,0 @@ -From: Jonathan Dieter -Date: Mon, 27 Feb 2017 10:31:03 +0200 -Subject: usbip: Fix potential format overflow in userspace tools -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/commit?id=e5dfa3f902b9a642ae8c6997d57d7c41e384a90b - -The usbip userspace tools call sprintf()/snprintf() and don't check for -the return value which can lead the paths to overflow, truncating the -final file in the path. - -More urgently, GCC 7 now warns that these aren't checked with --Wformat-overflow, and with -Werror enabled in configure.ac, that makes -these tools unbuildable. - -This patch fixes these problems by replacing sprintf() with snprintf() in -one place and adding checks for the return value of snprintf(). - -Reviewed-by: Peter Senna Tschudin -Signed-off-by: Jonathan Dieter -Acked-by: Shuah Khan -Signed-off-by: Greg Kroah-Hartman ---- - tools/usb/usbip/libsrc/usbip_common.c | 9 ++++++++- - tools/usb/usbip/libsrc/usbip_host_common.c | 28 +++++++++++++++++++++++----- - 2 files changed, 31 insertions(+), 6 deletions(-) - -diff --git a/tools/usb/usbip/libsrc/usbip_common.c b/tools/usb/usbip/libsrc/usbip_common.c -index ac73710473de..1517a232ab18 100644 ---- a/tools/usb/usbip/libsrc/usbip_common.c -+++ b/tools/usb/usbip/libsrc/usbip_common.c -@@ -215,9 +215,16 @@ int read_usb_interface(struct usbip_usb_device *udev, int i, - struct usbip_usb_interface *uinf) - { - char busid[SYSFS_BUS_ID_SIZE]; -+ int size; - struct udev_device *sif; - -- sprintf(busid, "%s:%d.%d", udev->busid, udev->bConfigurationValue, i); -+ size = snprintf(busid, sizeof(busid), "%s:%d.%d", -+ udev->busid, udev->bConfigurationValue, i); -+ if (size < 0 || (unsigned int)size >= sizeof(busid)) { -+ err("busid length %i >= %lu or < 0", size, -+ (long unsigned)sizeof(busid)); -+ return -1; -+ } - - sif = udev_device_new_from_subsystem_sysname(udev_context, "usb", busid); - if (!sif) { -diff --git a/tools/usb/usbip/libsrc/usbip_host_common.c b/tools/usb/usbip/libsrc/usbip_host_common.c -index 9d415228883d..6ff7b601f854 100644 ---- a/tools/usb/usbip/libsrc/usbip_host_common.c -+++ b/tools/usb/usbip/libsrc/usbip_host_common.c -@@ -40,13 +40,20 @@ struct udev *udev_context; - static int32_t read_attr_usbip_status(struct usbip_usb_device *udev) - { - char status_attr_path[SYSFS_PATH_MAX]; -+ int size; - int fd; - int length; - char status; - int value = 0; - -- snprintf(status_attr_path, SYSFS_PATH_MAX, "%s/usbip_status", -- udev->path); -+ size = snprintf(status_attr_path, sizeof(status_attr_path), -+ "%s/usbip_status", udev->path); -+ if (size < 0 || (unsigned int)size >= sizeof(status_attr_path)) { -+ err("usbip_status path length %i >= %lu or < 0", size, -+ (long unsigned)sizeof(status_attr_path)); -+ return -1; -+ } -+ - - fd = open(status_attr_path, O_RDONLY); - if (fd < 0) { -@@ -218,6 +225,7 @@ int usbip_export_device(struct usbip_exported_device *edev, int sockfd) - { - char attr_name[] = "usbip_sockfd"; - char sockfd_attr_path[SYSFS_PATH_MAX]; -+ int size; - char sockfd_buff[30]; - int ret; - -@@ -237,10 +245,20 @@ int usbip_export_device(struct usbip_exported_device *edev, int sockfd) - } - - /* only the first interface is true */ -- snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s", -- edev->udev.path, attr_name); -+ size = snprintf(sockfd_attr_path, sizeof(sockfd_attr_path), "%s/%s", -+ edev->udev.path, attr_name); -+ if (size < 0 || (unsigned int)size >= sizeof(sockfd_attr_path)) { -+ err("exported device path length %i >= %lu or < 0", size, -+ (long unsigned)sizeof(sockfd_attr_path)); -+ return -1; -+ } - -- snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd); -+ size = snprintf(sockfd_buff, sizeof(sockfd_buff), "%d\n", sockfd); -+ if (size < 0 || (unsigned int)size >= sizeof(sockfd_buff)) { -+ err("socket length %i >= %lu or < 0", size, -+ (long unsigned)sizeof(sockfd_buff)); -+ return -1; -+ } - - ret = write_sysfs_attribute(sockfd_attr_path, sockfd_buff, - strlen(sockfd_buff)); diff --git a/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch b/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch index 18998a5c4..e041716f0 100644 --- a/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch +++ b/debian/patches/bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch @@ -6,6 +6,9 @@ Forwarded: not-needed This reverts commit 00fc0e0dda6286407f3854cd71a125f519a5689c because symbols exported from assembly don't automatically get modversions (ABI hashes). + +Commit 8525023121de "alpha: switch __copy_user() and __do_clean_user() to +normal calling conventions" renamed __do_clear_user() to __clear_user(). --- arch/alpha/include/asm/Kbuild | 1 - arch/alpha/kernel/Makefile | 2 +- @@ -51,11 +54,9 @@ hashes). 41 files changed, 131 insertions(+), 99 deletions(-) create mode 100644 arch/alpha/kernel/alpha_ksyms.c -diff --git a/arch/alpha/include/asm/Kbuild b/arch/alpha/include/asm/Kbuild -index bf8475ce85ee..ffd9cf5ec8c4 100644 --- a/arch/alpha/include/asm/Kbuild +++ b/arch/alpha/include/asm/Kbuild -@@ -3,7 +3,6 @@ +@@ -2,7 +2,6 @@ generic-y += clkdev.h generic-y += exec.h @@ -63,8 +64,6 @@ index bf8475ce85ee..ffd9cf5ec8c4 100644 generic-y += irq_work.h generic-y += mcs_spinlock.h generic-y += mm-arch-hooks.h -diff --git a/arch/alpha/kernel/Makefile b/arch/alpha/kernel/Makefile -index 8ce13d7a2ad3..3ecac0106c8a 100644 --- a/arch/alpha/kernel/Makefile +++ b/arch/alpha/kernel/Makefile @@ -8,7 +8,7 @@ ccflags-y := -Wno-sign-compare @@ -76,9 +75,6 @@ index 8ce13d7a2ad3..3ecac0106c8a 100644 obj-$(CONFIG_VGA_HOSE) += console.o obj-$(CONFIG_SMP) += smp.o -diff --git a/arch/alpha/kernel/alpha_ksyms.c b/arch/alpha/kernel/alpha_ksyms.c -new file mode 100644 -index 000000000000..f4c7ab6f43b0 --- /dev/null +++ b/arch/alpha/kernel/alpha_ksyms.c @@ -0,0 +1,102 @@ @@ -154,7 +150,7 @@ index 000000000000..f4c7ab6f43b0 + * The following are specially called from the uaccess assembly stubs. + */ +EXPORT_SYMBOL(__copy_user); -+EXPORT_SYMBOL(__do_clear_user); ++EXPORT_SYMBOL(__clear_user); + +/* + * SMP-specific symbols. @@ -184,8 +180,6 @@ index 000000000000..f4c7ab6f43b0 +EXPORT_SYMBOL(memcpy); +EXPORT_SYMBOL(memset); +EXPORT_SYMBOL(memchr); -diff --git a/arch/alpha/kernel/machvec_impl.h b/arch/alpha/kernel/machvec_impl.h -index b7d69604b6d2..d3398f6ab74c 100644 --- a/arch/alpha/kernel/machvec_impl.h +++ b/arch/alpha/kernel/machvec_impl.h @@ -144,11 +144,9 @@ @@ -202,11 +196,9 @@ index b7d69604b6d2..d3398f6ab74c 100644 + asm(".global alpha_mv\nalpha_mv = " #system "_mv"); #endif #endif /* GENERIC */ -diff --git a/arch/alpha/kernel/setup.c b/arch/alpha/kernel/setup.c -index 4811e54069fc..b20af76f12c1 100644 --- a/arch/alpha/kernel/setup.c +++ b/arch/alpha/kernel/setup.c -@@ -115,7 +115,6 @@ unsigned long alpha_agpgart_size = DEFAULT_AGP_APER_SIZE; +@@ -115,7 +115,6 @@ unsigned long alpha_agpgart_size = DEFAU #ifdef CONFIG_ALPHA_GENERIC struct alpha_machine_vector alpha_mv; @@ -214,8 +206,6 @@ index 4811e54069fc..b20af76f12c1 100644 #endif #ifndef alpha_using_srm -diff --git a/arch/alpha/lib/callback_srm.S b/arch/alpha/lib/callback_srm.S -index 6093addc931a..8804bec2c644 100644 --- a/arch/alpha/lib/callback_srm.S +++ b/arch/alpha/lib/callback_srm.S @@ -3,7 +3,6 @@ @@ -237,11 +227,9 @@ index 6093addc931a..8804bec2c644 100644 .data __alpha_using_srm: # For use by bootpheader -diff --git a/arch/alpha/lib/checksum.c b/arch/alpha/lib/checksum.c -index b57f8007db14..377f9e34eb97 100644 --- a/arch/alpha/lib/checksum.c +++ b/arch/alpha/lib/checksum.c -@@ -48,7 +48,6 @@ __sum16 csum_tcpudp_magic(__be32 saddr, __be32 daddr, +@@ -48,7 +48,6 @@ __sum16 csum_tcpudp_magic(__be32 saddr, (__force u64)saddr + (__force u64)daddr + (__force u64)sum + ((len + proto) << 8)); } @@ -249,7 +237,7 @@ index b57f8007db14..377f9e34eb97 100644 __wsum csum_tcpudp_nofold(__be32 saddr, __be32 daddr, __u32 len, __u8 proto, __wsum sum) -@@ -145,7 +144,6 @@ __sum16 ip_fast_csum(const void *iph, unsigned int ihl) +@@ -145,7 +144,6 @@ __sum16 ip_fast_csum(const void *iph, un { return (__force __sum16)~do_csum(iph,ihl*4); } @@ -257,13 +245,11 @@ index b57f8007db14..377f9e34eb97 100644 /* * computes the checksum of a memory block at buff, length len, -@@ -180,4 +178,3 @@ __sum16 ip_compute_csum(const void *buff, int len) +@@ -180,4 +178,3 @@ __sum16 ip_compute_csum(const void *buff { return (__force __sum16)~from64to16(do_csum(buff,len)); } -EXPORT_SYMBOL(ip_compute_csum); -diff --git a/arch/alpha/lib/clear_page.S b/arch/alpha/lib/clear_page.S -index 263d7393c0e7..a221ae266e29 100644 --- a/arch/alpha/lib/clear_page.S +++ b/arch/alpha/lib/clear_page.S @@ -3,7 +3,7 @@ @@ -280,25 +266,21 @@ index 263d7393c0e7..a221ae266e29 100644 .end clear_page - EXPORT_SYMBOL(clear_page) -diff --git a/arch/alpha/lib/clear_user.S b/arch/alpha/lib/clear_user.S -index bf5b931866ba..8860316c1957 100644 --- a/arch/alpha/lib/clear_user.S +++ b/arch/alpha/lib/clear_user.S -@@ -24,7 +24,6 @@ - * Clobbers: - * $1,$2,$3,$4,$5,$6 +@@ -9,7 +9,6 @@ + * a successful copy). There is also some rather minor exception setup + * stuff. */ -#include /* Allow an exception for an insn; exit if we get one. */ #define EX(x,y...) \ -@@ -112,4 +111,3 @@ $exception: - ret $31, ($28), 1 # .. e1 : +@@ -98,4 +97,3 @@ $exception: + ret $31, ($26), 1 # .. e1 : - .end __do_clear_user -- EXPORT_SYMBOL(__do_clear_user) -diff --git a/arch/alpha/lib/copy_page.S b/arch/alpha/lib/copy_page.S -index 2ee0bd0508c5..9f3b97459cc6 100644 + .end __clear_user +- EXPORT_SYMBOL(__clear_user) --- a/arch/alpha/lib/copy_page.S +++ b/arch/alpha/lib/copy_page.S @@ -3,7 +3,7 @@ @@ -315,12 +297,10 @@ index 2ee0bd0508c5..9f3b97459cc6 100644 .end copy_page - EXPORT_SYMBOL(copy_page) -diff --git a/arch/alpha/lib/copy_user.S b/arch/alpha/lib/copy_user.S -index 509f62b65311..ac9c3766ba8c 100644 --- a/arch/alpha/lib/copy_user.S +++ b/arch/alpha/lib/copy_user.S -@@ -26,8 +26,6 @@ - * $1,$2,$3,$4,$5,$6,$7 +@@ -11,8 +11,6 @@ + * exception setup stuff.. */ -#include @@ -328,13 +308,11 @@ index 509f62b65311..ac9c3766ba8c 100644 /* Allow an exception for an insn; exit if we get one. */ #define EXI(x,y...) \ 99: x,##y; \ -@@ -131,4 +129,3 @@ $exitout: - ret $31,($28),1 +@@ -117,4 +115,3 @@ $exitout: + ret $31,($26),1 .end __copy_user -EXPORT_SYMBOL(__copy_user) -diff --git a/arch/alpha/lib/csum_ipv6_magic.S b/arch/alpha/lib/csum_ipv6_magic.S -index e74b4544b0cc..2c2acb96deb6 100644 --- a/arch/alpha/lib/csum_ipv6_magic.S +++ b/arch/alpha/lib/csum_ipv6_magic.S @@ -12,7 +12,6 @@ @@ -350,11 +328,9 @@ index e74b4544b0cc..2c2acb96deb6 100644 .end csum_ipv6_magic - EXPORT_SYMBOL(csum_ipv6_magic) -diff --git a/arch/alpha/lib/csum_partial_copy.c b/arch/alpha/lib/csum_partial_copy.c -index b4ff3b683bcd..5675dca8dbb1 100644 --- a/arch/alpha/lib/csum_partial_copy.c +++ b/arch/alpha/lib/csum_partial_copy.c -@@ -374,7 +374,6 @@ csum_partial_copy_from_user(const void __user *src, void *dst, int len, +@@ -368,7 +368,6 @@ csum_partial_copy_from_user(const void _ } return (__force __wsum)checksum; } @@ -362,13 +338,11 @@ index b4ff3b683bcd..5675dca8dbb1 100644 __wsum csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum) -@@ -387,4 +386,3 @@ csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum) +@@ -381,4 +380,3 @@ csum_partial_copy_nocheck(const void *sr set_fs(oldfs); return checksum; } -EXPORT_SYMBOL(csum_partial_copy_nocheck); -diff --git a/arch/alpha/lib/dec_and_lock.c b/arch/alpha/lib/dec_and_lock.c -index 4221b40167ee..f9f5fe830e9f 100644 --- a/arch/alpha/lib/dec_and_lock.c +++ b/arch/alpha/lib/dec_and_lock.c @@ -7,7 +7,6 @@ @@ -379,13 +353,11 @@ index 4221b40167ee..f9f5fe830e9f 100644 asm (".text \n\ .global _atomic_dec_and_lock \n\ -@@ -40,4 +39,3 @@ static int __used atomic_dec_and_lock_1(atomic_t *atomic, spinlock_t *lock) +@@ -40,4 +39,3 @@ static int __used atomic_dec_and_lock_1( spin_unlock(lock); return 0; } -EXPORT_SYMBOL(_atomic_dec_and_lock); -diff --git a/arch/alpha/lib/divide.S b/arch/alpha/lib/divide.S -index 1e33bd127621..2d1a0484a99e 100644 --- a/arch/alpha/lib/divide.S +++ b/arch/alpha/lib/divide.S @@ -45,7 +45,6 @@ @@ -409,8 +381,6 @@ index 1e33bd127621..2d1a0484a99e 100644 ret $31,($23),1 .end sfunction -EXPORT_SYMBOL(sfunction) -diff --git a/arch/alpha/lib/ev6-clear_page.S b/arch/alpha/lib/ev6-clear_page.S -index abe99e69a194..adf4f7be0e2b 100644 --- a/arch/alpha/lib/ev6-clear_page.S +++ b/arch/alpha/lib/ev6-clear_page.S @@ -3,7 +3,7 @@ @@ -427,11 +397,9 @@ index abe99e69a194..adf4f7be0e2b 100644 .end clear_page - EXPORT_SYMBOL(clear_page) -diff --git a/arch/alpha/lib/ev6-clear_user.S b/arch/alpha/lib/ev6-clear_user.S -index 05bef6b50598..4f42a16b7f53 100644 --- a/arch/alpha/lib/ev6-clear_user.S +++ b/arch/alpha/lib/ev6-clear_user.S -@@ -43,7 +43,6 @@ +@@ -28,7 +28,6 @@ * want to leave a hole (and we also want to avoid repeating lots of work) */ @@ -439,14 +407,12 @@ index 05bef6b50598..4f42a16b7f53 100644 /* Allow an exception for an insn; exit if we get one. */ #define EX(x,y...) \ 99: x,##y; \ -@@ -223,4 +222,4 @@ $exception: # Destination for exception recovery(?) +@@ -209,4 +208,4 @@ $exception: # Destination for exceptio nop # .. E .. .. : - ret $31, ($28), 1 # L0 .. .. .. : L U L U - .end __do_clear_user -- EXPORT_SYMBOL(__do_clear_user) + ret $31, ($26), 1 # L0 .. .. .. : L U L U + .end __clear_user +- EXPORT_SYMBOL(__clear_user) + -diff --git a/arch/alpha/lib/ev6-copy_page.S b/arch/alpha/lib/ev6-copy_page.S -index 77935061bddb..b789db192754 100644 --- a/arch/alpha/lib/ev6-copy_page.S +++ b/arch/alpha/lib/ev6-copy_page.S @@ -56,7 +56,7 @@ @@ -463,11 +429,9 @@ index 77935061bddb..b789db192754 100644 .end copy_page - EXPORT_SYMBOL(copy_page) -diff --git a/arch/alpha/lib/ev6-copy_user.S b/arch/alpha/lib/ev6-copy_user.S -index be720b518af9..c4d0689c3d26 100644 --- a/arch/alpha/lib/ev6-copy_user.S +++ b/arch/alpha/lib/ev6-copy_user.S -@@ -37,7 +37,6 @@ +@@ -22,7 +22,6 @@ * L - lower subcluster; L0 - subcluster L0; L1 - subcluster L1 */ @@ -475,14 +439,12 @@ index be720b518af9..c4d0689c3d26 100644 /* Allow an exception for an insn; exit if we get one. */ #define EXI(x,y...) \ 99: x,##y; \ -@@ -236,4 +235,4 @@ $exitout: # Destination for exception recovery(?) - ret $31,($28),1 # L0 .. .. .. : L U L U +@@ -222,4 +221,4 @@ $exitout: # Destination for exception + ret $31,($26),1 # L0 .. .. .. : L U L U .end __copy_user - EXPORT_SYMBOL(__copy_user) + -diff --git a/arch/alpha/lib/ev6-csum_ipv6_magic.S b/arch/alpha/lib/ev6-csum_ipv6_magic.S -index de62627ac4fe..fc0bc399f872 100644 --- a/arch/alpha/lib/ev6-csum_ipv6_magic.S +++ b/arch/alpha/lib/ev6-csum_ipv6_magic.S @@ -52,7 +52,6 @@ @@ -498,8 +460,6 @@ index de62627ac4fe..fc0bc399f872 100644 .end csum_ipv6_magic - EXPORT_SYMBOL(csum_ipv6_magic) -diff --git a/arch/alpha/lib/ev6-divide.S b/arch/alpha/lib/ev6-divide.S -index d18dc0e96e3d..2a82b9be93fa 100644 --- a/arch/alpha/lib/ev6-divide.S +++ b/arch/alpha/lib/ev6-divide.S @@ -55,7 +55,6 @@ @@ -523,8 +483,6 @@ index d18dc0e96e3d..2a82b9be93fa 100644 ret $31,($23),1 # L0 : L U U L .end sfunction -EXPORT_SYMBOL(sfunction) -diff --git a/arch/alpha/lib/ev6-memchr.S b/arch/alpha/lib/ev6-memchr.S -index 419adc53ccb4..1a5f71b9d8b1 100644 --- a/arch/alpha/lib/ev6-memchr.S +++ b/arch/alpha/lib/ev6-memchr.S @@ -27,7 +27,7 @@ @@ -541,8 +499,6 @@ index 419adc53ccb4..1a5f71b9d8b1 100644 .end memchr - EXPORT_SYMBOL(memchr) -diff --git a/arch/alpha/lib/ev6-memcpy.S b/arch/alpha/lib/ev6-memcpy.S -index b19798b2efc0..52b37b0f2af5 100644 --- a/arch/alpha/lib/ev6-memcpy.S +++ b/arch/alpha/lib/ev6-memcpy.S @@ -19,7 +19,7 @@ @@ -562,8 +518,6 @@ index b19798b2efc0..52b37b0f2af5 100644 /* For backwards module compatibility. */ __memcpy = memcpy -diff --git a/arch/alpha/lib/ev6-memset.S b/arch/alpha/lib/ev6-memset.S -index fed21c6893e8..356bb2fdd705 100644 --- a/arch/alpha/lib/ev6-memset.S +++ b/arch/alpha/lib/ev6-memset.S @@ -26,7 +26,7 @@ @@ -601,8 +555,6 @@ index fed21c6893e8..356bb2fdd705 100644 __memset = ___memset - EXPORT_SYMBOL(memset) - EXPORT_SYMBOL(__memset) -diff --git a/arch/alpha/lib/ev67-strcat.S b/arch/alpha/lib/ev67-strcat.S -index b69f60419be1..c426fe3ed72f 100644 --- a/arch/alpha/lib/ev67-strcat.S +++ b/arch/alpha/lib/ev67-strcat.S @@ -19,7 +19,7 @@ @@ -619,8 +571,6 @@ index b69f60419be1..c426fe3ed72f 100644 .end strcat - EXPORT_SYMBOL(strcat) -diff --git a/arch/alpha/lib/ev67-strchr.S b/arch/alpha/lib/ev67-strchr.S -index ea8f2f35db9c..fbb7b4ffade9 100644 --- a/arch/alpha/lib/ev67-strchr.S +++ b/arch/alpha/lib/ev67-strchr.S @@ -15,7 +15,7 @@ @@ -632,13 +582,11 @@ index ea8f2f35db9c..fbb7b4ffade9 100644 #include .set noreorder -@@ -86,4 +86,3 @@ $found: negq t0, t1 # E : clear all but least set bit +@@ -86,4 +86,3 @@ $found: negq t0, t1 # E : clear all ret # L0 : .end strchr - EXPORT_SYMBOL(strchr) -diff --git a/arch/alpha/lib/ev67-strlen.S b/arch/alpha/lib/ev67-strlen.S -index 736fd41884a8..503928072523 100644 --- a/arch/alpha/lib/ev67-strlen.S +++ b/arch/alpha/lib/ev67-strlen.S @@ -17,7 +17,7 @@ @@ -655,8 +603,6 @@ index 736fd41884a8..503928072523 100644 .end strlen - EXPORT_SYMBOL(strlen) -diff --git a/arch/alpha/lib/ev67-strncat.S b/arch/alpha/lib/ev67-strncat.S -index cd35cbade73a..4ae716cd2bfb 100644 --- a/arch/alpha/lib/ev67-strncat.S +++ b/arch/alpha/lib/ev67-strncat.S @@ -20,7 +20,7 @@ @@ -673,8 +619,6 @@ index cd35cbade73a..4ae716cd2bfb 100644 .end strncat - EXPORT_SYMBOL(strncat) -diff --git a/arch/alpha/lib/ev67-strrchr.S b/arch/alpha/lib/ev67-strrchr.S -index 747455f0328c..dd0d8c6b9f59 100644 --- a/arch/alpha/lib/ev67-strrchr.S +++ b/arch/alpha/lib/ev67-strrchr.S @@ -18,7 +18,7 @@ @@ -691,8 +635,6 @@ index 747455f0328c..dd0d8c6b9f59 100644 .end strrchr - EXPORT_SYMBOL(strrchr) -diff --git a/arch/alpha/lib/fpreg.c b/arch/alpha/lib/fpreg.c -index 4aa6dbfa14ee..05017ba34c3c 100644 --- a/arch/alpha/lib/fpreg.c +++ b/arch/alpha/lib/fpreg.c @@ -4,9 +4,6 @@ @@ -713,7 +655,7 @@ index 4aa6dbfa14ee..05017ba34c3c 100644 #if defined(CONFIG_ALPHA_EV6) || defined(CONFIG_ALPHA_EV67) #define LDT(reg,val) asm volatile ("itoft %0,$f"#reg : : "r"(val)); -@@ -101,7 +97,6 @@ alpha_write_fp_reg (unsigned long reg, unsigned long val) +@@ -101,7 +97,6 @@ alpha_write_fp_reg (unsigned long reg, u case 31: LDT(31, val); break; } } @@ -729,13 +671,11 @@ index 4aa6dbfa14ee..05017ba34c3c 100644 #if defined(CONFIG_ALPHA_EV6) || defined(CONFIG_ALPHA_EV67) #define LDS(reg,val) asm volatile ("itofs %0,$f"#reg : : "r"(val)); -@@ -197,4 +191,3 @@ alpha_write_fp_reg_s (unsigned long reg, unsigned long val) +@@ -197,4 +191,3 @@ alpha_write_fp_reg_s (unsigned long reg, case 31: LDS(31, val); break; } } -EXPORT_SYMBOL(alpha_write_fp_reg_s); -diff --git a/arch/alpha/lib/memchr.S b/arch/alpha/lib/memchr.S -index c13d3eca2e05..14427eeb555e 100644 --- a/arch/alpha/lib/memchr.S +++ b/arch/alpha/lib/memchr.S @@ -31,7 +31,7 @@ For correctness consider that: @@ -752,8 +692,6 @@ index c13d3eca2e05..14427eeb555e 100644 .end memchr - EXPORT_SYMBOL(memchr) -diff --git a/arch/alpha/lib/memcpy.c b/arch/alpha/lib/memcpy.c -index 57d9291ad172..64083fc73238 100644 --- a/arch/alpha/lib/memcpy.c +++ b/arch/alpha/lib/memcpy.c @@ -16,7 +16,6 @@ @@ -764,7 +702,7 @@ index 57d9291ad172..64083fc73238 100644 /* * This should be done in one go with ldq_u*2/mask/stq_u. Do it -@@ -159,4 +158,6 @@ void * memcpy(void * dest, const void *src, size_t n) +@@ -159,4 +158,6 @@ void * memcpy(void * dest, const void *s __memcpy_unaligned_up ((unsigned long) dest, (unsigned long) src, n); return dest; } @@ -772,8 +710,6 @@ index 57d9291ad172..64083fc73238 100644 + +/* For backward modules compatibility, define __memcpy. */ +asm("__memcpy = memcpy; .globl __memcpy"); -diff --git a/arch/alpha/lib/memmove.S b/arch/alpha/lib/memmove.S -index 6872c85cb5e5..eb3b6e02242f 100644 --- a/arch/alpha/lib/memmove.S +++ b/arch/alpha/lib/memmove.S @@ -6,7 +6,7 @@ @@ -790,8 +726,6 @@ index 6872c85cb5e5..eb3b6e02242f 100644 .end memmove - EXPORT_SYMBOL(memmove) -diff --git a/arch/alpha/lib/memset.S b/arch/alpha/lib/memset.S -index 89a26f5e89de..76ccc6d1f364 100644 --- a/arch/alpha/lib/memset.S +++ b/arch/alpha/lib/memset.S @@ -13,7 +13,7 @@ @@ -822,8 +756,6 @@ index 89a26f5e89de..76ccc6d1f364 100644 __memset = ___memset - EXPORT_SYMBOL(memset) - EXPORT_SYMBOL(__memset) -diff --git a/arch/alpha/lib/strcat.S b/arch/alpha/lib/strcat.S -index 249837b03d4b..393f50384878 100644 --- a/arch/alpha/lib/strcat.S +++ b/arch/alpha/lib/strcat.S @@ -4,7 +4,6 @@ @@ -834,13 +766,11 @@ index 249837b03d4b..393f50384878 100644 .text -@@ -51,4 +50,3 @@ $found: negq $2, $3 # clear all but least set bit +@@ -51,4 +50,3 @@ $found: negq $2, $3 # clear all but br __stxcpy .end strcat -EXPORT_SYMBOL(strcat); -diff --git a/arch/alpha/lib/strchr.S b/arch/alpha/lib/strchr.S -index 7412a173ea39..011a175e8329 100644 --- a/arch/alpha/lib/strchr.S +++ b/arch/alpha/lib/strchr.S @@ -5,7 +5,7 @@ @@ -857,8 +787,6 @@ index 7412a173ea39..011a175e8329 100644 .end strchr - EXPORT_SYMBOL(strchr) -diff --git a/arch/alpha/lib/strcpy.S b/arch/alpha/lib/strcpy.S -index 98deae1e4d08..e0728e4ad21f 100644 --- a/arch/alpha/lib/strcpy.S +++ b/arch/alpha/lib/strcpy.S @@ -5,7 +5,7 @@ @@ -875,8 +803,6 @@ index 98deae1e4d08..e0728e4ad21f 100644 .end strcpy - EXPORT_SYMBOL(strcpy) -diff --git a/arch/alpha/lib/strlen.S b/arch/alpha/lib/strlen.S -index 79c416f71bac..fe63353de152 100644 --- a/arch/alpha/lib/strlen.S +++ b/arch/alpha/lib/strlen.S @@ -11,7 +11,7 @@ @@ -893,8 +819,6 @@ index 79c416f71bac..fe63353de152 100644 .end strlen - EXPORT_SYMBOL(strlen) -diff --git a/arch/alpha/lib/strncat.S b/arch/alpha/lib/strncat.S -index 6c29ea60869a..a8278163c972 100644 --- a/arch/alpha/lib/strncat.S +++ b/arch/alpha/lib/strncat.S @@ -9,7 +9,7 @@ @@ -911,8 +835,6 @@ index 6c29ea60869a..a8278163c972 100644 .end strncat - EXPORT_SYMBOL(strncat) -diff --git a/arch/alpha/lib/strncpy.S b/arch/alpha/lib/strncpy.S -index e102cf1567dd..a46f7f3ad8c7 100644 --- a/arch/alpha/lib/strncpy.S +++ b/arch/alpha/lib/strncpy.S @@ -10,7 +10,7 @@ @@ -929,8 +851,6 @@ index e102cf1567dd..a46f7f3ad8c7 100644 .end strncpy - EXPORT_SYMBOL(strncpy) -diff --git a/arch/alpha/lib/strrchr.S b/arch/alpha/lib/strrchr.S -index 4bc6cb4b9812..1970dc07cfd1 100644 --- a/arch/alpha/lib/strrchr.S +++ b/arch/alpha/lib/strrchr.S @@ -5,7 +5,7 @@ diff --git a/debian/patches/bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch b/debian/patches/bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch deleted file mode 100644 index 13dd281bb..000000000 --- a/debian/patches/bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Ben Hutchings -Date: Fri, 2 Dec 2016 01:26:54 +0000 -Subject: powerpc: Fix missing CRCs, add yet more asm-prototypes.h declarations -Forwarded: https://lkml.kernel.org/r/20161202023837.GK2697@decadent.org.uk - -Add declarations for: -- __mfdcr, __mtdcr (if CONFIG_PPC_DCR_NATIVE=y; through ) -- switch_mmu_context (if CONFIG_PPC_BOOK3S_64=n; through ) -- _mcount (if CONFIG_FUNCTION_TRACER=y; though ) - -Signed-off-by: Ben Hutchings ---- - arch/powerpc/include/asm/asm-prototypes.h | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/arch/powerpc/include/asm/asm-prototypes.h -+++ b/arch/powerpc/include/asm/asm-prototypes.h -@@ -17,6 +17,9 @@ - #include - #include - #include -+#include -+#include -+#include - - #include - diff --git a/debian/patches/bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch b/debian/patches/bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch deleted file mode 100644 index 7b23343e9..000000000 --- a/debian/patches/bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: Ben Hutchings -Date: Fri, 2 Dec 2016 02:27:50 +0000 -Subject: powerpc: Remove Mac-on-Linux hooks -Forwarded: https://lkml.kernel.org/r/20161202023552.GJ2697@decadent.org.uk - -The symbols exported for use by MOL aren't getting CRCs and I was -about to fix that. But MOL is dead upstream, and the latest work on -it was to make it use KVM instead of its own kernel module. So remove -them instead. - -Signed-off-by: Ben Hutchings ---- - arch/powerpc/kernel/head_32.S | 7 +------ - arch/powerpc/mm/hash_low_32.S | 1 - - 2 files changed, 1 insertion(+), 7 deletions(-) - -diff --git a/arch/powerpc/kernel/head_32.S b/arch/powerpc/kernel/head_32.S -index 9d963547d243..87998430cd9b 100644 ---- a/arch/powerpc/kernel/head_32.S -+++ b/arch/powerpc/kernel/head_32.S -@@ -735,11 +735,7 @@ END_MMU_FTR_SECTION_IFSET(MMU_FTR_NEED_DTLB_SW_LRU) - EXCEPTION(0x2c00, Trap_2c, unknown_exception, EXC_XFER_EE) - EXCEPTION(0x2d00, Trap_2d, unknown_exception, EXC_XFER_EE) - EXCEPTION(0x2e00, Trap_2e, unknown_exception, EXC_XFER_EE) -- EXCEPTION(0x2f00, MOLTrampoline, unknown_exception, EXC_XFER_EE_LITE) -- -- .globl mol_trampoline -- .set mol_trampoline, i0x2f00 -- EXPORT_SYMBOL(mol_trampoline) -+ EXCEPTION(0x2f00, Trap_2f, unknown_exception, EXC_XFER_EE) - - . = 0x3000 - -@@ -1289,7 +1285,6 @@ intercept_table: - .long 0, 0, 0, 0, 0, 0, 0, 0 - .long 0, 0, 0, 0, 0, 0, 0, 0 - .long 0, 0, 0, 0, 0, 0, 0, 0 --EXPORT_SYMBOL(intercept_table) - - /* Room for two PTE pointers, usually the kernel and current user pointers - * to their respective root page table. -diff --git a/arch/powerpc/mm/hash_low_32.S b/arch/powerpc/mm/hash_low_32.S -index 09cc50c8dace..cddf14f60bf3 100644 ---- a/arch/powerpc/mm/hash_low_32.S -+++ b/arch/powerpc/mm/hash_low_32.S -@@ -34,7 +34,6 @@ - .globl mmu_hash_lock - mmu_hash_lock: - .space 4 --EXPORT_SYMBOL(mmu_hash_lock) - #endif /* CONFIG_SMP */ - - /* diff --git a/debian/patches/bugfix/sparc/revert-sparc-move-exports-to-definitions.patch b/debian/patches/bugfix/sparc/revert-sparc-move-exports-to-definitions.patch index 5879c023b..7904f5818 100644 --- a/debian/patches/bugfix/sparc/revert-sparc-move-exports-to-definitions.patch +++ b/debian/patches/bugfix/sparc/revert-sparc-move-exports-to-definitions.patch @@ -129,11 +129,6 @@ did what it says; add a prototype and export it from C code instead. .global root_flags .global ram_flags -@@ -815,4 +813,3 @@ lvl14_save: - __ret_efault: - ret - restore %g0, -EFAULT, %o0 --EXPORT_SYMBOL(__ret_efault) --- a/arch/sparc/kernel/head_64.S +++ b/arch/sparc/kernel/head_64.S @@ -32,8 +32,7 @@ @@ -244,7 +239,7 @@ did what it says; add a prototype and export it from C code instead. -EXPORT_SYMBOL(saved_command_line); --- /dev/null +++ b/arch/sparc/kernel/sparc_ksyms_32.c -@@ -0,0 +1,31 @@ +@@ -0,0 +1,30 @@ +/* + * arch/sparc/kernel/ksyms.c: Sparc specific ksyms support. + * @@ -271,7 +266,6 @@ did what it says; add a prototype and export it from C code instead. +EXPORT_SYMBOL(__ndelay); + +/* from head_32.S */ -+EXPORT_SYMBOL(__ret_efault); +EXPORT_SYMBOL(empty_zero_page); + +/* Exporting a symbol from /init/main.c */ @@ -656,11 +650,6 @@ did what it says; add a prototype and export it from C code instead. #define XCC xcc -@@ -106,4 +105,3 @@ ENTRY(___copy_in_user) /* %o0=dst, %o1=s - retl - clr %o0 - ENDPROC(___copy_in_user) --EXPORT_SYMBOL(___copy_in_user) --- a/arch/sparc/lib/copy_page.S +++ b/arch/sparc/lib/copy_page.S @@ -10,7 +10,6 @@ @@ -803,7 +792,7 @@ did what it says; add a prototype and export it from C code instead. -EXPORT_SYMBOL(ip_fast_csum) --- /dev/null +++ b/arch/sparc/lib/ksyms.c -@@ -0,0 +1,173 @@ +@@ -0,0 +1,170 @@ +/* + * Export of symbols defined in assembler + */ @@ -898,9 +887,6 @@ did what it says; add a prototype and export it from C code instead. +EXPORT_SYMBOL(ip_fast_csum); + +/* Moving data to/from/in userspace. */ -+EXPORT_SYMBOL(___copy_to_user); -+EXPORT_SYMBOL(___copy_from_user); -+EXPORT_SYMBOL(___copy_in_user); +EXPORT_SYMBOL(__clear_user); + +/* Atomic counter implementation. */ diff --git a/debian/patches/bugfix/x86/pinctrl-cherryview-extend-the-chromebook-dmi-quirk-t.patch b/debian/patches/bugfix/x86/pinctrl-cherryview-extend-the-chromebook-dmi-quirk-t.patch deleted file mode 100644 index 8a94dcde2..000000000 --- a/debian/patches/bugfix/x86/pinctrl-cherryview-extend-the-chromebook-dmi-quirk-t.patch +++ /dev/null @@ -1,59 +0,0 @@ -From: Mika Westerberg -Date: Wed, 17 May 2017 13:25:14 +0300 -Subject: pinctrl: cherryview: Extend the Chromebook DMI quirk to Intel_Strago - systems -Origin: https://git.kernel.org/linus/2a8209fa68236ad65363dba03db5dbced520268a -Bug-Debian: https://bugs.debian.org/862723 - -It turns out there are quite many Chromebooks out there that have the -same keyboard issue than Acer Chromebook. All of them are based on -Intel_Strago reference and report their DMI_PRODUCT_FAMILY as -"Intel_Strago" (Samsung Chromebook 3 and Cyan Chromebooks are exceptions -for which we add separate entries). - -Instead of adding each machine to the quirk table, we use -DMI_PRODUCT_FAMILY of "Intel_Strago" that hopefully covers most of the -machines out there currently. - -Link: https://bugzilla.kernel.org/show_bug.cgi?id=194945 -Suggested: Dmitry Torokhov -Signed-off-by: Mika Westerberg -Reviewed-by: Andy Shevchenko -Signed-off-by: Linus Walleij ---- - drivers/pinctrl/intel/pinctrl-cherryview.c | 21 +++++++++++++++++---- - 1 file changed, 17 insertions(+), 4 deletions(-) - ---- a/drivers/pinctrl/intel/pinctrl-cherryview.c -+++ b/drivers/pinctrl/intel/pinctrl-cherryview.c -@@ -1534,13 +1534,26 @@ static void chv_gpio_irq_handler(struct - * is not listed below. - */ - static const struct dmi_system_id chv_no_valid_mask[] = { -+ /* See https://bugzilla.kernel.org/show_bug.cgi?id=194945 */ - { -- /* See https://bugzilla.kernel.org/show_bug.cgi?id=194945 */ -- .ident = "Acer Chromebook (CYAN)", -+ .ident = "Intel_Strago based Chromebooks (All models)", - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"), -- DMI_MATCH(DMI_PRODUCT_NAME, "Edgar"), -- DMI_MATCH(DMI_BIOS_DATE, "05/21/2016"), -+ DMI_MATCH(DMI_PRODUCT_FAMILY, "Intel_Strago"), -+ }, -+ }, -+ { -+ .ident = "Acer Chromebook R11 (Cyan)", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "Cyan"), -+ }, -+ }, -+ { -+ .ident = "Samsung Chromebook 3 (Celes)", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "Celes"), - }, - }, - {} diff --git a/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch b/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch index 84f15c1ad..fc3de36fb 100644 --- a/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch +++ b/debian/patches/debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch @@ -19,19 +19,14 @@ Signed-off-by: Ben Hutchings net/decnet/af_decnet.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) -diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c -index 7a58c87..ed9e2b0 100644 --- a/net/decnet/af_decnet.c +++ b/net/decnet/af_decnet.c -@@ -2358,7 +2358,7 @@ void dn_unregister_sysctl(void); +@@ -2359,7 +2359,7 @@ static const struct proto_ops dn_proto_o MODULE_DESCRIPTION("The Linux DECnet Network Protocol"); MODULE_AUTHOR("Linux DECnet Project Team"); MODULE_LICENSE("GPL"); -MODULE_ALIAS_NETPROTO(PF_DECnet); +/* MODULE_ALIAS_NETPROTO(PF_DECnet); */ - static char banner[] __initdata = KERN_INFO "NET4: DECnet for Linux: V.2.5.68s (C) 1995-2003 Linux DECnet Project Team\n"; - --- -1.7.2.3 - + static const char banner[] __initconst = KERN_INFO + "NET4: DECnet for Linux: V.2.5.68s (C) 1995-2003 Linux DECnet Project Team\n"; diff --git a/debian/patches/debian/mips-disable-werror.patch b/debian/patches/debian/mips-disable-werror.patch index 9e895bfc6..c56c633a5 100644 --- a/debian/patches/debian/mips-disable-werror.patch +++ b/debian/patches/debian/mips-disable-werror.patch @@ -3,26 +3,21 @@ Date: Mon, 13 Sep 2010 02:16:18 +0100 Subject: [PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild" Forwarded: not-needed -This reverts commit 66f9ba101f54bda63ab1db97f9e9e94763d0651b. +This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and +5373633cc9253ba82547473e899cab141c54133e. We really don't want to add -Werror anywhere. --- - arch/mips/Kbuild | 5 ----- - 1 files changed, 0 insertions(+), 5 deletions(-) - -diff --git a/arch/mips/Kbuild b/arch/mips/Kbuild -index e322d65..2e6b28f 100644 --- a/arch/mips/Kbuild +++ b/arch/mips/Kbuild -@@ -1,8 +1,3 @@ +@@ -1,10 +1,3 @@ -# Fail on warnings - also for files referenced in subdirs -# -Werror can be disabled for specific files using: -# CFLAGS_ := -Wno-error +-ifeq ($(W),) -subdir-ccflags-y := -Werror +-endif - # platform specific definitions include arch/mips/Kbuild.platforms obj-y := $(platform-y) --- -1.7.1 - diff --git a/debian/patches/features/all/aufs4/aufs4-standalone.patch b/debian/patches/features/all/aufs4/aufs4-standalone.patch index 52444d3d1..056ce2ddf 100644 --- a/debian/patches/features/all/aufs4/aufs4-standalone.patch +++ b/debian/patches/features/all/aufs4/aufs4-standalone.patch @@ -8,11 +8,9 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch aufs4.11.7+ standalone patch -diff --git a/fs/dcache.c b/fs/dcache.c -index 8ca5f09..b1ff5be 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -1272,6 +1272,7 @@ void d_walk(struct dentry *parent, void *data, +@@ -1272,6 +1272,7 @@ rename_retry: seq = 1; goto again; } @@ -20,7 +18,7 @@ index 8ca5f09..b1ff5be 100644 struct check_mount { struct vfsmount *mnt; -@@ -2864,6 +2865,7 @@ void d_exchange(struct dentry *dentry1, struct dentry *dentry2) +@@ -2862,6 +2863,7 @@ void d_exchange(struct dentry *dentry1, write_sequnlock(&rename_lock); } @@ -28,11 +26,9 @@ index 8ca5f09..b1ff5be 100644 /** * d_ancestor - search for an ancestor -diff --git a/fs/exec.c b/fs/exec.c -index 65145a3..8d35776 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path) +@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path return (path->mnt->mnt_flags & MNT_NOEXEC) || (path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC); } @@ -40,11 +36,9 @@ index 65145a3..8d35776 100644 #ifdef CONFIG_USELIB /* -diff --git a/fs/fcntl.c b/fs/fcntl.c -index f5f4f94..c671660 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c -@@ -83,6 +83,7 @@ int setfl(int fd, struct file * filp, unsigned long arg) +@@ -84,6 +84,7 @@ int setfl(int fd, struct file * filp, un out: return error; } @@ -52,11 +46,9 @@ index f5f4f94..c671660 100644 static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, int force) -diff --git a/fs/file_table.c b/fs/file_table.c -index 954d510..4fb5b10 100644 --- a/fs/file_table.c +++ b/fs/file_table.c -@@ -148,6 +148,7 @@ struct file *get_empty_filp(void) +@@ -148,6 +148,7 @@ over: } return ERR_PTR(-ENFILE); } @@ -88,11 +80,9 @@ index 954d510..4fb5b10 100644 void __init files_init(void) { -diff --git a/fs/inode.c b/fs/inode.c -index 9a9ba3a..a3a18d8 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -1651,6 +1651,7 @@ int update_time(struct inode *inode, struct timespec *time, int flags) +@@ -1649,6 +1649,7 @@ int update_time(struct inode *inode, str return update_time(inode, time, flags); } @@ -100,11 +90,9 @@ index 9a9ba3a..a3a18d8 100644 /** * touch_atime - update the access time -diff --git a/fs/namespace.c b/fs/namespace.c -index cc1375ef..9b4c67c 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -465,6 +465,7 @@ void __mnt_drop_write(struct vfsmount *mnt) +@@ -462,6 +462,7 @@ void __mnt_drop_write(struct vfsmount *m mnt_dec_writers(real_mount(mnt)); preempt_enable(); } @@ -112,7 +100,7 @@ index cc1375ef..9b4c67c 100644 /** * mnt_drop_write - give up write access to a mount -@@ -1884,6 +1885,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg, +@@ -1881,6 +1882,7 @@ int iterate_mounts(int (*f)(struct vfsmo } return 0; } @@ -120,8 +108,6 @@ index cc1375ef..9b4c67c 100644 static void cleanup_group_ids(struct mount *mnt, struct mount *end) { -diff --git a/fs/notify/group.c b/fs/notify/group.c -index fbe3cbe..bdfc61e 100644 --- a/fs/notify/group.c +++ b/fs/notify/group.c @@ -22,6 +22,7 @@ @@ -132,7 +118,7 @@ index fbe3cbe..bdfc61e 100644 #include #include "fsnotify.h" -@@ -100,6 +101,7 @@ void fsnotify_get_group(struct fsnotify_group *group) +@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_ { atomic_inc(&group->refcnt); } @@ -140,7 +126,7 @@ index fbe3cbe..bdfc61e 100644 /* * Drop a reference to a group. Free it if it's through. -@@ -109,6 +111,7 @@ void fsnotify_put_group(struct fsnotify_group *group) +@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_ if (atomic_dec_and_test(&group->refcnt)) fsnotify_final_destroy_group(group); } @@ -148,7 +134,7 @@ index fbe3cbe..bdfc61e 100644 /* * Create a new fsnotify_group and hold a reference for the group returned. -@@ -137,6 +140,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops) +@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_gr return group; } @@ -156,47 +142,43 @@ index fbe3cbe..bdfc61e 100644 int fsnotify_fasync(int fd, struct file *file, int on) { -diff --git a/fs/notify/mark.c b/fs/notify/mark.c -index 6043306..fdb50e4 100644 --- a/fs/notify/mark.c +++ b/fs/notify/mark.c -@@ -113,6 +113,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark) - mark->free_mark(mark); - } +@@ -255,6 +255,7 @@ void fsnotify_put_mark(struct fsnotify_m + queue_delayed_work(system_unbound_wq, &reaper_work, + FSNOTIFY_REAPER_DELAY); } +EXPORT_SYMBOL_GPL(fsnotify_put_mark); - /* Calculate mask of events for a list of marks */ - u32 fsnotify_recalc_mask(struct hlist_head *head) -@@ -230,6 +231,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark, + bool fsnotify_prepare_user_wait(struct fsnotify_iter_info *iter_info) + { +@@ -395,6 +396,7 @@ void fsnotify_destroy_mark(struct fsnoti mutex_unlock(&group->mark_mutex); fsnotify_free_mark(mark); } +EXPORT_SYMBOL_GPL(fsnotify_destroy_mark); - void fsnotify_destroy_marks(struct hlist_head *head, spinlock_t *lock) - { -@@ -415,6 +417,7 @@ int fsnotify_add_mark_locked(struct fsnotify_mark *mark, - + /* + * Sorting function for lists of fsnotify marks. +@@ -619,6 +621,7 @@ int fsnotify_add_mark(struct fsnotify_ma + mutex_unlock(&group->mark_mutex); return ret; } +EXPORT_SYMBOL_GPL(fsnotify_add_mark); - int fsnotify_add_mark(struct fsnotify_mark *mark, struct fsnotify_group *group, - struct inode *inode, struct vfsmount *mnt, int allow_dups) -@@ -521,6 +524,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark, - atomic_set(&mark->refcnt, 1); - mark->free_mark = free_mark; + /* + * Given a list of marks, find the mark associated with given group. If found +@@ -742,6 +745,7 @@ void fsnotify_init_mark(struct fsnotify_ + fsnotify_get_group(group); + mark->group = group; } +EXPORT_SYMBOL_GPL(fsnotify_init_mark); /* * Destroy all marks in destroy_list, waits for SRCU period to finish before -diff --git a/fs/open.c b/fs/open.c -index 949cef2..9a892fb8 100644 --- a/fs/open.c +++ b/fs/open.c -@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, +@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l inode_unlock(dentry->d_inode); return ret; } @@ -204,7 +186,7 @@ index 949cef2..9a892fb8 100644 long vfs_truncate(const struct path *path, loff_t length) { -@@ -693,6 +694,7 @@ int open_check_o_direct(struct file *f) +@@ -691,6 +692,7 @@ int open_check_o_direct(struct file *f) } return 0; } @@ -212,8 +194,6 @@ index 949cef2..9a892fb8 100644 static int do_dentry_open(struct file *f, struct inode *inode, -diff --git a/fs/read_write.c b/fs/read_write.c -index eba4e7e..ec9e88a 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -523,6 +523,7 @@ vfs_readf_t vfs_readf(struct file *file) @@ -224,7 +204,7 @@ index eba4e7e..ec9e88a 100644 vfs_writef_t vfs_writef(struct file *file) { -@@ -534,6 +535,7 @@ vfs_writef_t vfs_writef(struct file *file) +@@ -534,6 +535,7 @@ vfs_writef_t vfs_writef(struct file *fil return new_sync_write; return ERR_PTR(-ENOSYS); } @@ -232,11 +212,9 @@ index eba4e7e..ec9e88a 100644 ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos) { -diff --git a/fs/splice.c b/fs/splice.c -index 46c87af..0efa652 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -872,6 +872,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out, +@@ -866,6 +866,7 @@ long do_splice_from(struct pipe_inode_in return splice_write(pipe, out, ppos, len, flags); } @@ -244,7 +222,7 @@ index 46c87af..0efa652 100644 /* * Attempt to initiate a splice from a file to a pipe. -@@ -901,6 +902,7 @@ long do_splice_to(struct file *in, loff_t *ppos, +@@ -895,6 +896,7 @@ long do_splice_to(struct file *in, loff_ return splice_read(in, ppos, pipe, len, flags); } @@ -252,11 +230,9 @@ index 46c87af..0efa652 100644 /** * splice_direct_to_actor - splices data directly between two non-pipes -diff --git a/fs/sync.c b/fs/sync.c -index abf6a5d..c86fe9c 100644 --- a/fs/sync.c +++ b/fs/sync.c -@@ -38,6 +38,7 @@ int __sync_filesystem(struct super_block *sb, int wait) +@@ -38,6 +38,7 @@ int __sync_filesystem(struct super_block sb->s_op->sync_fs(sb, wait); return __sync_blockdev(sb->s_bdev, wait); } @@ -264,11 +240,9 @@ index abf6a5d..c86fe9c 100644 /* * Write out and wait upon all dirty data associated with this -diff --git a/fs/xattr.c b/fs/xattr.c -index 94f49a0..243f57e 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, +@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry *xattr_value = value; return error; } @@ -276,8 +250,6 @@ index 94f49a0..243f57e 100644 ssize_t __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, -diff --git a/kernel/task_work.c b/kernel/task_work.c -index d513051..e056d54 100644 --- a/kernel/task_work.c +++ b/kernel/task_work.c @@ -119,3 +119,4 @@ void task_work_run(void) @@ -285,8 +257,6 @@ index d513051..e056d54 100644 } } +EXPORT_SYMBOL_GPL(task_work_run); -diff --git a/security/commoncap.c b/security/commoncap.c -index 78b3783..c8b3e88 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1062,12 +1062,14 @@ int cap_mmap_addr(unsigned long addr) @@ -304,8 +274,6 @@ index 78b3783..c8b3e88 100644 #ifdef CONFIG_SECURITY -diff --git a/security/device_cgroup.c b/security/device_cgroup.c -index 03c1652..f88c84b 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -7,6 +7,7 @@ @@ -316,7 +284,7 @@ index 03c1652..f88c84b 100644 #include #include #include -@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask) +@@ -849,6 +850,7 @@ int __devcgroup_inode_permission(struct return __devcgroup_check_permission(type, imajor(inode), iminor(inode), access); } @@ -324,11 +292,9 @@ index 03c1652..f88c84b 100644 int devcgroup_inode_mknod(int mode, dev_t dev) { -diff --git a/security/security.c b/security/security.c -index d0e07f2..5e323b0 100644 --- a/security/security.c +++ b/security/security.c -@@ -481,6 +481,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry) +@@ -492,6 +492,7 @@ int security_path_rmdir(const struct pat return 0; return call_int_hook(path_rmdir, 0, dir, dentry); } @@ -336,7 +302,7 @@ index d0e07f2..5e323b0 100644 int security_path_unlink(const struct path *dir, struct dentry *dentry) { -@@ -497,6 +498,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry, +@@ -508,6 +509,7 @@ int security_path_symlink(const struct p return 0; return call_int_hook(path_symlink, 0, dir, dentry, old_name); } @@ -344,7 +310,7 @@ index d0e07f2..5e323b0 100644 int security_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) -@@ -505,6 +507,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir, +@@ -516,6 +518,7 @@ int security_path_link(struct dentry *ol return 0; return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); } @@ -352,7 +318,7 @@ index d0e07f2..5e323b0 100644 int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry, -@@ -532,6 +535,7 @@ int security_path_truncate(const struct path *path) +@@ -543,6 +546,7 @@ int security_path_truncate(const struct return 0; return call_int_hook(path_truncate, 0, path); } @@ -360,7 +326,7 @@ index d0e07f2..5e323b0 100644 int security_path_chmod(const struct path *path, umode_t mode) { -@@ -539,6 +543,7 @@ int security_path_chmod(const struct path *path, umode_t mode) +@@ -550,6 +554,7 @@ int security_path_chmod(const struct pat return 0; return call_int_hook(path_chmod, 0, path, mode); } @@ -368,7 +334,7 @@ index d0e07f2..5e323b0 100644 int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { -@@ -546,6 +551,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) +@@ -557,6 +562,7 @@ int security_path_chown(const struct pat return 0; return call_int_hook(path_chown, 0, path, uid, gid); } @@ -376,7 +342,7 @@ index d0e07f2..5e323b0 100644 int security_path_chroot(const struct path *path) { -@@ -631,6 +637,7 @@ int security_inode_readlink(struct dentry *dentry) +@@ -642,6 +648,7 @@ int security_inode_readlink(struct dentr return 0; return call_int_hook(inode_readlink, 0, dentry); } @@ -384,7 +350,7 @@ index d0e07f2..5e323b0 100644 int security_inode_follow_link(struct dentry *dentry, struct inode *inode, bool rcu) -@@ -646,6 +653,7 @@ int security_inode_permission(struct inode *inode, int mask) +@@ -657,6 +664,7 @@ int security_inode_permission(struct ino return 0; return call_int_hook(inode_permission, 0, inode, mask); } @@ -392,7 +358,7 @@ index d0e07f2..5e323b0 100644 int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { -@@ -817,6 +825,7 @@ int security_file_permission(struct file *file, int mask) +@@ -828,6 +836,7 @@ int security_file_permission(struct file return fsnotify_perm(file, mask); } @@ -400,7 +366,7 @@ index d0e07f2..5e323b0 100644 int security_file_alloc(struct file *file) { -@@ -876,6 +885,7 @@ int security_mmap_file(struct file *file, unsigned long prot, +@@ -887,6 +896,7 @@ int security_mmap_file(struct file *file return ret; return ima_file_mmap(file, prot); } diff --git a/debian/patches/features/all/firmware-dmi-add-dmi_product_family-identification-s.patch b/debian/patches/features/all/firmware-dmi-add-dmi_product_family-identification-s.patch deleted file mode 100644 index b0d9d9742..000000000 --- a/debian/patches/features/all/firmware-dmi-add-dmi_product_family-identification-s.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Mika Westerberg -Date: Wed, 17 May 2017 13:25:12 +0300 -Subject: firmware: dmi: Add DMI_PRODUCT_FAMILY identification string -Origin: https://git.kernel.org/linus/c61872c9833d17d3807fb999096917c1f9eaada0 - -Sometimes it is more convenient to be able to match a whole family of -products, like in case of bunch of Chromebooks based on Intel_Strago to -apply a driver quirk instead of quirking each machine one-by-one. - -This adds support for DMI_PRODUCT_FAMILY identification string and also -exports it to the userspace through sysfs attribute just like the -existing ones. - -Suggested-by: Dmitry Torokhov -Signed-off-by: Mika Westerberg -Reviewed-by: Andy Shevchenko -Signed-off-by: Linus Walleij ---- - drivers/firmware/dmi-id.c | 2 ++ - drivers/firmware/dmi_scan.c | 1 + - include/linux/mod_devicetable.h | 1 + - 3 files changed, 4 insertions(+) - ---- a/drivers/firmware/dmi-id.c -+++ b/drivers/firmware/dmi-id.c -@@ -47,6 +47,7 @@ DEFINE_DMI_ATTR_WITH_SHOW(product_name, - DEFINE_DMI_ATTR_WITH_SHOW(product_version, 0444, DMI_PRODUCT_VERSION); - DEFINE_DMI_ATTR_WITH_SHOW(product_serial, 0400, DMI_PRODUCT_SERIAL); - DEFINE_DMI_ATTR_WITH_SHOW(product_uuid, 0400, DMI_PRODUCT_UUID); -+DEFINE_DMI_ATTR_WITH_SHOW(product_family, 0400, DMI_PRODUCT_FAMILY); - DEFINE_DMI_ATTR_WITH_SHOW(board_vendor, 0444, DMI_BOARD_VENDOR); - DEFINE_DMI_ATTR_WITH_SHOW(board_name, 0444, DMI_BOARD_NAME); - DEFINE_DMI_ATTR_WITH_SHOW(board_version, 0444, DMI_BOARD_VERSION); -@@ -191,6 +192,7 @@ static void __init dmi_id_init_attr_tabl - ADD_DMI_ATTR(product_version, DMI_PRODUCT_VERSION); - ADD_DMI_ATTR(product_serial, DMI_PRODUCT_SERIAL); - ADD_DMI_ATTR(product_uuid, DMI_PRODUCT_UUID); -+ ADD_DMI_ATTR(product_family, DMI_PRODUCT_FAMILY); - ADD_DMI_ATTR(board_vendor, DMI_BOARD_VENDOR); - ADD_DMI_ATTR(board_name, DMI_BOARD_NAME); - ADD_DMI_ATTR(board_version, DMI_BOARD_VERSION); ---- a/drivers/firmware/dmi_scan.c -+++ b/drivers/firmware/dmi_scan.c -@@ -430,6 +430,7 @@ static void __init dmi_decode(const stru - dmi_save_ident(dm, DMI_PRODUCT_VERSION, 6); - dmi_save_ident(dm, DMI_PRODUCT_SERIAL, 7); - dmi_save_uuid(dm, DMI_PRODUCT_UUID, 8); -+ dmi_save_ident(dm, DMI_PRODUCT_FAMILY, 26); - break; - case 2: /* Base Board Information */ - dmi_save_ident(dm, DMI_BOARD_VENDOR, 4); ---- a/include/linux/mod_devicetable.h -+++ b/include/linux/mod_devicetable.h -@@ -457,6 +457,7 @@ enum dmi_field { - DMI_PRODUCT_VERSION, - DMI_PRODUCT_SERIAL, - DMI_PRODUCT_UUID, -+ DMI_PRODUCT_FAMILY, - DMI_BOARD_VENDOR, - DMI_BOARD_NAME, - DMI_BOARD_VERSION, diff --git a/debian/patches/features/all/lockdown/0001-Annotate-module-params-that-specify-hardware-paramet.patch b/debian/patches/features/all/lockdown/0001-Annotate-module-params-that-specify-hardware-paramet.patch deleted file mode 100644 index 3f2d4dd3e..000000000 --- a/debian/patches/features/all/lockdown/0001-Annotate-module-params-that-specify-hardware-paramet.patch +++ /dev/null @@ -1,117 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:21 +0100 -Subject: [01/62] Annotate module params that specify hardware parameters (eg. - ioport) -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=bf616d21f41174389c6d720ae21bf40f154474c8 - -Provided an annotation for module parameters that specify hardware -parameters (such as io ports, iomem addresses, irqs, dma channels, fixed -dma buffers and other types). - -This will enable such parameters to be locked down in the core parameter -parser for secure boot support. - -I've also included annotations as to what sort of hardware configuration -each module is dealing with for future use. Some of these are -straightforward (ioport, iomem, irq, dma), but there are also: - - (1) drivers that switch the semantics of a parameter between ioport and - iomem depending on a second parameter, - - (2) drivers that appear to reserve a CPU memory buffer at a fixed address, - - (3) other parameters, such as bus types and irq selection bitmasks. - -For the moment, the hardware configuration type isn't actually stored, -though its validity is checked. - -Signed-off-by: David Howells ---- - include/linux/moduleparam.h | 65 ++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 64 insertions(+), 1 deletion(-) - -diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h -index 52666d90ca94..6be1949ebcdf 100644 ---- a/include/linux/moduleparam.h -+++ b/include/linux/moduleparam.h -@@ -60,9 +60,11 @@ struct kernel_param_ops { - * Flags available for kernel_param - * - * UNSAFE - the parameter is dangerous and setting it will taint the kernel -+ * HWPARAM - Hardware param not permitted in lockdown mode - */ - enum { -- KERNEL_PARAM_FL_UNSAFE = (1 << 0) -+ KERNEL_PARAM_FL_UNSAFE = (1 << 0), -+ KERNEL_PARAM_FL_HWPARAM = (1 << 1), - }; - - struct kernel_param { -@@ -451,6 +453,67 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); - perm, -1, 0); \ - __MODULE_PARM_TYPE(name, "array of " #type) - -+enum hwparam_type { -+ hwparam_ioport, /* Module parameter configures an I/O port */ -+ hwparam_iomem, /* Module parameter configures an I/O mem address */ -+ hwparam_ioport_or_iomem, /* Module parameter could be either, depending on other option */ -+ hwparam_irq, /* Module parameter configures an I/O port */ -+ hwparam_dma, /* Module parameter configures a DMA channel */ -+ hwparam_dma_addr, /* Module parameter configures a DMA buffer address */ -+ hwparam_other, /* Module parameter configures some other value */ -+}; -+ -+/** -+ * module_param_hw_named - A parameter representing a hw parameters -+ * @name: a valid C identifier which is the parameter name. -+ * @value: the actual lvalue to alter. -+ * @type: the type of the parameter -+ * @hwtype: what the value represents (enum hwparam_type) -+ * @perm: visibility in sysfs. -+ * -+ * Usually it's a good idea to have variable names and user-exposed names the -+ * same, but that's harder if the variable must be non-static or is inside a -+ * structure. This allows exposure under a different name. -+ */ -+#define module_param_hw_named(name, value, type, hwtype, perm) \ -+ param_check_##type(name, &(value)); \ -+ __module_param_call(MODULE_PARAM_PREFIX, name, \ -+ ¶m_ops_##type, &value, \ -+ perm, -1, \ -+ KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0)); \ -+ __MODULE_PARM_TYPE(name, #type) -+ -+#define module_param_hw(name, type, hwtype, perm) \ -+ module_param_hw_named(name, name, type, hwtype, perm) -+ -+/** -+ * module_param_hw_array - A parameter representing an array of hw parameters -+ * @name: the name of the array variable -+ * @type: the type, as per module_param() -+ * @hwtype: what the value represents (enum hwparam_type) -+ * @nump: optional pointer filled in with the number written -+ * @perm: visibility in sysfs -+ * -+ * Input and output are as comma-separated values. Commas inside values -+ * don't work properly (eg. an array of charp). -+ * -+ * ARRAY_SIZE(@name) is used to determine the number of elements in the -+ * array, so the definition must be visible. -+ */ -+#define module_param_hw_array(name, type, hwtype, nump, perm) \ -+ param_check_##type(name, &(name)[0]); \ -+ static const struct kparam_array __param_arr_##name \ -+ = { .max = ARRAY_SIZE(name), .num = nump, \ -+ .ops = ¶m_ops_##type, \ -+ .elemsize = sizeof(name[0]), .elem = name }; \ -+ __module_param_call(MODULE_PARAM_PREFIX, name, \ -+ ¶m_array_ops, \ -+ .arr = &__param_arr_##name, \ -+ perm, -1, \ -+ KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0)); \ -+ __MODULE_PARM_TYPE(name, "array of " #type) -+ -+ - extern const struct kernel_param_ops param_array_ops; - - extern const struct kernel_param_ops param_ops_string; diff --git a/debian/patches/features/all/lockdown/0002-Annotate-hardware-config-module-parameters-in-arch-x.patch b/debian/patches/features/all/lockdown/0002-Annotate-hardware-config-module-parameters-in-arch-x.patch deleted file mode 100644 index 6b5bf43d1..000000000 --- a/debian/patches/features/all/lockdown/0002-Annotate-hardware-config-module-parameters-in-arch-x.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:21 +0100 -Subject: [02/62] Annotate hardware config module parameters in arch/x86/mm/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=89a35b5df5de26b9eaed0791580cea872232d563 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in arch/x86/mm/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Steven Rostedt -cc: Ingo Molnar -cc: Thomas Gleixner -cc: "H. Peter Anvin" -cc: x86@kernel.org -cc: linux-kernel@vger.kernel.org -cc: nouveau@lists.freedesktop.org ---- - arch/x86/mm/testmmiotrace.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/x86/mm/testmmiotrace.c b/arch/x86/mm/testmmiotrace.c -index 38868adf07ea..f6ae6830b341 100644 ---- a/arch/x86/mm/testmmiotrace.c -+++ b/arch/x86/mm/testmmiotrace.c -@@ -9,7 +9,7 @@ - #include - - static unsigned long mmio_address; --module_param(mmio_address, ulong, 0); -+module_param_hw(mmio_address, ulong, iomem, 0); - MODULE_PARM_DESC(mmio_address, " Start address of the mapping of 16 kB " - "(or 8 MB if read_far is non-zero)."); - diff --git a/debian/patches/features/all/lockdown/0003-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0003-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index d1401718e..000000000 --- a/debian/patches/features/all/lockdown/0003-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,85 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:21 +0100 -Subject: [03/62] Annotate hardware config module parameters in - drivers/char/ipmi/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a72157f0fe047bc3dd4a4111c5db764b03269122 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/char/ipmi/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -Reviewed-by: Corey Minyard -cc: openipmi-developer@lists.sourceforge.net ---- - drivers/char/ipmi/ipmi_si_intf.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 2a7c425ddfa7..e2f34eb59998 100644 ---- a/drivers/char/ipmi/ipmi_si_intf.c -+++ b/drivers/char/ipmi/ipmi_si_intf.c -@@ -1375,39 +1375,39 @@ MODULE_PARM_DESC(type, "Defines the type of each interface, each" - " interface separated by commas. The types are 'kcs'," - " 'smic', and 'bt'. For example si_type=kcs,bt will set" - " the first interface to kcs and the second to bt"); --module_param_array(addrs, ulong, &num_addrs, 0); -+module_param_hw_array(addrs, ulong, iomem, &num_addrs, 0); - MODULE_PARM_DESC(addrs, "Sets the memory address of each interface, the" - " addresses separated by commas. Only use if an interface" - " is in memory. Otherwise, set it to zero or leave" - " it blank."); --module_param_array(ports, uint, &num_ports, 0); -+module_param_hw_array(ports, uint, ioport, &num_ports, 0); - MODULE_PARM_DESC(ports, "Sets the port address of each interface, the" - " addresses separated by commas. Only use if an interface" - " is a port. Otherwise, set it to zero or leave" - " it blank."); --module_param_array(irqs, int, &num_irqs, 0); -+module_param_hw_array(irqs, int, irq, &num_irqs, 0); - MODULE_PARM_DESC(irqs, "Sets the interrupt of each interface, the" - " addresses separated by commas. Only use if an interface" - " has an interrupt. Otherwise, set it to zero or leave" - " it blank."); --module_param_array(regspacings, int, &num_regspacings, 0); -+module_param_hw_array(regspacings, int, other, &num_regspacings, 0); - MODULE_PARM_DESC(regspacings, "The number of bytes between the start address" - " and each successive register used by the interface. For" - " instance, if the start address is 0xca2 and the spacing" - " is 2, then the second address is at 0xca4. Defaults" - " to 1."); --module_param_array(regsizes, int, &num_regsizes, 0); -+module_param_hw_array(regsizes, int, other, &num_regsizes, 0); - MODULE_PARM_DESC(regsizes, "The size of the specific IPMI register in bytes." - " This should generally be 1, 2, 4, or 8 for an 8-bit," - " 16-bit, 32-bit, or 64-bit register. Use this if you" - " the 8-bit IPMI register has to be read from a larger" - " register."); --module_param_array(regshifts, int, &num_regshifts, 0); -+module_param_hw_array(regshifts, int, other, &num_regshifts, 0); - MODULE_PARM_DESC(regshifts, "The amount to shift the data read from the." - " IPMI register, in bits. For instance, if the data" - " is read from a 32-bit word and the IPMI data is in" - " bit 8-15, then the shift would be 8"); --module_param_array(slave_addrs, int, &num_slave_addrs, 0); -+module_param_hw_array(slave_addrs, int, other, &num_slave_addrs, 0); - MODULE_PARM_DESC(slave_addrs, "Set the default IPMB slave address for" - " the controller. Normally this is 0x20, but can be" - " overridden by this parm. This is an array indexed" diff --git a/debian/patches/features/all/lockdown/0004-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0004-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 286fbb98b..000000000 --- a/debian/patches/features/all/lockdown/0004-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:21 +0100 -Subject: [04/62] Annotate hardware config module parameters in - drivers/char/mwave/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=70f233e85b60cb259279e451313dce6cbc84d041 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/char/mwave/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells ---- - drivers/char/mwave/mwavedd.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/char/mwave/mwavedd.c b/drivers/char/mwave/mwavedd.c -index 3a3ff2eb6cba..b5e3103c1175 100644 ---- a/drivers/char/mwave/mwavedd.c -+++ b/drivers/char/mwave/mwavedd.c -@@ -80,10 +80,10 @@ int mwave_3780i_io = 0; - int mwave_uart_irq = 0; - int mwave_uart_io = 0; - module_param(mwave_debug, int, 0); --module_param(mwave_3780i_irq, int, 0); --module_param(mwave_3780i_io, int, 0); --module_param(mwave_uart_irq, int, 0); --module_param(mwave_uart_io, int, 0); -+module_param_hw(mwave_3780i_irq, int, irq, 0); -+module_param_hw(mwave_3780i_io, int, ioport, 0); -+module_param_hw(mwave_uart_irq, int, irq, 0); -+module_param_hw(mwave_uart_io, int, ioport, 0); - - static int mwave_open(struct inode *inode, struct file *file); - static int mwave_close(struct inode *inode, struct file *file); diff --git a/debian/patches/features/all/lockdown/0005-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0005-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index ab60a7182..000000000 --- a/debian/patches/features/all/lockdown/0005-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:22 +0100 -Subject: [05/62] Annotate hardware config module parameters in drivers/char/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=3a5a43a8e71e6c0f03ba07d7125faccc8c851d65 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/char/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Arnd Bergmann -cc: Greg Kroah-Hartman ---- - drivers/char/applicom.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c -index e770ad977472..b67263d6e34b 100644 ---- a/drivers/char/applicom.c -+++ b/drivers/char/applicom.c -@@ -94,9 +94,9 @@ static struct applicom_board { - static unsigned int irq = 0; /* interrupt number IRQ */ - static unsigned long mem = 0; /* physical segment of board */ - --module_param(irq, uint, 0); -+module_param_hw(irq, uint, irq, 0); - MODULE_PARM_DESC(irq, "IRQ of the Applicom board"); --module_param(mem, ulong, 0); -+module_param_hw(mem, ulong, iomem, 0); - MODULE_PARM_DESC(mem, "Shared Memory Address of Applicom board"); - - static unsigned int numboards; /* number of installed boards */ diff --git a/debian/patches/features/all/lockdown/0006-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0006-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 0e0765439..000000000 --- a/debian/patches/features/all/lockdown/0006-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:22 +0100 -Subject: [06/62] Annotate hardware config module parameters in - drivers/clocksource/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=8a3dad31f7c45c744a27dd6c7587efc2330bafd7 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/clocksource/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Daniel Lezcano -cc: Thomas Gleixner -cc: linux-kernel@vger.kernel.org ---- - drivers/clocksource/cs5535-clockevt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/clocksource/cs5535-clockevt.c b/drivers/clocksource/cs5535-clockevt.c -index 9a7e37cf56b0..a1df588343f2 100644 ---- a/drivers/clocksource/cs5535-clockevt.c -+++ b/drivers/clocksource/cs5535-clockevt.c -@@ -22,7 +22,7 @@ - #define DRV_NAME "cs5535-clockevt" - - static int timer_irq; --module_param_named(irq, timer_irq, int, 0644); -+module_param_hw_named(irq, timer_irq, int, irq, 0644); - MODULE_PARM_DESC(irq, "Which IRQ to use for the clock source MFGPT ticks."); - - /* diff --git a/debian/patches/features/all/lockdown/0007-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0007-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 29df96714..000000000 --- a/debian/patches/features/all/lockdown/0007-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:22 +0100 -Subject: [07/62] Annotate hardware config module parameters in - drivers/cpufreq/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=889dc5a750fe6ec7088dcb77a23f1a5745d3fd2a - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/cpufreq/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -Acked-by: "Rafael J. Wysocki" -cc: Viresh Kumar -cc: linux-pm@vger.kernel.org ---- - drivers/cpufreq/speedstep-smi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/cpufreq/speedstep-smi.c b/drivers/cpufreq/speedstep-smi.c -index 770a9ae1999a..37b30071c220 100644 ---- a/drivers/cpufreq/speedstep-smi.c -+++ b/drivers/cpufreq/speedstep-smi.c -@@ -378,7 +378,7 @@ static void __exit speedstep_exit(void) - cpufreq_unregister_driver(&speedstep_driver); - } - --module_param(smi_port, int, 0444); -+module_param_hw(smi_port, int, ioport, 0444); - module_param(smi_cmd, int, 0444); - module_param(smi_sig, uint, 0444); - diff --git a/debian/patches/features/all/lockdown/0008-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0008-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 04001c849..000000000 --- a/debian/patches/features/all/lockdown/0008-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,124 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:22 +0100 -Subject: [08/62] Annotate hardware config module parameters in drivers/gpio/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=fc57a891601a964e9c80c1ea9a0bfa40da3764db - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/gpio/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -Acked-by: William Breathitt Gray -Acked-by: Linus Walleij -cc: Alexandre Courbot -cc: linux-gpio@vger.kernel.org ---- - drivers/gpio/gpio-104-dio-48e.c | 4 ++-- - drivers/gpio/gpio-104-idi-48.c | 4 ++-- - drivers/gpio/gpio-104-idio-16.c | 4 ++-- - drivers/gpio/gpio-gpio-mm.c | 2 +- - drivers/gpio/gpio-ws16c48.c | 4 ++-- - 5 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/drivers/gpio/gpio-104-dio-48e.c b/drivers/gpio/gpio-104-dio-48e.c -index 17bd2ab4ebe2..dfa1a298e4f6 100644 ---- a/drivers/gpio/gpio-104-dio-48e.c -+++ b/drivers/gpio/gpio-104-dio-48e.c -@@ -33,11 +33,11 @@ - - static unsigned int base[MAX_NUM_DIO48E]; - static unsigned int num_dio48e; --module_param_array(base, uint, &num_dio48e, 0); -+module_param_hw_array(base, uint, ioport, &num_dio48e, 0); - MODULE_PARM_DESC(base, "ACCES 104-DIO-48E base addresses"); - - static unsigned int irq[MAX_NUM_DIO48E]; --module_param_array(irq, uint, NULL, 0); -+module_param_hw_array(irq, uint, irq, NULL, 0); - MODULE_PARM_DESC(irq, "ACCES 104-DIO-48E interrupt line numbers"); - - /** -diff --git a/drivers/gpio/gpio-104-idi-48.c b/drivers/gpio/gpio-104-idi-48.c -index 568375a7ebc2..c369b2083876 100644 ---- a/drivers/gpio/gpio-104-idi-48.c -+++ b/drivers/gpio/gpio-104-idi-48.c -@@ -33,11 +33,11 @@ - - static unsigned int base[MAX_NUM_IDI_48]; - static unsigned int num_idi_48; --module_param_array(base, uint, &num_idi_48, 0); -+module_param_hw_array(base, uint, ioport, &num_idi_48, 0); - MODULE_PARM_DESC(base, "ACCES 104-IDI-48 base addresses"); - - static unsigned int irq[MAX_NUM_IDI_48]; --module_param_array(irq, uint, NULL, 0); -+module_param_hw_array(irq, uint, irq, NULL, 0); - MODULE_PARM_DESC(irq, "ACCES 104-IDI-48 interrupt line numbers"); - - /** -diff --git a/drivers/gpio/gpio-104-idio-16.c b/drivers/gpio/gpio-104-idio-16.c -index 7053cf736648..5949123986f2 100644 ---- a/drivers/gpio/gpio-104-idio-16.c -+++ b/drivers/gpio/gpio-104-idio-16.c -@@ -33,11 +33,11 @@ - - static unsigned int base[MAX_NUM_IDIO_16]; - static unsigned int num_idio_16; --module_param_array(base, uint, &num_idio_16, 0); -+module_param_hw_array(base, uint, ioport, &num_idio_16, 0); - MODULE_PARM_DESC(base, "ACCES 104-IDIO-16 base addresses"); - - static unsigned int irq[MAX_NUM_IDIO_16]; --module_param_array(irq, uint, NULL, 0); -+module_param_hw_array(irq, uint, irq, NULL, 0); - MODULE_PARM_DESC(irq, "ACCES 104-IDIO-16 interrupt line numbers"); - - /** -diff --git a/drivers/gpio/gpio-gpio-mm.c b/drivers/gpio/gpio-gpio-mm.c -index fa4baa2543db..11ade5b288f8 100644 ---- a/drivers/gpio/gpio-gpio-mm.c -+++ b/drivers/gpio/gpio-gpio-mm.c -@@ -31,7 +31,7 @@ - - static unsigned int base[MAX_NUM_GPIOMM]; - static unsigned int num_gpiomm; --module_param_array(base, uint, &num_gpiomm, 0); -+module_param_hw_array(base, uint, ioport, &num_gpiomm, 0); - MODULE_PARM_DESC(base, "Diamond Systems GPIO-MM base addresses"); - - /** -diff --git a/drivers/gpio/gpio-ws16c48.c b/drivers/gpio/gpio-ws16c48.c -index 901b5ccb032d..f8a4f91f36c7 100644 ---- a/drivers/gpio/gpio-ws16c48.c -+++ b/drivers/gpio/gpio-ws16c48.c -@@ -30,11 +30,11 @@ - - static unsigned int base[MAX_NUM_WS16C48]; - static unsigned int num_ws16c48; --module_param_array(base, uint, &num_ws16c48, 0); -+module_param_hw_array(base, uint, ioport, &num_ws16c48, 0); - MODULE_PARM_DESC(base, "WinSystems WS16C48 base addresses"); - - static unsigned int irq[MAX_NUM_WS16C48]; --module_param_array(irq, uint, NULL, 0); -+module_param_hw_array(irq, uint, irq, NULL, 0); - MODULE_PARM_DESC(irq, "WinSystems WS16C48 interrupt line numbers"); - - /** diff --git a/debian/patches/features/all/lockdown/0009-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0009-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 871e4c958..000000000 --- a/debian/patches/features/all/lockdown/0009-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,157 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:23 +0100 -Subject: [09/62] Annotate hardware config module parameters in drivers/i2c/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e03e00c1c3dc3178b092971000390bbc1cbcea6c - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/i2c/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Wolfram Sang -cc: Jean Delvare -cc: linux-i2c@vger.kernel.org ---- - drivers/i2c/busses/i2c-ali15x3.c | 2 +- - drivers/i2c/busses/i2c-elektor.c | 6 +++--- - drivers/i2c/busses/i2c-parport-light.c | 4 ++-- - drivers/i2c/busses/i2c-pca-isa.c | 4 ++-- - drivers/i2c/busses/i2c-piix4.c | 2 +- - drivers/i2c/busses/i2c-sis5595.c | 2 +- - drivers/i2c/busses/i2c-viapro.c | 2 +- - drivers/i2c/busses/scx200_acb.c | 2 +- - 8 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/drivers/i2c/busses/i2c-ali15x3.c b/drivers/i2c/busses/i2c-ali15x3.c -index 45c5c4883022..6e6bf46bcb52 100644 ---- a/drivers/i2c/busses/i2c-ali15x3.c -+++ b/drivers/i2c/busses/i2c-ali15x3.c -@@ -119,7 +119,7 @@ - /* If force_addr is set to anything different from 0, we forcibly enable - the device at the given address. */ - static u16 force_addr; --module_param(force_addr, ushort, 0); -+module_param_hw(force_addr, ushort, ioport, 0); - MODULE_PARM_DESC(force_addr, - "Initialize the base address of the i2c controller"); - -diff --git a/drivers/i2c/busses/i2c-elektor.c b/drivers/i2c/busses/i2c-elektor.c -index 8af62fb3fe41..5416003e0605 100644 ---- a/drivers/i2c/busses/i2c-elektor.c -+++ b/drivers/i2c/busses/i2c-elektor.c -@@ -323,9 +323,9 @@ MODULE_AUTHOR("Hans Berglund "); - MODULE_DESCRIPTION("I2C-Bus adapter routines for PCF8584 ISA bus adapter"); - MODULE_LICENSE("GPL"); - --module_param(base, int, 0); --module_param(irq, int, 0); -+module_param_hw(base, int, ioport_or_iomem, 0); -+module_param_hw(irq, int, irq, 0); - module_param(clock, int, 0); - module_param(own, int, 0); --module_param(mmapped, int, 0); -+module_param_hw(mmapped, int, other, 0); - module_isa_driver(i2c_elektor_driver, 1); -diff --git a/drivers/i2c/busses/i2c-parport-light.c b/drivers/i2c/busses/i2c-parport-light.c -index 1bcdd10b68b9..faa8fb8f2b8f 100644 ---- a/drivers/i2c/busses/i2c-parport-light.c -+++ b/drivers/i2c/busses/i2c-parport-light.c -@@ -38,11 +38,11 @@ - static struct platform_device *pdev; - - static u16 base; --module_param(base, ushort, 0); -+module_param_hw(base, ushort, ioport, 0); - MODULE_PARM_DESC(base, "Base I/O address"); - - static int irq; --module_param(irq, int, 0); -+module_param_hw(irq, int, irq, 0); - MODULE_PARM_DESC(irq, "IRQ (optional)"); - - /* ----- Low-level parallel port access ----------------------------------- */ -diff --git a/drivers/i2c/busses/i2c-pca-isa.c b/drivers/i2c/busses/i2c-pca-isa.c -index ba88f17f636c..946ac646de2a 100644 ---- a/drivers/i2c/busses/i2c-pca-isa.c -+++ b/drivers/i2c/busses/i2c-pca-isa.c -@@ -197,9 +197,9 @@ MODULE_AUTHOR("Ian Campbell "); - MODULE_DESCRIPTION("ISA base PCA9564/PCA9665 driver"); - MODULE_LICENSE("GPL"); - --module_param(base, ulong, 0); -+module_param_hw(base, ulong, ioport, 0); - MODULE_PARM_DESC(base, "I/O base address"); --module_param(irq, int, 0); -+module_param_hw(irq, int, irq, 0); - MODULE_PARM_DESC(irq, "IRQ"); - module_param(clock, int, 0); - MODULE_PARM_DESC(clock, "Clock rate in hertz.\n\t\t" -diff --git a/drivers/i2c/busses/i2c-piix4.c b/drivers/i2c/busses/i2c-piix4.c -index c21ca7bf2efe..0ecdb47a23ab 100644 ---- a/drivers/i2c/busses/i2c-piix4.c -+++ b/drivers/i2c/busses/i2c-piix4.c -@@ -106,7 +106,7 @@ MODULE_PARM_DESC(force, "Forcibly enable the PIIX4. DANGEROUS!"); - /* If force_addr is set to anything different from 0, we forcibly enable - the PIIX4 at the given address. VERY DANGEROUS! */ - static int force_addr; --module_param (force_addr, int, 0); -+module_param_hw(force_addr, int, ioport, 0); - MODULE_PARM_DESC(force_addr, - "Forcibly enable the PIIX4 at the given address. " - "EXTREMELY DANGEROUS!"); -diff --git a/drivers/i2c/busses/i2c-sis5595.c b/drivers/i2c/busses/i2c-sis5595.c -index 7d58a40faf2d..d543a9867ba4 100644 ---- a/drivers/i2c/busses/i2c-sis5595.c -+++ b/drivers/i2c/busses/i2c-sis5595.c -@@ -119,7 +119,7 @@ static int blacklist[] = { - /* If force_addr is set to anything different from 0, we forcibly enable - the device at the given address. */ - static u16 force_addr; --module_param(force_addr, ushort, 0); -+module_param_hw(force_addr, ushort, ioport, 0); - MODULE_PARM_DESC(force_addr, "Initialize the base address of the i2c controller"); - - static struct pci_driver sis5595_driver; -diff --git a/drivers/i2c/busses/i2c-viapro.c b/drivers/i2c/busses/i2c-viapro.c -index 0ee2646f3b00..0dc45e12bb1d 100644 ---- a/drivers/i2c/busses/i2c-viapro.c -+++ b/drivers/i2c/busses/i2c-viapro.c -@@ -94,7 +94,7 @@ MODULE_PARM_DESC(force, "Forcibly enable the SMBus. DANGEROUS!"); - /* If force_addr is set to anything different from 0, we forcibly enable - the VT596 at the given address. VERY DANGEROUS! */ - static u16 force_addr; --module_param(force_addr, ushort, 0); -+module_param_hw(force_addr, ushort, ioport, 0); - MODULE_PARM_DESC(force_addr, - "Forcibly enable the SMBus at the given address. " - "EXTREMELY DANGEROUS!"); -diff --git a/drivers/i2c/busses/scx200_acb.c b/drivers/i2c/busses/scx200_acb.c -index 0a7e410b6195..e0923bee8d1f 100644 ---- a/drivers/i2c/busses/scx200_acb.c -+++ b/drivers/i2c/busses/scx200_acb.c -@@ -42,7 +42,7 @@ MODULE_LICENSE("GPL"); - - #define MAX_DEVICES 4 - static int base[MAX_DEVICES] = { 0x820, 0x840 }; --module_param_array(base, int, NULL, 0); -+module_param_hw_array(base, int, ioport, NULL, 0); - MODULE_PARM_DESC(base, "Base addresses for the ACCESS.bus controllers"); - - #define POLL_TIMEOUT (HZ/5) diff --git a/debian/patches/features/all/lockdown/0010-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0010-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 930e5f180..000000000 --- a/debian/patches/features/all/lockdown/0010-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:23 +0100 -Subject: [10/62] Annotate hardware config module parameters in drivers/iio/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=104ad466c252fa90cc84d4dd4e0aa5074c43f47e - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/iio/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -Acked-by: William Breathitt Gray -Acked-by: Jonathan Cameron -cc: linux-iio@vger.kernel.org ---- - drivers/iio/adc/stx104.c | 2 +- - drivers/iio/dac/cio-dac.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/iio/adc/stx104.c b/drivers/iio/adc/stx104.c -index be2de48844bc..7dd396f88f6b 100644 ---- a/drivers/iio/adc/stx104.c -+++ b/drivers/iio/adc/stx104.c -@@ -49,7 +49,7 @@ - - static unsigned int base[max_num_isa_dev(STX104_EXTENT)]; - static unsigned int num_stx104; --module_param_array(base, uint, &num_stx104, 0); -+module_param_hw_array(base, uint, ioport, &num_stx104, 0); - MODULE_PARM_DESC(base, "Apex Embedded Systems STX104 base addresses"); - - /** -diff --git a/drivers/iio/dac/cio-dac.c b/drivers/iio/dac/cio-dac.c -index 5a743e2a779d..dac086129edf 100644 ---- a/drivers/iio/dac/cio-dac.c -+++ b/drivers/iio/dac/cio-dac.c -@@ -39,7 +39,7 @@ - - static unsigned int base[max_num_isa_dev(CIO_DAC_EXTENT)]; - static unsigned int num_cio_dac; --module_param_array(base, uint, &num_cio_dac, 0); -+module_param_hw_array(base, uint, ioport, &num_cio_dac, 0); - MODULE_PARM_DESC(base, "Measurement Computing CIO-DAC base addresses"); - - /** diff --git a/debian/patches/features/all/lockdown/0011-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0011-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index a848503a3..000000000 --- a/debian/patches/features/all/lockdown/0011-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,79 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:23 +0100 -Subject: [11/62] Annotate hardware config module parameters in drivers/input/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=5b90489efd9bb9b2b9e68b2b4e803985fa890cb8 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/input/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -Acked-by: Dmitry Torokhov -cc: linux-input@vger.kernel.org ---- - drivers/input/mouse/inport.c | 2 +- - drivers/input/mouse/logibm.c | 2 +- - drivers/input/touchscreen/mk712.c | 4 ++-- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/input/mouse/inport.c b/drivers/input/mouse/inport.c -index 3827a22362de..9ce71dfa0de1 100644 ---- a/drivers/input/mouse/inport.c -+++ b/drivers/input/mouse/inport.c -@@ -78,7 +78,7 @@ MODULE_LICENSE("GPL"); - #define INPORT_IRQ 5 - - static int inport_irq = INPORT_IRQ; --module_param_named(irq, inport_irq, uint, 0); -+module_param_hw_named(irq, inport_irq, uint, irq, 0); - MODULE_PARM_DESC(irq, "IRQ number (5=default)"); - - static struct input_dev *inport_dev; -diff --git a/drivers/input/mouse/logibm.c b/drivers/input/mouse/logibm.c -index e2413113df22..6f165e053f4d 100644 ---- a/drivers/input/mouse/logibm.c -+++ b/drivers/input/mouse/logibm.c -@@ -69,7 +69,7 @@ MODULE_LICENSE("GPL"); - #define LOGIBM_IRQ 5 - - static int logibm_irq = LOGIBM_IRQ; --module_param_named(irq, logibm_irq, uint, 0); -+module_param_hw_named(irq, logibm_irq, uint, irq, 0); - MODULE_PARM_DESC(irq, "IRQ number (5=default)"); - - static struct input_dev *logibm_dev; -diff --git a/drivers/input/touchscreen/mk712.c b/drivers/input/touchscreen/mk712.c -index 36e57deacd03..bd5352824f77 100644 ---- a/drivers/input/touchscreen/mk712.c -+++ b/drivers/input/touchscreen/mk712.c -@@ -50,11 +50,11 @@ MODULE_DESCRIPTION("ICS MicroClock MK712 TouchScreen driver"); - MODULE_LICENSE("GPL"); - - static unsigned int mk712_io = 0x260; /* Also 0x200, 0x208, 0x300 */ --module_param_named(io, mk712_io, uint, 0); -+module_param_hw_named(io, mk712_io, uint, ioport, 0); - MODULE_PARM_DESC(io, "I/O base address of MK712 touchscreen controller"); - - static unsigned int mk712_irq = 10; /* Also 12, 14, 15 */ --module_param_named(irq, mk712_irq, uint, 0); -+module_param_hw_named(irq, mk712_irq, uint, irq, 0); - MODULE_PARM_DESC(irq, "IRQ of MK712 touchscreen controller"); - - /* eight 8-bit registers */ diff --git a/debian/patches/features/all/lockdown/0012-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0012-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 368a3f597..000000000 --- a/debian/patches/features/all/lockdown/0012-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,88 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:24 +0100 -Subject: [12/62] Annotate hardware config module parameters in drivers/isdn/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=7968519108dc80b5da2fe7a8e6aa27c296586c25 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/isdn/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Karsten Keil -cc: netdev@vger.kernel.org ---- - drivers/isdn/hardware/avm/b1isa.c | 4 ++-- - drivers/isdn/hardware/avm/t1isa.c | 4 ++-- - drivers/isdn/hisax/config.c | 10 +++++----- - 3 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/drivers/isdn/hardware/avm/b1isa.c b/drivers/isdn/hardware/avm/b1isa.c -index 31ef8130a87f..54e871a47387 100644 ---- a/drivers/isdn/hardware/avm/b1isa.c -+++ b/drivers/isdn/hardware/avm/b1isa.c -@@ -169,8 +169,8 @@ static struct pci_dev isa_dev[MAX_CARDS]; - static int io[MAX_CARDS]; - static int irq[MAX_CARDS]; - --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(io, "I/O base address(es)"); - MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)"); - -diff --git a/drivers/isdn/hardware/avm/t1isa.c b/drivers/isdn/hardware/avm/t1isa.c -index 72ef18853951..9516203c735f 100644 ---- a/drivers/isdn/hardware/avm/t1isa.c -+++ b/drivers/isdn/hardware/avm/t1isa.c -@@ -516,8 +516,8 @@ static int io[MAX_CARDS]; - static int irq[MAX_CARDS]; - static int cardnr[MAX_CARDS]; - --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - module_param_array(cardnr, int, NULL, 0); - MODULE_PARM_DESC(io, "I/O base address(es)"); - MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)"); -diff --git a/drivers/isdn/hisax/config.c b/drivers/isdn/hisax/config.c -index 2d12c6ceeb89..c7d68675b028 100644 ---- a/drivers/isdn/hisax/config.c -+++ b/drivers/isdn/hisax/config.c -@@ -350,13 +350,13 @@ MODULE_AUTHOR("Karsten Keil"); - MODULE_LICENSE("GPL"); - module_param_array(type, int, NULL, 0); - module_param_array(protocol, int, NULL, 0); --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); --module_param_array(mem, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); -+module_param_hw_array(mem, int, iomem, NULL, 0); - module_param(id, charp, 0); - #ifdef IO0_IO1 --module_param_array(io0, int, NULL, 0); --module_param_array(io1, int, NULL, 0); -+module_param_hw_array(io0, int, ioport, NULL, 0); -+module_param_hw_array(io1, int, ioport, NULL, 0); - #endif - #endif /* MODULE */ - diff --git a/debian/patches/features/all/lockdown/0013-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0013-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index ab8c5e7e3..000000000 --- a/debian/patches/features/all/lockdown/0013-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,83 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:24 +0100 -Subject: [13/62] Annotate hardware config module parameters in drivers/media/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=9e256c58933510b128a6f00691f751ef55ea1fd2 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/media/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Mauro Carvalho Chehab -cc: mjpeg-users@lists.sourceforge.net -cc: linux-media@vger.kernel.org ---- - drivers/media/pci/zoran/zoran_card.c | 2 +- - drivers/media/rc/serial_ir.c | 10 +++++----- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/drivers/media/pci/zoran/zoran_card.c b/drivers/media/pci/zoran/zoran_card.c -index 5266755add63..4680f001653a 100644 ---- a/drivers/media/pci/zoran/zoran_card.c -+++ b/drivers/media/pci/zoran/zoran_card.c -@@ -69,7 +69,7 @@ MODULE_PARM_DESC(card, "Card type"); - */ - - static unsigned long vidmem; /* default = 0 - Video memory base address */ --module_param(vidmem, ulong, 0444); -+module_param_hw(vidmem, ulong, iomem, 0444); - MODULE_PARM_DESC(vidmem, "Default video memory base address"); - - /* -diff --git a/drivers/media/rc/serial_ir.c b/drivers/media/rc/serial_ir.c -index 41b54e40176c..40d305842a9b 100644 ---- a/drivers/media/rc/serial_ir.c -+++ b/drivers/media/rc/serial_ir.c -@@ -833,11 +833,11 @@ MODULE_LICENSE("GPL"); - module_param(type, int, 0444); - MODULE_PARM_DESC(type, "Hardware type (0 = home-brew, 1 = IRdeo, 2 = IRdeo Remote, 3 = AnimaX, 4 = IgorPlug"); - --module_param(io, int, 0444); -+module_param_hw(io, int, ioport, 0444); - MODULE_PARM_DESC(io, "I/O address base (0x3f8 or 0x2f8)"); - - /* some architectures (e.g. intel xscale) have memory mapped registers */ --module_param(iommap, bool, 0444); -+module_param_hw(iommap, bool, other, 0444); - MODULE_PARM_DESC(iommap, "physical base for memory mapped I/O (0 = no memory mapped io)"); - - /* -@@ -845,13 +845,13 @@ MODULE_PARM_DESC(iommap, "physical base for memory mapped I/O (0 = no memory map - * on 32bit word boundaries. - * See linux-kernel/drivers/tty/serial/8250/8250.c serial_in()/out() - */ --module_param(ioshift, int, 0444); -+module_param_hw(ioshift, int, other, 0444); - MODULE_PARM_DESC(ioshift, "shift I/O register offset (0 = no shift)"); - --module_param(irq, int, 0444); -+module_param_hw(irq, int, irq, 0444); - MODULE_PARM_DESC(irq, "Interrupt (4 or 3)"); - --module_param(share_irq, bool, 0444); -+module_param_hw(share_irq, bool, other, 0444); - MODULE_PARM_DESC(share_irq, "Share interrupts (0 = off, 1 = on)"); - - module_param(sense, int, 0444); diff --git a/debian/patches/features/all/lockdown/0014-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0014-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 84d3f41fb..000000000 --- a/debian/patches/features/all/lockdown/0014-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:24 +0100 -Subject: [14/62] Annotate hardware config module parameters in drivers/misc/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=78c42a679f4795421aa74c469bbce417f9eed08d - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/misc/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Arnd Bergmann -cc: Greg Kroah-Hartman ---- - drivers/misc/dummy-irq.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/misc/dummy-irq.c b/drivers/misc/dummy-irq.c -index acbbe0390be4..76a1015d5783 100644 ---- a/drivers/misc/dummy-irq.c -+++ b/drivers/misc/dummy-irq.c -@@ -59,6 +59,6 @@ module_exit(dummy_irq_exit); - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Jiri Kosina"); --module_param(irq, uint, 0444); -+module_param_hw(irq, uint, irq, 0444); - MODULE_PARM_DESC(irq, "The IRQ to register for"); - MODULE_DESCRIPTION("Dummy IRQ handler driver"); diff --git a/debian/patches/features/all/lockdown/0015-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0015-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index d7c9637d4..000000000 --- a/debian/patches/features/all/lockdown/0015-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,55 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:25 +0100 -Subject: [15/62] Annotate hardware config module parameters in - drivers/mmc/host/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=eddcdc1bef4e3fa95de7f670e0aeaca85e2ab9af - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/mmc/host/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Pierre Ossman -cc: Ulf Hansson -cc: linux-mmc@vger.kernel.org ---- - drivers/mmc/host/wbsd.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/mmc/host/wbsd.c b/drivers/mmc/host/wbsd.c -index bd04e8bae010..e15a9733fcfd 100644 ---- a/drivers/mmc/host/wbsd.c -+++ b/drivers/mmc/host/wbsd.c -@@ -2001,11 +2001,11 @@ static void __exit wbsd_drv_exit(void) - module_init(wbsd_drv_init); - module_exit(wbsd_drv_exit); - #ifdef CONFIG_PNP --module_param_named(nopnp, param_nopnp, uint, 0444); -+module_param_hw_named(nopnp, param_nopnp, uint, other, 0444); - #endif --module_param_named(io, param_io, uint, 0444); --module_param_named(irq, param_irq, uint, 0444); --module_param_named(dma, param_dma, int, 0444); -+module_param_hw_named(io, param_io, uint, ioport, 0444); -+module_param_hw_named(irq, param_irq, uint, irq, 0444); -+module_param_hw_named(dma, param_dma, int, dma, 0444); - - MODULE_LICENSE("GPL"); - MODULE_AUTHOR("Pierre Ossman "); diff --git a/debian/patches/features/all/lockdown/0016-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0016-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index b4e8cee71..000000000 --- a/debian/patches/features/all/lockdown/0016-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:25 +0100 -Subject: [16/62] Annotate hardware config module parameters in - drivers/net/appletalk/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=78e66f194ab1de8df4088761add8e9e747d8e9c3 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/net/appletalk/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Arnaldo Carvalho de Melo -cc: netdev@vger.kernel.org -[bwh: Drop changes to cops driver, which we removed] ---- ---- a/drivers/net/appletalk/ltpc.c -+++ b/drivers/net/appletalk/ltpc.c -@@ -1231,9 +1231,9 @@ static struct net_device *dev_ltpc; - - MODULE_LICENSE("GPL"); - module_param(debug, int, 0); --module_param(io, int, 0); --module_param(irq, int, 0); --module_param(dma, int, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(irq, int, irq, 0); -+module_param_hw(dma, int, dma, 0); - - - static int __init ltpc_module_init(void) diff --git a/debian/patches/features/all/lockdown/0017-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0017-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 9909a8452..000000000 --- a/debian/patches/features/all/lockdown/0017-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,81 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:25 +0100 -Subject: [17/62] Annotate hardware config module parameters in - drivers/net/arcnet/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=7606cd506c88e6f9a0f001c57fb1bd9d4d648db8 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/net/arcnet/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Michael Grzeschik -cc: netdev@vger.kernel.org ---- - drivers/net/arcnet/com20020-isa.c | 4 ++-- - drivers/net/arcnet/com90io.c | 4 ++-- - drivers/net/arcnet/com90xx.c | 4 ++-- - 3 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/drivers/net/arcnet/com20020-isa.c b/drivers/net/arcnet/com20020-isa.c -index b9e9931353b2..38fa60ddaf2e 100644 ---- a/drivers/net/arcnet/com20020-isa.c -+++ b/drivers/net/arcnet/com20020-isa.c -@@ -129,8 +129,8 @@ static int clockp = 0; - static int clockm = 0; - - module_param(node, int, 0); --module_param(io, int, 0); --module_param(irq, int, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(irq, int, irq, 0); - module_param_string(device, device, sizeof(device), 0); - module_param(timeout, int, 0); - module_param(backplane, int, 0); -diff --git a/drivers/net/arcnet/com90io.c b/drivers/net/arcnet/com90io.c -index b57863df5bf5..4e56aaf2b984 100644 ---- a/drivers/net/arcnet/com90io.c -+++ b/drivers/net/arcnet/com90io.c -@@ -347,8 +347,8 @@ static int io; /* use the insmod io= irq= shmem= options */ - static int irq; - static char device[9]; /* use eg. device=arc1 to change name */ - --module_param(io, int, 0); --module_param(irq, int, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(irq, int, irq, 0); - module_param_string(device, device, sizeof(device), 0); - MODULE_LICENSE("GPL"); - -diff --git a/drivers/net/arcnet/com90xx.c b/drivers/net/arcnet/com90xx.c -index 81f90c4703ae..ca4a57c30bf8 100644 ---- a/drivers/net/arcnet/com90xx.c -+++ b/drivers/net/arcnet/com90xx.c -@@ -88,8 +88,8 @@ static int irq; - static int shmem; - static char device[9]; /* use eg. device=arc1 to change name */ - --module_param(io, int, 0); --module_param(irq, int, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(irq, int, irq, 0); - module_param(shmem, int, 0); - module_param_string(device, device, sizeof(device), 0); - diff --git a/debian/patches/features/all/lockdown/0018-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0018-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index b854537a7..000000000 --- a/debian/patches/features/all/lockdown/0018-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:25 +0100 -Subject: [18/62] Annotate hardware config module parameters in - drivers/net/can/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=062a92aff0917dc6c418648979564e1632924f2e - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/net/can/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -Acked-by: Marc Kleine-Budde -cc: Wolfgang Grandegger -cc: linux-can@vger.kernel.org -cc: netdev@vger.kernel.org ---- - drivers/net/can/cc770/cc770_isa.c | 8 ++++---- - drivers/net/can/sja1000/sja1000_isa.c | 8 ++++---- - 2 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/drivers/net/can/cc770/cc770_isa.c b/drivers/net/can/cc770/cc770_isa.c -index e0d15711e9ac..3a30fd3b4498 100644 ---- a/drivers/net/can/cc770/cc770_isa.c -+++ b/drivers/net/can/cc770/cc770_isa.c -@@ -82,16 +82,16 @@ static u8 cor[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff}; - static u8 bcr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff}; - static int indirect[MAXDEV] = {[0 ... (MAXDEV - 1)] = -1}; - --module_param_array(port, ulong, NULL, S_IRUGO); -+module_param_hw_array(port, ulong, ioport, NULL, S_IRUGO); - MODULE_PARM_DESC(port, "I/O port number"); - --module_param_array(mem, ulong, NULL, S_IRUGO); -+module_param_hw_array(mem, ulong, iomem, NULL, S_IRUGO); - MODULE_PARM_DESC(mem, "I/O memory address"); - --module_param_array(indirect, int, NULL, S_IRUGO); -+module_param_hw_array(indirect, int, ioport, NULL, S_IRUGO); - MODULE_PARM_DESC(indirect, "Indirect access via address and data port"); - --module_param_array(irq, int, NULL, S_IRUGO); -+module_param_hw_array(irq, int, irq, NULL, S_IRUGO); - MODULE_PARM_DESC(irq, "IRQ number"); - - module_param_array(clk, int, NULL, S_IRUGO); -diff --git a/drivers/net/can/sja1000/sja1000_isa.c b/drivers/net/can/sja1000/sja1000_isa.c -index e97e6d35b300..a89c1e92554d 100644 ---- a/drivers/net/can/sja1000/sja1000_isa.c -+++ b/drivers/net/can/sja1000/sja1000_isa.c -@@ -48,16 +48,16 @@ static unsigned char ocr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff}; - static int indirect[MAXDEV] = {[0 ... (MAXDEV - 1)] = -1}; - static spinlock_t indirect_lock[MAXDEV]; /* lock for indirect access mode */ - --module_param_array(port, ulong, NULL, S_IRUGO); -+module_param_hw_array(port, ulong, ioport, NULL, S_IRUGO); - MODULE_PARM_DESC(port, "I/O port number"); - --module_param_array(mem, ulong, NULL, S_IRUGO); -+module_param_hw_array(mem, ulong, iomem, NULL, S_IRUGO); - MODULE_PARM_DESC(mem, "I/O memory address"); - --module_param_array(indirect, int, NULL, S_IRUGO); -+module_param_hw_array(indirect, int, ioport, NULL, S_IRUGO); - MODULE_PARM_DESC(indirect, "Indirect access via address and data port"); - --module_param_array(irq, int, NULL, S_IRUGO); -+module_param_hw_array(irq, int, irq, NULL, S_IRUGO); - MODULE_PARM_DESC(irq, "IRQ number"); - - module_param_array(clk, int, NULL, S_IRUGO); diff --git a/debian/patches/features/all/lockdown/0019-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0019-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 20f4f3bc1..000000000 --- a/debian/patches/features/all/lockdown/0019-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,234 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:26 +0100 -Subject: [19/62] Annotate hardware config module parameters in - drivers/net/ethernet/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=36f7a604f8c2b0564722e84b903d6de6c2644f85 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/net/ethernet/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Steffen Klassert -cc: Jaroslav Kysela -cc: netdev@vger.kernel.org -cc: linux-parisc@vger.kernel.org ---- - drivers/net/ethernet/3com/3c509.c | 2 +- - drivers/net/ethernet/3com/3c59x.c | 4 ++-- - drivers/net/ethernet/8390/ne.c | 4 ++-- - drivers/net/ethernet/8390/smc-ultra.c | 4 ++-- - drivers/net/ethernet/8390/wd.c | 8 ++++---- - drivers/net/ethernet/amd/lance.c | 6 +++--- - drivers/net/ethernet/amd/ni65.c | 6 +++--- - drivers/net/ethernet/cirrus/cs89x0.c | 6 +++--- - drivers/net/ethernet/dec/tulip/de4x5.c | 2 +- - drivers/net/ethernet/hp/hp100.c | 2 +- - drivers/net/ethernet/realtek/atp.c | 4 ++-- - drivers/net/ethernet/smsc/smc9194.c | 4 ++-- - 12 files changed, 26 insertions(+), 26 deletions(-) - -diff --git a/drivers/net/ethernet/3com/3c509.c b/drivers/net/ethernet/3com/3c509.c -index c7f9f2c77da7..db8592d412ab 100644 ---- a/drivers/net/ethernet/3com/3c509.c -+++ b/drivers/net/ethernet/3com/3c509.c -@@ -1371,7 +1371,7 @@ el3_resume(struct device *pdev) - #endif /* CONFIG_PM */ - - module_param(debug,int, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - module_param(max_interrupt_work, int, 0); - MODULE_PARM_DESC(debug, "debug level (0-6)"); - MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)"); -diff --git a/drivers/net/ethernet/3com/3c59x.c b/drivers/net/ethernet/3com/3c59x.c -index 40196f41768a..e41245a54f8b 100644 ---- a/drivers/net/ethernet/3com/3c59x.c -+++ b/drivers/net/ethernet/3com/3c59x.c -@@ -813,8 +813,8 @@ module_param(global_enable_wol, int, 0); - module_param_array(enable_wol, int, NULL, 0); - module_param(rx_copybreak, int, 0); - module_param(max_interrupt_work, int, 0); --module_param(compaq_ioaddr, int, 0); --module_param(compaq_irq, int, 0); -+module_param_hw(compaq_ioaddr, int, ioport, 0); -+module_param_hw(compaq_irq, int, irq, 0); - module_param(compaq_device_id, int, 0); - module_param(watchdog, int, 0); - module_param(global_use_mmio, int, 0); -diff --git a/drivers/net/ethernet/8390/ne.c b/drivers/net/ethernet/8390/ne.c -index c063b410a163..66f47987e2a2 100644 ---- a/drivers/net/ethernet/8390/ne.c -+++ b/drivers/net/ethernet/8390/ne.c -@@ -74,8 +74,8 @@ static int bad[MAX_NE_CARDS]; - static u32 ne_msg_enable; - - #ifdef MODULE --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - module_param_array(bad, int, NULL, 0); - module_param_named(msg_enable, ne_msg_enable, uint, (S_IRUSR|S_IRGRP|S_IROTH)); - MODULE_PARM_DESC(io, "I/O base address(es),required"); -diff --git a/drivers/net/ethernet/8390/smc-ultra.c b/drivers/net/ethernet/8390/smc-ultra.c -index 364b6514f65f..4e02f6a23575 100644 ---- a/drivers/net/ethernet/8390/smc-ultra.c -+++ b/drivers/net/ethernet/8390/smc-ultra.c -@@ -561,8 +561,8 @@ static struct net_device *dev_ultra[MAX_ULTRA_CARDS]; - static int io[MAX_ULTRA_CARDS]; - static int irq[MAX_ULTRA_CARDS]; - --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - module_param_named(msg_enable, ultra_msg_enable, uint, (S_IRUSR|S_IRGRP|S_IROTH)); - MODULE_PARM_DESC(io, "I/O base address(es)"); - MODULE_PARM_DESC(irq, "IRQ number(s) (assigned)"); -diff --git a/drivers/net/ethernet/8390/wd.c b/drivers/net/ethernet/8390/wd.c -index ad019cbc698f..6efa2722f850 100644 ---- a/drivers/net/ethernet/8390/wd.c -+++ b/drivers/net/ethernet/8390/wd.c -@@ -503,10 +503,10 @@ static int irq[MAX_WD_CARDS]; - static int mem[MAX_WD_CARDS]; - static int mem_end[MAX_WD_CARDS]; /* for non std. mem size */ - --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); --module_param_array(mem, int, NULL, 0); --module_param_array(mem_end, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); -+module_param_hw_array(mem, int, iomem, NULL, 0); -+module_param_hw_array(mem_end, int, iomem, NULL, 0); - module_param_named(msg_enable, wd_msg_enable, uint, (S_IRUSR|S_IRGRP|S_IROTH)); - MODULE_PARM_DESC(io, "I/O base address(es)"); - MODULE_PARM_DESC(irq, "IRQ number(s) (ignored for PureData boards)"); -diff --git a/drivers/net/ethernet/amd/lance.c b/drivers/net/ethernet/amd/lance.c -index 61a641f23149..12a6a93d221b 100644 ---- a/drivers/net/ethernet/amd/lance.c -+++ b/drivers/net/ethernet/amd/lance.c -@@ -318,9 +318,9 @@ static int io[MAX_CARDS]; - static int dma[MAX_CARDS]; - static int irq[MAX_CARDS]; - --module_param_array(io, int, NULL, 0); --module_param_array(dma, int, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(dma, int, dma, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - module_param(lance_debug, int, 0); - MODULE_PARM_DESC(io, "LANCE/PCnet I/O base address(es),required"); - MODULE_PARM_DESC(dma, "LANCE/PCnet ISA DMA channel (ignored for some devices)"); -diff --git a/drivers/net/ethernet/amd/ni65.c b/drivers/net/ethernet/amd/ni65.c -index 5985bf220a8d..e248d1ab3e47 100644 ---- a/drivers/net/ethernet/amd/ni65.c -+++ b/drivers/net/ethernet/amd/ni65.c -@@ -1227,9 +1227,9 @@ static void set_multicast_list(struct net_device *dev) - #ifdef MODULE - static struct net_device *dev_ni65; - --module_param(irq, int, 0); --module_param(io, int, 0); --module_param(dma, int, 0); -+module_param_hw(irq, int, irq, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(dma, int, dma, 0); - MODULE_PARM_DESC(irq, "ni6510 IRQ number (ignored for some cards)"); - MODULE_PARM_DESC(io, "ni6510 I/O base address"); - MODULE_PARM_DESC(dma, "ni6510 ISA DMA channel (ignored for some cards)"); -diff --git a/drivers/net/ethernet/cirrus/cs89x0.c b/drivers/net/ethernet/cirrus/cs89x0.c -index 3647b28e8de0..8f660d9761cc 100644 ---- a/drivers/net/ethernet/cirrus/cs89x0.c -+++ b/drivers/net/ethernet/cirrus/cs89x0.c -@@ -1704,12 +1704,12 @@ static int use_dma; /* These generate unused var warnings if ALLOW_DMA = 0 */ - static int dma; - static int dmasize = 16; /* or 64 */ - --module_param(io, int, 0); --module_param(irq, int, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(irq, int, irq, 0); - module_param(debug, int, 0); - module_param_string(media, media, sizeof(media), 0); - module_param(duplex, int, 0); --module_param(dma , int, 0); -+module_param_hw(dma , int, dma, 0); - module_param(dmasize , int, 0); - module_param(use_dma , int, 0); - MODULE_PARM_DESC(io, "cs89x0 I/O base address"); -diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c -index df4a871df633..fd6bcf024729 100644 ---- a/drivers/net/ethernet/dec/tulip/de4x5.c -+++ b/drivers/net/ethernet/dec/tulip/de4x5.c -@@ -1015,7 +1015,7 @@ static int compact_infoblock(struct net_device *dev, u_char count, u_char *p - - static int io=0x0;/* EDIT THIS LINE FOR YOUR CONFIGURATION IF NEEDED */ - --module_param(io, int, 0); -+module_param_hw(io, int, ioport, 0); - module_param(de4x5_debug, int, 0); - module_param(dec_only, int, 0); - module_param(args, charp, 0); -diff --git a/drivers/net/ethernet/hp/hp100.c b/drivers/net/ethernet/hp/hp100.c -index 1a31bee6e728..5673b071e39d 100644 ---- a/drivers/net/ethernet/hp/hp100.c -+++ b/drivers/net/ethernet/hp/hp100.c -@@ -2966,7 +2966,7 @@ MODULE_DESCRIPTION("HP CASCADE Architecture Driver for 100VG-AnyLan Network Adap - #define HP100_DEVICES 5 - /* Parameters set by insmod */ - static int hp100_port[HP100_DEVICES] = { 0, [1 ... (HP100_DEVICES-1)] = -1 }; --module_param_array(hp100_port, int, NULL, 0); -+module_param_hw_array(hp100_port, int, ioport, NULL, 0); - - /* List of devices */ - static struct net_device *hp100_devlist[HP100_DEVICES]; -diff --git a/drivers/net/ethernet/realtek/atp.c b/drivers/net/ethernet/realtek/atp.c -index 9bcd4aefc9c5..bed34684994f 100644 ---- a/drivers/net/ethernet/realtek/atp.c -+++ b/drivers/net/ethernet/realtek/atp.c -@@ -151,8 +151,8 @@ MODULE_LICENSE("GPL"); - - module_param(max_interrupt_work, int, 0); - module_param(debug, int, 0); --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - module_param_array(xcvr, int, NULL, 0); - MODULE_PARM_DESC(max_interrupt_work, "ATP maximum events handled per interrupt"); - MODULE_PARM_DESC(debug, "ATP debug level (0-7)"); -diff --git a/drivers/net/ethernet/smsc/smc9194.c b/drivers/net/ethernet/smsc/smc9194.c -index c8d84679ede7..d3bb2ba51f40 100644 ---- a/drivers/net/ethernet/smsc/smc9194.c -+++ b/drivers/net/ethernet/smsc/smc9194.c -@@ -1501,8 +1501,8 @@ static void smc_set_multicast_list(struct net_device *dev) - static struct net_device *devSMC9194; - MODULE_LICENSE("GPL"); - --module_param(io, int, 0); --module_param(irq, int, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(irq, int, irq, 0); - module_param(ifport, int, 0); - MODULE_PARM_DESC(io, "SMC 99194 I/O base address"); - MODULE_PARM_DESC(irq, "SMC 99194 IRQ number"); diff --git a/debian/patches/features/all/lockdown/0020-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0020-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 621ba0b18..000000000 --- a/debian/patches/features/all/lockdown/0020-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,111 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:26 +0100 -Subject: [20/62] Annotate hardware config module parameters in - drivers/net/hamradio/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=2bf23e0fa97ea5c3bad27fa6f878b6ecde838ea4 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/net/hamradio/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Thomas Sailer -cc: Joerg Reuter -cc: linux-hams@vger.kernel.org -cc: netdev@vger.kernel.org ---- - drivers/net/hamradio/baycom_epp.c | 2 +- - drivers/net/hamradio/baycom_par.c | 2 +- - drivers/net/hamradio/baycom_ser_fdx.c | 4 ++-- - drivers/net/hamradio/baycom_ser_hdx.c | 4 ++-- - drivers/net/hamradio/dmascc.c | 2 +- - 5 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/drivers/net/hamradio/baycom_epp.c b/drivers/net/hamradio/baycom_epp.c -index 594fa1407e29..1503f10122f7 100644 ---- a/drivers/net/hamradio/baycom_epp.c -+++ b/drivers/net/hamradio/baycom_epp.c -@@ -1176,7 +1176,7 @@ static int iobase[NR_PORTS] = { 0x378, }; - - module_param_array(mode, charp, NULL, 0); - MODULE_PARM_DESC(mode, "baycom operating mode"); --module_param_array(iobase, int, NULL, 0); -+module_param_hw_array(iobase, int, ioport, NULL, 0); - MODULE_PARM_DESC(iobase, "baycom io base address"); - - MODULE_AUTHOR("Thomas M. Sailer, sailer@ife.ee.ethz.ch, hb9jnx@hb9w.che.eu"); -diff --git a/drivers/net/hamradio/baycom_par.c b/drivers/net/hamradio/baycom_par.c -index 809dc25909d1..92b13b39f426 100644 ---- a/drivers/net/hamradio/baycom_par.c -+++ b/drivers/net/hamradio/baycom_par.c -@@ -481,7 +481,7 @@ static int iobase[NR_PORTS] = { 0x378, }; - - module_param_array(mode, charp, NULL, 0); - MODULE_PARM_DESC(mode, "baycom operating mode; eg. par96 or picpar"); --module_param_array(iobase, int, NULL, 0); -+module_param_hw_array(iobase, int, ioport, NULL, 0); - MODULE_PARM_DESC(iobase, "baycom io base address"); - - MODULE_AUTHOR("Thomas M. Sailer, sailer@ife.ee.ethz.ch, hb9jnx@hb9w.che.eu"); -diff --git a/drivers/net/hamradio/baycom_ser_fdx.c b/drivers/net/hamradio/baycom_ser_fdx.c -index ebc06822fd4d..d9a646acca20 100644 ---- a/drivers/net/hamradio/baycom_ser_fdx.c -+++ b/drivers/net/hamradio/baycom_ser_fdx.c -@@ -614,9 +614,9 @@ static int baud[NR_PORTS] = { [0 ... NR_PORTS-1] = 1200 }; - - module_param_array(mode, charp, NULL, 0); - MODULE_PARM_DESC(mode, "baycom operating mode; * for software DCD"); --module_param_array(iobase, int, NULL, 0); -+module_param_hw_array(iobase, int, ioport, NULL, 0); - MODULE_PARM_DESC(iobase, "baycom io base address"); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(irq, "baycom irq number"); - module_param_array(baud, int, NULL, 0); - MODULE_PARM_DESC(baud, "baycom baud rate (300 to 4800)"); -diff --git a/drivers/net/hamradio/baycom_ser_hdx.c b/drivers/net/hamradio/baycom_ser_hdx.c -index 60fcf512c208..f1c8a9ff3891 100644 ---- a/drivers/net/hamradio/baycom_ser_hdx.c -+++ b/drivers/net/hamradio/baycom_ser_hdx.c -@@ -642,9 +642,9 @@ static int irq[NR_PORTS] = { 4, }; - - module_param_array(mode, charp, NULL, 0); - MODULE_PARM_DESC(mode, "baycom operating mode; * for software DCD"); --module_param_array(iobase, int, NULL, 0); -+module_param_hw_array(iobase, int, ioport, NULL, 0); - MODULE_PARM_DESC(iobase, "baycom io base address"); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(irq, "baycom irq number"); - - MODULE_AUTHOR("Thomas M. Sailer, sailer@ife.ee.ethz.ch, hb9jnx@hb9w.che.eu"); -diff --git a/drivers/net/hamradio/dmascc.c b/drivers/net/hamradio/dmascc.c -index 2479072981a1..dec6b76bc0fb 100644 ---- a/drivers/net/hamradio/dmascc.c -+++ b/drivers/net/hamradio/dmascc.c -@@ -274,7 +274,7 @@ static unsigned long rand; - - MODULE_AUTHOR("Klaus Kudielka"); - MODULE_DESCRIPTION("Driver for high-speed SCC boards"); --module_param_array(io, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); - MODULE_LICENSE("GPL"); - - static void __exit dmascc_exit(void) diff --git a/debian/patches/features/all/lockdown/0021-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0021-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index bd760af44..000000000 --- a/debian/patches/features/all/lockdown/0021-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,125 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:26 +0100 -Subject: [21/62] Annotate hardware config module parameters in - drivers/net/irda/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=b14425b5b7dfe055d20f4e5b7e9c7013cf5784ac - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/net/irda/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Samuel Ortiz -cc: netdev@vger.kernel.org ---- - drivers/net/irda/ali-ircc.c | 6 +++--- - drivers/net/irda/nsc-ircc.c | 6 +++--- - drivers/net/irda/smsc-ircc2.c | 10 +++++----- - drivers/net/irda/w83977af_ir.c | 4 ++-- - 4 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/drivers/net/irda/ali-ircc.c b/drivers/net/irda/ali-ircc.c -index c285eafd3f1c..35f198d83701 100644 ---- a/drivers/net/irda/ali-ircc.c -+++ b/drivers/net/irda/ali-ircc.c -@@ -2207,11 +2207,11 @@ MODULE_LICENSE("GPL"); - MODULE_ALIAS("platform:" ALI_IRCC_DRIVER_NAME); - - --module_param_array(io, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); - MODULE_PARM_DESC(io, "Base I/O addresses"); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(irq, "IRQ lines"); --module_param_array(dma, int, NULL, 0); -+module_param_hw_array(dma, int, dma, NULL, 0); - MODULE_PARM_DESC(dma, "DMA channels"); - - module_init(ali_ircc_init); -diff --git a/drivers/net/irda/nsc-ircc.c b/drivers/net/irda/nsc-ircc.c -index aaecc3baaf30..7beae147be11 100644 ---- a/drivers/net/irda/nsc-ircc.c -+++ b/drivers/net/irda/nsc-ircc.c -@@ -2396,11 +2396,11 @@ MODULE_LICENSE("GPL"); - - module_param(qos_mtt_bits, int, 0); - MODULE_PARM_DESC(qos_mtt_bits, "Minimum Turn Time"); --module_param_array(io, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); - MODULE_PARM_DESC(io, "Base I/O addresses"); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(irq, "IRQ lines"); --module_param_array(dma, int, NULL, 0); -+module_param_hw_array(dma, int, dma, NULL, 0); - MODULE_PARM_DESC(dma, "DMA channels"); - module_param(dongle_id, int, 0); - MODULE_PARM_DESC(dongle_id, "Type-id of used dongle"); -diff --git a/drivers/net/irda/smsc-ircc2.c b/drivers/net/irda/smsc-ircc2.c -index dcf92ba80872..23ed89ae5ddc 100644 ---- a/drivers/net/irda/smsc-ircc2.c -+++ b/drivers/net/irda/smsc-ircc2.c -@@ -82,24 +82,24 @@ MODULE_PARM_DESC(nopnp, "Do not use PNP to detect controller settings, defaults - - #define DMA_INVAL 255 - static int ircc_dma = DMA_INVAL; --module_param(ircc_dma, int, 0); -+module_param_hw(ircc_dma, int, dma, 0); - MODULE_PARM_DESC(ircc_dma, "DMA channel"); - - #define IRQ_INVAL 255 - static int ircc_irq = IRQ_INVAL; --module_param(ircc_irq, int, 0); -+module_param_hw(ircc_irq, int, irq, 0); - MODULE_PARM_DESC(ircc_irq, "IRQ line"); - - static int ircc_fir; --module_param(ircc_fir, int, 0); -+module_param_hw(ircc_fir, int, ioport, 0); - MODULE_PARM_DESC(ircc_fir, "FIR Base Address"); - - static int ircc_sir; --module_param(ircc_sir, int, 0); -+module_param_hw(ircc_sir, int, ioport, 0); - MODULE_PARM_DESC(ircc_sir, "SIR Base Address"); - - static int ircc_cfg; --module_param(ircc_cfg, int, 0); -+module_param_hw(ircc_cfg, int, ioport, 0); - MODULE_PARM_DESC(ircc_cfg, "Configuration register base address"); - - static int ircc_transceiver; -diff --git a/drivers/net/irda/w83977af_ir.c b/drivers/net/irda/w83977af_ir.c -index 8d5b903d1d9d..282b6c9ae05b 100644 ---- a/drivers/net/irda/w83977af_ir.c -+++ b/drivers/net/irda/w83977af_ir.c -@@ -1263,9 +1263,9 @@ MODULE_LICENSE("GPL"); - - module_param(qos_mtt_bits, int, 0); - MODULE_PARM_DESC(qos_mtt_bits, "Mimimum Turn Time"); --module_param_array(io, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); - MODULE_PARM_DESC(io, "Base I/O addresses"); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(irq, "IRQ lines"); - - /* diff --git a/debian/patches/features/all/lockdown/0022-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0022-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 781baae85..000000000 --- a/debian/patches/features/all/lockdown/0022-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,112 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:27 +0100 -Subject: [22/62] Annotate hardware config module parameters in - drivers/net/wan/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=ded1b99ef0c3cc59cd79b7a8c20c844cf3374bb5 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/net/wan/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: "Jan \"Yenya\" Kasprzak" -cc: netdev@vger.kernel.org ---- - drivers/net/wan/cosa.c | 6 +++--- - drivers/net/wan/hostess_sv11.c | 6 +++--- - drivers/net/wan/sbni.c | 4 ++-- - drivers/net/wan/sealevel.c | 8 ++++---- - 4 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/drivers/net/wan/cosa.c b/drivers/net/wan/cosa.c -index 4ca71bca39ac..6ea16260ec76 100644 ---- a/drivers/net/wan/cosa.c -+++ b/drivers/net/wan/cosa.c -@@ -232,11 +232,11 @@ static int irq[MAX_CARDS+1] = { -1, -1, -1, -1, -1, -1, 0, }; - static struct class *cosa_class; - - #ifdef MODULE --module_param_array(io, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); - MODULE_PARM_DESC(io, "The I/O bases of the COSA or SRP cards"); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(irq, "The IRQ lines of the COSA or SRP cards"); --module_param_array(dma, int, NULL, 0); -+module_param_hw_array(dma, int, dma, NULL, 0); - MODULE_PARM_DESC(dma, "The DMA channels of the COSA or SRP cards"); - - MODULE_AUTHOR("Jan \"Yenya\" Kasprzak, "); -diff --git a/drivers/net/wan/hostess_sv11.c b/drivers/net/wan/hostess_sv11.c -index dd6bb3364ad2..4de0737fbf8a 100644 ---- a/drivers/net/wan/hostess_sv11.c -+++ b/drivers/net/wan/hostess_sv11.c -@@ -324,11 +324,11 @@ static void sv11_shutdown(struct z8530_dev *dev) - static int io = 0x200; - static int irq = 9; - --module_param(io, int, 0); -+module_param_hw(io, int, ioport, 0); - MODULE_PARM_DESC(io, "The I/O base of the Comtrol Hostess SV11 card"); --module_param(dma, int, 0); -+module_param_hw(dma, int, dma, 0); - MODULE_PARM_DESC(dma, "Set this to 1 to use DMA1/DMA3 for TX/RX"); --module_param(irq, int, 0); -+module_param_hw(irq, int, irq, 0); - MODULE_PARM_DESC(irq, "The interrupt line setting for the Comtrol Hostess SV11 card"); - - MODULE_AUTHOR("Alan Cox"); -diff --git a/drivers/net/wan/sbni.c b/drivers/net/wan/sbni.c -index 3ca3419c54a0..bde8c0339831 100644 ---- a/drivers/net/wan/sbni.c -+++ b/drivers/net/wan/sbni.c -@@ -1463,8 +1463,8 @@ set_multicast_list( struct net_device *dev ) - - - #ifdef MODULE --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - module_param_array(baud, int, NULL, 0); - module_param_array(rxl, int, NULL, 0); - module_param_array(mac, int, NULL, 0); -diff --git a/drivers/net/wan/sealevel.c b/drivers/net/wan/sealevel.c -index fbb5aa2c4d8f..c56f2c252113 100644 ---- a/drivers/net/wan/sealevel.c -+++ b/drivers/net/wan/sealevel.c -@@ -363,13 +363,13 @@ static int rxdma=3; - static int irq=5; - static bool slow=false; - --module_param(io, int, 0); -+module_param_hw(io, int, ioport, 0); - MODULE_PARM_DESC(io, "The I/O base of the Sealevel card"); --module_param(txdma, int, 0); -+module_param_hw(txdma, int, dma, 0); - MODULE_PARM_DESC(txdma, "Transmit DMA channel"); --module_param(rxdma, int, 0); -+module_param_hw(rxdma, int, dma, 0); - MODULE_PARM_DESC(rxdma, "Receive DMA channel"); --module_param(irq, int, 0); -+module_param_hw(irq, int, irq, 0); - MODULE_PARM_DESC(irq, "The interrupt line setting for the SeaLevel card"); - module_param(slow, bool, 0); - MODULE_PARM_DESC(slow, "Set this for an older Sealevel card such as the 4012"); diff --git a/debian/patches/features/all/lockdown/0023-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0023-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 842f06455..000000000 --- a/debian/patches/features/all/lockdown/0023-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:27 +0100 -Subject: [23/62] Annotate hardware config module parameters in - drivers/net/wireless/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=8108f1c7cb7cc32f93f280322f4aa1ba5314a66e - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/net/wireless/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Kalle Valo -cc: linux-wireless@vger.kernel.org -cc: netdev@vger.kernel.org ---- - drivers/net/wireless/cisco/airo.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c -index 4b040451a9b8..1b7e125a28e2 100644 ---- a/drivers/net/wireless/cisco/airo.c -+++ b/drivers/net/wireless/cisco/airo.c -@@ -246,8 +246,8 @@ MODULE_DESCRIPTION("Support for Cisco/Aironet 802.11 wireless ethernet cards. " - "Direct support for ISA/PCI/MPI cards and support for PCMCIA when used with airo_cs."); - MODULE_LICENSE("Dual BSD/GPL"); - MODULE_SUPPORTED_DEVICE("Aironet 4500, 4800 and Cisco 340/350"); --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - module_param_array(rates, int, NULL, 0); - module_param_array(ssids, charp, NULL, 0); - module_param(auto_wep, int, 0); diff --git a/debian/patches/features/all/lockdown/0024-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0024-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 64db79014..000000000 --- a/debian/patches/features/all/lockdown/0024-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,55 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:27 +0100 -Subject: [24/62] Annotate hardware config module parameters in - drivers/parport/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e2450282634057131e64fb8bb83a22e1a9427694 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/parport/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Sudip Mukherjee ---- - drivers/parport/parport_pc.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/parport/parport_pc.c b/drivers/parport/parport_pc.c -index 9d42dfe65d44..5548193a28a6 100644 ---- a/drivers/parport/parport_pc.c -+++ b/drivers/parport/parport_pc.c -@@ -3150,13 +3150,13 @@ static char *irq[PARPORT_PC_MAX_PORTS]; - static char *dma[PARPORT_PC_MAX_PORTS]; - - MODULE_PARM_DESC(io, "Base I/O address (SPP regs)"); --module_param_array(io, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); - MODULE_PARM_DESC(io_hi, "Base I/O address (ECR)"); --module_param_array(io_hi, int, NULL, 0); -+module_param_hw_array(io_hi, int, ioport, NULL, 0); - MODULE_PARM_DESC(irq, "IRQ line"); --module_param_array(irq, charp, NULL, 0); -+module_param_hw_array(irq, charp, irq, NULL, 0); - MODULE_PARM_DESC(dma, "DMA channel"); --module_param_array(dma, charp, NULL, 0); -+module_param_hw_array(dma, charp, dma, NULL, 0); - #if defined(CONFIG_PARPORT_PC_SUPERIO) || \ - (defined(CONFIG_PARPORT_1284) && defined(CONFIG_PARPORT_PC_FIFO)) - MODULE_PARM_DESC(verbose_probing, "Log chit-chat during initialisation"); diff --git a/debian/patches/features/all/lockdown/0025-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0025-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index c00449ad8..000000000 --- a/debian/patches/features/all/lockdown/0025-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:27 +0100 -Subject: [25/62] Annotate hardware config module parameters in - drivers/pci/hotplug/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=683739ab2441e5a3c530bee7d7c79f13a38bb425 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/pci/hotplug/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -Acked-by: Bjorn Helgaas -cc: Scott Murray -cc: linux-pci@vger.kernel.org ---- - drivers/pci/hotplug/cpcihp_generic.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/pci/hotplug/cpcihp_generic.c b/drivers/pci/hotplug/cpcihp_generic.c -index 88a44a707b96..bbf9cf8aeaad 100644 ---- a/drivers/pci/hotplug/cpcihp_generic.c -+++ b/drivers/pci/hotplug/cpcihp_generic.c -@@ -220,7 +220,7 @@ module_param(first_slot, byte, 0); - MODULE_PARM_DESC(first_slot, "Hotswap bus first slot number"); - module_param(last_slot, byte, 0); - MODULE_PARM_DESC(last_slot, "Hotswap bus last slot number"); --module_param(port, ushort, 0); -+module_param_hw(port, ushort, ioport, 0); - MODULE_PARM_DESC(port, "#ENUM signal I/O port"); - module_param(enum_bit, uint, 0); - MODULE_PARM_DESC(enum_bit, "#ENUM signal bit (0-7)"); diff --git a/debian/patches/features/all/lockdown/0026-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0026-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 0c35057d1..000000000 --- a/debian/patches/features/all/lockdown/0026-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,75 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:27 +0100 -Subject: [26/62] Annotate hardware config module parameters in drivers/pcmcia/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=abc3baae64c4956fd6d5b1b2b0d78cdc75fb8765 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/pcmcia/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: linux-pcmcia@lists.infradead.org ---- - drivers/pcmcia/i82365.c | 8 ++++---- - drivers/pcmcia/tcic.c | 8 ++++---- - 2 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/drivers/pcmcia/i82365.c b/drivers/pcmcia/i82365.c -index eb0d80a429e4..fb38cc01859f 100644 ---- a/drivers/pcmcia/i82365.c -+++ b/drivers/pcmcia/i82365.c -@@ -108,12 +108,12 @@ static int async_clock = -1; - static int cable_mode = -1; - static int wakeup = 0; - --module_param(i365_base, ulong, 0444); -+module_param_hw(i365_base, ulong, ioport, 0444); - module_param(ignore, int, 0444); - module_param(extra_sockets, int, 0444); --module_param(irq_mask, int, 0444); --module_param_array(irq_list, int, &irq_list_count, 0444); --module_param(cs_irq, int, 0444); -+module_param_hw(irq_mask, int, other, 0444); -+module_param_hw_array(irq_list, int, irq, &irq_list_count, 0444); -+module_param_hw(cs_irq, int, irq, 0444); - module_param(async_clock, int, 0444); - module_param(cable_mode, int, 0444); - module_param(wakeup, int, 0444); -diff --git a/drivers/pcmcia/tcic.c b/drivers/pcmcia/tcic.c -index 1ee63e5f0550..a1ac72d51d70 100644 ---- a/drivers/pcmcia/tcic.c -+++ b/drivers/pcmcia/tcic.c -@@ -85,12 +85,12 @@ static int poll_quick = HZ/20; - /* CCLK external clock time, in nanoseconds. 70 ns = 14.31818 MHz */ - static int cycle_time = 70; - --module_param(tcic_base, ulong, 0444); -+module_param_hw(tcic_base, ulong, ioport, 0444); - module_param(ignore, int, 0444); - module_param(do_scan, int, 0444); --module_param(irq_mask, int, 0444); --module_param_array(irq_list, int, &irq_list_count, 0444); --module_param(cs_irq, int, 0444); -+module_param_hw(irq_mask, int, other, 0444); -+module_param_hw_array(irq_list, int, irq, &irq_list_count, 0444); -+module_param_hw(cs_irq, int, irq, 0444); - module_param(poll_interval, int, 0444); - module_param(poll_quick, int, 0444); - module_param(cycle_time, int, 0444); diff --git a/debian/patches/features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch index cc6ed9853..dba4d7a06 100644 --- a/debian/patches/features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch +++ b/debian/patches/features/all/lockdown/0027-Annotate-hardware-config-module-parameters-in-driver.patch @@ -1,7 +1,8 @@ From: David Howells -Date: Tue, 4 Apr 2017 16:54:27 +0100 -Subject: [27/62] Annotate hardware config module parameters in drivers/scsi/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=e3d6517827cdca4e24f36d50df94b0241e91ae8a +Date: Tue, 4 Apr 2017 16:54:28 +0100 +Subject: [27/61] Annotate hardware config module parameters in + drivers/staging/media/ +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=db33ab46d89c69211f56940278c394067fe6876e When the kernel is running in secure boot mode, we lock down the kernel to prevent userspace from modifying the running kernel image. Whilst this @@ -21,111 +22,31 @@ drivers have viable defaults set in case parameters aren't specified and some drivers support automatic configuration (e.g. PNP or PCI) in addition to manually coded parameters. -This patch annotates drivers in drivers/scsi/. +This patch annotates drivers in drivers/staging/media/. Suggested-by: Alan Cox Signed-off-by: David Howells -cc: "Juergen E. Fischer" -cc: "James E.J. Bottomley" -cc: "Martin K. Petersen" -cc: Dario Ballabio -cc: Finn Thain -cc: Michael Schmitz -cc: Achim Leubner -cc: linux-scsi@vger.kernel.org +cc: Mauro Carvalho Chehab +cc: Greg Kroah-Hartman +cc: linux-media@vger.kernel.org +cc: devel@driverdev.osuosl.org +[bwh: For 4.12, fix up filename and permission format] --- - drivers/scsi/aha152x.c | 4 ++-- - drivers/scsi/aha1542.c | 2 +- - drivers/scsi/g_NCR5380.c | 8 ++++---- - drivers/scsi/gdth.c | 2 +- - drivers/scsi/qlogicfas.c | 4 ++-- - 5 files changed, 10 insertions(+), 10 deletions(-) + drivers/media/rc/sir_ir.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) -diff --git a/drivers/scsi/aha152x.c b/drivers/scsi/aha152x.c -index f44d0487236e..ce5dc73d85bb 100644 ---- a/drivers/scsi/aha152x.c -+++ b/drivers/scsi/aha152x.c -@@ -331,11 +331,11 @@ MODULE_LICENSE("GPL"); - #if !defined(PCMCIA) - #if defined(MODULE) - static int io[] = {0, 0}; --module_param_array(io, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); - MODULE_PARM_DESC(io,"base io address of controller"); +--- a/drivers/media/rc/sir_ir.c ++++ b/drivers/media/rc/sir_ir.c +@@ -434,10 +434,10 @@ MODULE_DESCRIPTION("Infrared receiver dr + MODULE_AUTHOR("Milan Pikula"); + MODULE_LICENSE("GPL"); - static int irq[] = {0, 0}; --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(irq,"interrupt for controller"); +-module_param(io, int, 0444); ++module_param_hw(io, int, ioport, 0444); + MODULE_PARM_DESC(io, "I/O address base (0x3f8 or 0x2f8)"); - static int scsiid[] = {7, 7}; -diff --git a/drivers/scsi/aha1542.c b/drivers/scsi/aha1542.c -index 7db448ec8beb..a23cc9ac5acd 100644 ---- a/drivers/scsi/aha1542.c -+++ b/drivers/scsi/aha1542.c -@@ -31,7 +31,7 @@ module_param(isapnp, bool, 0); - MODULE_PARM_DESC(isapnp, "enable PnP support (default=1)"); - - static int io[MAXBOARDS] = { 0x330, 0x334, 0, 0 }; --module_param_array(io, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); - MODULE_PARM_DESC(io, "base IO address of controller (0x130,0x134,0x230,0x234,0x330,0x334, default=0x330,0x334)"); - - /* time AHA spends on the AT-bus during data transfer */ -diff --git a/drivers/scsi/g_NCR5380.c b/drivers/scsi/g_NCR5380.c -index 67c8dac321ad..c34fc91ba486 100644 ---- a/drivers/scsi/g_NCR5380.c -+++ b/drivers/scsi/g_NCR5380.c -@@ -85,8 +85,8 @@ static int ncr_53c400; - static int ncr_53c400a; - static int dtc_3181e; - static int hp_c2502; --module_param(ncr_irq, int, 0); --module_param(ncr_addr, int, 0); -+module_param_hw(ncr_irq, int, irq, 0); -+module_param_hw(ncr_addr, int, ioport, 0); - module_param(ncr_5380, int, 0); - module_param(ncr_53c400, int, 0); - module_param(ncr_53c400a, int, 0); -@@ -94,11 +94,11 @@ module_param(dtc_3181e, int, 0); - module_param(hp_c2502, int, 0); - - static int irq[] = { -1, -1, -1, -1, -1, -1, -1, -1 }; --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(irq, "IRQ number(s) (0=none, 254=auto [default])"); - - static int base[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; --module_param_array(base, int, NULL, 0); -+module_param_hw_array(base, int, ioport, NULL, 0); - MODULE_PARM_DESC(base, "base address(es)"); - - static int card[] = { -1, -1, -1, -1, -1, -1, -1, -1 }; -diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c -index d020a13646ae..facc7271f932 100644 ---- a/drivers/scsi/gdth.c -+++ b/drivers/scsi/gdth.c -@@ -353,7 +353,7 @@ static int probe_eisa_isa = 0; - static int force_dma32 = 0; - - /* parameters for modprobe/insmod */ --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - module_param(disable, int, 0); - module_param(reserve_mode, int, 0); - module_param_array(reserve_list, int, NULL, 0); -diff --git a/drivers/scsi/qlogicfas.c b/drivers/scsi/qlogicfas.c -index 61cac87fb86f..840823b99e51 100644 ---- a/drivers/scsi/qlogicfas.c -+++ b/drivers/scsi/qlogicfas.c -@@ -137,8 +137,8 @@ static struct Scsi_Host *__qlogicfas_detect(struct scsi_host_template *host, - static struct qlogicfas408_priv *cards; - static int iobase[MAX_QLOGICFAS]; - static int irq[MAX_QLOGICFAS] = { [0 ... MAX_QLOGICFAS-1] = -1 }; --module_param_array(iobase, int, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(iobase, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - MODULE_PARM_DESC(iobase, "I/O address"); - MODULE_PARM_DESC(irq, "IRQ"); +-module_param(irq, int, 0444); ++module_param_hw(irq, int, irq, 0444); + MODULE_PARM_DESC(irq, "Interrupt (4 or 3)"); + module_param(threshold, int, 0444); diff --git a/debian/patches/features/all/lockdown/0028-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0028-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 2ec69034b..000000000 --- a/debian/patches/features/all/lockdown/0028-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:28 +0100 -Subject: [28/62] Annotate hardware config module parameters in - drivers/staging/media/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=db33ab46d89c69211f56940278c394067fe6876e - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/staging/media/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Mauro Carvalho Chehab -cc: Greg Kroah-Hartman -cc: linux-media@vger.kernel.org -cc: devel@driverdev.osuosl.org ---- - drivers/staging/media/lirc/lirc_sir.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/staging/media/lirc/lirc_sir.c b/drivers/staging/media/lirc/lirc_sir.c -index c6c3de94adaa..dde46dd8cabb 100644 ---- a/drivers/staging/media/lirc/lirc_sir.c -+++ b/drivers/staging/media/lirc/lirc_sir.c -@@ -826,10 +826,10 @@ MODULE_AUTHOR("Milan Pikula"); - #endif - MODULE_LICENSE("GPL"); - --module_param(io, int, S_IRUGO); -+module_param_hw(io, int, ioport, S_IRUGO); - MODULE_PARM_DESC(io, "I/O address base (0x3f8 or 0x2f8)"); - --module_param(irq, int, S_IRUGO); -+module_param_hw(irq, int, irq, S_IRUGO); - MODULE_PARM_DESC(irq, "Interrupt (4 or 3)"); - - module_param(threshold, int, S_IRUGO); diff --git a/debian/patches/features/all/lockdown/0029-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0029-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index c2fe660a4..000000000 --- a/debian/patches/features/all/lockdown/0029-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,76 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:28 +0100 -Subject: [29/62] Annotate hardware config module parameters in - drivers/staging/speakup/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=1f78a159fa613a2d95754c1e3ea067c749aeb509 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/staging/speakup/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Greg Kroah-Hartman -cc: speakup@linux-speakup.org -cc: devel@driverdev.osuosl.org ---- - drivers/staging/speakup/speakup_acntpc.c | 2 +- - drivers/staging/speakup/speakup_dtlk.c | 2 +- - drivers/staging/speakup/speakup_keypc.c | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/drivers/staging/speakup/speakup_acntpc.c b/drivers/staging/speakup/speakup_acntpc.c -index c7fab261d860..b6fbf9de1f85 100644 ---- a/drivers/staging/speakup/speakup_acntpc.c -+++ b/drivers/staging/speakup/speakup_acntpc.c -@@ -307,7 +307,7 @@ static void accent_release(void) - speakup_info.port_tts = 0; - } - --module_param_named(port, port_forced, int, 0444); -+module_param_hw_named(port, port_forced, int, ioport, 0444); - module_param_named(start, synth_acntpc.startup, short, 0444); - - MODULE_PARM_DESC(port, "Set the port for the synthesizer (override probing)."); -diff --git a/drivers/staging/speakup/speakup_dtlk.c b/drivers/staging/speakup/speakup_dtlk.c -index e2bf20806d8d..9c097fda07b0 100644 ---- a/drivers/staging/speakup/speakup_dtlk.c -+++ b/drivers/staging/speakup/speakup_dtlk.c -@@ -378,7 +378,7 @@ static void dtlk_release(void) - speakup_info.port_tts = 0; - } - --module_param_named(port, port_forced, int, 0444); -+module_param_hw_named(port, port_forced, int, ioport, 0444); - module_param_named(start, synth_dtlk.startup, short, 0444); - - MODULE_PARM_DESC(port, "Set the port for the synthesizer (override probing)."); -diff --git a/drivers/staging/speakup/speakup_keypc.c b/drivers/staging/speakup/speakup_keypc.c -index 10f4964782e2..e653b52175b8 100644 ---- a/drivers/staging/speakup/speakup_keypc.c -+++ b/drivers/staging/speakup/speakup_keypc.c -@@ -309,7 +309,7 @@ static void keynote_release(void) - synth_port = 0; - } - --module_param_named(port, port_forced, int, 0444); -+module_param_hw_named(port, port_forced, int, ioport, 0444); - module_param_named(start, synth_keypc.startup, short, 0444); - - MODULE_PARM_DESC(port, "Set the port for the synthesizer (override probing)."); diff --git a/debian/patches/features/all/lockdown/0030-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0030-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 2b9ef64d9..000000000 --- a/debian/patches/features/all/lockdown/0030-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:28 +0100 -Subject: [30/62] Annotate hardware config module parameters in - drivers/staging/vme/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=ae1779570a11610bc25974a9574e2cbc29ba1508 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/staging/vme/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Martyn Welch -cc: Manohar Vanga -cc: Greg Kroah-Hartman -cc: devel@driverdev.osuosl.org ---- - drivers/staging/vme/devices/vme_pio2_core.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/staging/vme/devices/vme_pio2_core.c b/drivers/staging/vme/devices/vme_pio2_core.c -index 20a2d835fdaa..367535b4b77f 100644 ---- a/drivers/staging/vme/devices/vme_pio2_core.c -+++ b/drivers/staging/vme/devices/vme_pio2_core.c -@@ -466,16 +466,16 @@ static void __exit pio2_exit(void) - - /* These are required for each board */ - MODULE_PARM_DESC(bus, "Enumeration of VMEbus to which the board is connected"); --module_param_array(bus, int, &bus_num, 0444); -+module_param_hw_array(bus, int, other, &bus_num, 0444); - - MODULE_PARM_DESC(base, "Base VME address for PIO2 Registers"); --module_param_array(base, long, &base_num, 0444); -+module_param_hw_array(base, long, other, &base_num, 0444); - - MODULE_PARM_DESC(vector, "VME IRQ Vector (Lower 4 bits masked)"); --module_param_array(vector, int, &vector_num, 0444); -+module_param_hw_array(vector, int, other, &vector_num, 0444); - - MODULE_PARM_DESC(level, "VME IRQ Level"); --module_param_array(level, int, &level_num, 0444); -+module_param_hw_array(level, int, other, &level_num, 0444); - - MODULE_PARM_DESC(variant, "Last 4 characters of PIO2 board variant"); - module_param_array(variant, charp, &variant_num, 0444); diff --git a/debian/patches/features/all/lockdown/0031-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0031-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 85ac44bbd..000000000 --- a/debian/patches/features/all/lockdown/0031-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,144 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:29 +0100 -Subject: [31/62] Annotate hardware config module parameters in drivers/tty/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=87194408fc816138aa4900548202ad45d5816b54 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/tty/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Greg Kroah-Hartman -cc: Jiri Slaby -cc: linux-serial@vger.kernel.org ---- - drivers/tty/cyclades.c | 4 ++-- - drivers/tty/moxa.c | 2 +- - drivers/tty/mxser.c | 2 +- - drivers/tty/rocket.c | 10 +++++----- - drivers/tty/serial/8250/8250_core.c | 4 ++-- - drivers/tty/synclink.c | 6 +++--- - 6 files changed, 14 insertions(+), 14 deletions(-) - -diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c -index 5e4fa9206861..104f09c58163 100644 ---- a/drivers/tty/cyclades.c -+++ b/drivers/tty/cyclades.c -@@ -156,8 +156,8 @@ static unsigned int cy_isa_addresses[] = { - static long maddr[NR_CARDS]; - static int irq[NR_CARDS]; - --module_param_array(maddr, long, NULL, 0); --module_param_array(irq, int, NULL, 0); -+module_param_hw_array(maddr, long, iomem, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); - - #endif /* CONFIG_ISA */ - -diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c -index 4caf0c3b1f99..3b251f4e5df0 100644 ---- a/drivers/tty/moxa.c -+++ b/drivers/tty/moxa.c -@@ -179,7 +179,7 @@ MODULE_FIRMWARE("c320tunx.cod"); - - module_param_array(type, uint, NULL, 0); - MODULE_PARM_DESC(type, "card type: C218=2, C320=4"); --module_param_array(baseaddr, ulong, NULL, 0); -+module_param_hw_array(baseaddr, ulong, ioport, NULL, 0); - MODULE_PARM_DESC(baseaddr, "base address"); - module_param_array(numports, uint, NULL, 0); - MODULE_PARM_DESC(numports, "numports (ignored for C218)"); -diff --git a/drivers/tty/mxser.c b/drivers/tty/mxser.c -index 7b8f383fb090..8bd6fb6d9391 100644 ---- a/drivers/tty/mxser.c -+++ b/drivers/tty/mxser.c -@@ -183,7 +183,7 @@ static int ttymajor = MXSERMAJOR; - - MODULE_AUTHOR("Casper Yang"); - MODULE_DESCRIPTION("MOXA Smartio/Industio Family Multiport Board Device Driver"); --module_param_array(ioaddr, ulong, NULL, 0); -+module_param_hw_array(ioaddr, ulong, ioport, NULL, 0); - MODULE_PARM_DESC(ioaddr, "ISA io addresses to look for a moxa board"); - module_param(ttymajor, int, 0); - MODULE_LICENSE("GPL"); -diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c -index d66c1edd9892..b51a877da986 100644 ---- a/drivers/tty/rocket.c -+++ b/drivers/tty/rocket.c -@@ -250,15 +250,15 @@ static int sReadAiopNumChan(WordIO_t io); - - MODULE_AUTHOR("Theodore Ts'o"); - MODULE_DESCRIPTION("Comtrol RocketPort driver"); --module_param(board1, ulong, 0); -+module_param_hw(board1, ulong, ioport, 0); - MODULE_PARM_DESC(board1, "I/O port for (ISA) board #1"); --module_param(board2, ulong, 0); -+module_param_hw(board2, ulong, ioport, 0); - MODULE_PARM_DESC(board2, "I/O port for (ISA) board #2"); --module_param(board3, ulong, 0); -+module_param_hw(board3, ulong, ioport, 0); - MODULE_PARM_DESC(board3, "I/O port for (ISA) board #3"); --module_param(board4, ulong, 0); -+module_param_hw(board4, ulong, ioport, 0); - MODULE_PARM_DESC(board4, "I/O port for (ISA) board #4"); --module_param(controller, ulong, 0); -+module_param_hw(controller, ulong, ioport, 0); - MODULE_PARM_DESC(controller, "I/O port for (ISA) rocketport controller"); - module_param(support_low_speed, bool, 0); - MODULE_PARM_DESC(support_low_speed, "1 means support 50 baud, 0 means support 460400 baud"); -diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c -index 76e03a7de9cc..89fde17d9617 100644 ---- a/drivers/tty/serial/8250/8250_core.c -+++ b/drivers/tty/serial/8250/8250_core.c -@@ -1191,7 +1191,7 @@ module_exit(serial8250_exit); - MODULE_LICENSE("GPL"); - MODULE_DESCRIPTION("Generic 8250/16x50 serial driver"); - --module_param(share_irqs, uint, 0644); -+module_param_hw(share_irqs, uint, other, 0644); - MODULE_PARM_DESC(share_irqs, "Share IRQs with other non-8250/16x50 devices (unsafe)"); - - module_param(nr_uarts, uint, 0644); -@@ -1201,7 +1201,7 @@ module_param(skip_txen_test, uint, 0644); - MODULE_PARM_DESC(skip_txen_test, "Skip checking for the TXEN bug at init time"); - - #ifdef CONFIG_SERIAL_8250_RSA --module_param_array(probe_rsa, ulong, &probe_rsa_count, 0444); -+module_param_hw_array(probe_rsa, ulong, ioport, &probe_rsa_count, 0444); - MODULE_PARM_DESC(probe_rsa, "Probe I/O ports for RSA"); - #endif - MODULE_ALIAS_CHARDEV_MAJOR(TTY_MAJOR); -diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c -index 657eed82eeb3..a2c308f7d637 100644 ---- a/drivers/tty/synclink.c -+++ b/drivers/tty/synclink.c -@@ -869,9 +869,9 @@ static int txholdbufs[MAX_TOTAL_DEVICES]; - - module_param(break_on_load, bool, 0); - module_param(ttymajor, int, 0); --module_param_array(io, int, NULL, 0); --module_param_array(irq, int, NULL, 0); --module_param_array(dma, int, NULL, 0); -+module_param_hw_array(io, int, ioport, NULL, 0); -+module_param_hw_array(irq, int, irq, NULL, 0); -+module_param_hw_array(dma, int, dma, NULL, 0); - module_param(debug_level, int, 0); - module_param_array(maxframe, int, NULL, 0); - module_param_array(txdmabufs, int, NULL, 0); diff --git a/debian/patches/features/all/lockdown/0032-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0032-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index 5bd485842..000000000 --- a/debian/patches/features/all/lockdown/0032-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,80 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:29 +0100 -Subject: [32/62] Annotate hardware config module parameters in drivers/video/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=1692fe8ef6a9f19be6c4943dda5d67f31ea0f561 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/video/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Jaya Kumar -cc: Tomi Valkeinen -cc: linux-fbdev@vger.kernel.org ---- - drivers/video/fbdev/arcfb.c | 8 ++++---- - drivers/video/fbdev/n411.c | 6 +++--- - 2 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/drivers/video/fbdev/arcfb.c b/drivers/video/fbdev/arcfb.c -index 1928cb2b5386..7e87d0d61658 100644 ---- a/drivers/video/fbdev/arcfb.c -+++ b/drivers/video/fbdev/arcfb.c -@@ -645,17 +645,17 @@ module_param(nosplash, uint, 0); - MODULE_PARM_DESC(nosplash, "Disable doing the splash screen"); - module_param(arcfb_enable, uint, 0); - MODULE_PARM_DESC(arcfb_enable, "Enable communication with Arc board"); --module_param(dio_addr, ulong, 0); -+module_param_hw(dio_addr, ulong, ioport, 0); - MODULE_PARM_DESC(dio_addr, "IO address for data, eg: 0x480"); --module_param(cio_addr, ulong, 0); -+module_param_hw(cio_addr, ulong, ioport, 0); - MODULE_PARM_DESC(cio_addr, "IO address for control, eg: 0x400"); --module_param(c2io_addr, ulong, 0); -+module_param_hw(c2io_addr, ulong, ioport, 0); - MODULE_PARM_DESC(c2io_addr, "IO address for secondary control, eg: 0x408"); - module_param(splashval, ulong, 0); - MODULE_PARM_DESC(splashval, "Splash pattern: 0xFF is black, 0x00 is green"); - module_param(tuhold, ulong, 0); - MODULE_PARM_DESC(tuhold, "Time to hold between strobing data to Arc board"); --module_param(irq, uint, 0); -+module_param_hw(irq, uint, irq, 0); - MODULE_PARM_DESC(irq, "IRQ for the Arc board"); - - module_init(arcfb_init); -diff --git a/drivers/video/fbdev/n411.c b/drivers/video/fbdev/n411.c -index 053deacad7cc..a3677313396e 100644 ---- a/drivers/video/fbdev/n411.c -+++ b/drivers/video/fbdev/n411.c -@@ -193,11 +193,11 @@ module_exit(n411_exit); - - module_param(nosplash, uint, 0); - MODULE_PARM_DESC(nosplash, "Disable doing the splash screen"); --module_param(dio_addr, ulong, 0); -+module_param_hw(dio_addr, ulong, ioport, 0); - MODULE_PARM_DESC(dio_addr, "IO address for data, eg: 0x480"); --module_param(cio_addr, ulong, 0); -+module_param_hw(cio_addr, ulong, ioport, 0); - MODULE_PARM_DESC(cio_addr, "IO address for control, eg: 0x400"); --module_param(c2io_addr, ulong, 0); -+module_param_hw(c2io_addr, ulong, ioport, 0); - MODULE_PARM_DESC(c2io_addr, "IO address for secondary control, eg: 0x408"); - module_param(splashval, ulong, 0); - MODULE_PARM_DESC(splashval, "Splash pattern: 0x00 is black, 0x01 is white"); diff --git a/debian/patches/features/all/lockdown/0033-Annotate-hardware-config-module-parameters-in-driver.patch b/debian/patches/features/all/lockdown/0033-Annotate-hardware-config-module-parameters-in-driver.patch deleted file mode 100644 index db39200c2..000000000 --- a/debian/patches/features/all/lockdown/0033-Annotate-hardware-config-module-parameters-in-driver.patch +++ /dev/null @@ -1,111 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:29 +0100 -Subject: [33/62] Annotate hardware config module parameters in - drivers/watchdog/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=6664038216d98a13d389bc26dfb70859e2c9f9f7 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in drivers/watchdog/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -Reviewed-by: Guenter Roeck -cc: Wim Van Sebroeck -cc: Zwane Mwaikambo -cc: linux-watchdog@vger.kernel.org ---- - drivers/watchdog/cpu5wdt.c | 2 +- - drivers/watchdog/eurotechwdt.c | 4 ++-- - drivers/watchdog/pc87413_wdt.c | 2 +- - drivers/watchdog/sc1200wdt.c | 2 +- - drivers/watchdog/wdt.c | 4 ++-- - 5 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/drivers/watchdog/cpu5wdt.c b/drivers/watchdog/cpu5wdt.c -index 6d03e8e30f8b..6c3f78e45c26 100644 ---- a/drivers/watchdog/cpu5wdt.c -+++ b/drivers/watchdog/cpu5wdt.c -@@ -289,7 +289,7 @@ MODULE_DESCRIPTION("sma cpu5 watchdog driver"); - MODULE_SUPPORTED_DEVICE("sma cpu5 watchdog"); - MODULE_LICENSE("GPL"); - --module_param(port, int, 0); -+module_param_hw(port, int, ioport, 0); - MODULE_PARM_DESC(port, "base address of watchdog card, default is 0x91"); - - module_param(verbose, int, 0); -diff --git a/drivers/watchdog/eurotechwdt.c b/drivers/watchdog/eurotechwdt.c -index 23ee53240c4c..38e96712264f 100644 ---- a/drivers/watchdog/eurotechwdt.c -+++ b/drivers/watchdog/eurotechwdt.c -@@ -97,9 +97,9 @@ MODULE_PARM_DESC(nowayout, - #define WDT_TIMER_CFG 0xf3 - - --module_param(io, int, 0); -+module_param_hw(io, int, ioport, 0); - MODULE_PARM_DESC(io, "Eurotech WDT io port (default=0x3f0)"); --module_param(irq, int, 0); -+module_param_hw(irq, int, irq, 0); - MODULE_PARM_DESC(irq, "Eurotech WDT irq (default=10)"); - module_param(ev, charp, 0); - MODULE_PARM_DESC(ev, "Eurotech WDT event type (default is `int')"); -diff --git a/drivers/watchdog/pc87413_wdt.c b/drivers/watchdog/pc87413_wdt.c -index 9f15dd9435d1..06a892e36a8d 100644 ---- a/drivers/watchdog/pc87413_wdt.c -+++ b/drivers/watchdog/pc87413_wdt.c -@@ -579,7 +579,7 @@ MODULE_AUTHOR("Marcus Junker "); - MODULE_DESCRIPTION("PC87413 WDT driver"); - MODULE_LICENSE("GPL"); - --module_param(io, int, 0); -+module_param_hw(io, int, ioport, 0); - MODULE_PARM_DESC(io, MODNAME " I/O port (default: " - __MODULE_STRING(IO_DEFAULT) ")."); - -diff --git a/drivers/watchdog/sc1200wdt.c b/drivers/watchdog/sc1200wdt.c -index 131193a7acdf..b34d3d5ba632 100644 ---- a/drivers/watchdog/sc1200wdt.c -+++ b/drivers/watchdog/sc1200wdt.c -@@ -88,7 +88,7 @@ MODULE_PARM_DESC(isapnp, - "When set to 0 driver ISA PnP support will be disabled"); - #endif - --module_param(io, int, 0); -+module_param_hw(io, int, ioport, 0); - MODULE_PARM_DESC(io, "io port"); - module_param(timeout, int, 0); - MODULE_PARM_DESC(timeout, "range is 0-255 minutes, default is 1"); -diff --git a/drivers/watchdog/wdt.c b/drivers/watchdog/wdt.c -index e0206b5b7d89..e481fbbc4ae7 100644 ---- a/drivers/watchdog/wdt.c -+++ b/drivers/watchdog/wdt.c -@@ -78,9 +78,9 @@ static int irq = 11; - - static DEFINE_SPINLOCK(wdt_lock); - --module_param(io, int, 0); -+module_param_hw(io, int, ioport, 0); - MODULE_PARM_DESC(io, "WDT io port (default=0x240)"); --module_param(irq, int, 0); -+module_param_hw(irq, int, irq, 0); - MODULE_PARM_DESC(irq, "WDT irq (default=11)"); - - /* Support for the Fan Tachometer on the WDT501-P */ diff --git a/debian/patches/features/all/lockdown/0034-Annotate-hardware-config-module-parameters-in-fs-pst.patch b/debian/patches/features/all/lockdown/0034-Annotate-hardware-config-module-parameters-in-fs-pst.patch deleted file mode 100644 index c2db1b762..000000000 --- a/debian/patches/features/all/lockdown/0034-Annotate-hardware-config-module-parameters-in-fs-pst.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:29 +0100 -Subject: [34/62] Annotate hardware config module parameters in fs/pstore/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=b68845c3946ffaf3fa58bb156c908a4e4531dcd9 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in fs/pstore/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Anton Vorontsov -cc: Colin Cross -cc: Kees Cook -cc: Tony Luck ---- - fs/pstore/ram.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c -index 11f918d34b1e..cce1d38417ca 100644 ---- a/fs/pstore/ram.c -+++ b/fs/pstore/ram.c -@@ -58,7 +58,7 @@ module_param_named(pmsg_size, ramoops_pmsg_size, ulong, 0400); - MODULE_PARM_DESC(pmsg_size, "size of user space message log"); - - static unsigned long long mem_address; --module_param(mem_address, ullong, 0400); -+module_param_hw(mem_address, ullong, other, 0400); - MODULE_PARM_DESC(mem_address, - "start of reserved RAM used to store oops/panic logs"); - diff --git a/debian/patches/features/all/lockdown/0035-Annotate-hardware-config-module-parameters-in-sound-.patch b/debian/patches/features/all/lockdown/0035-Annotate-hardware-config-module-parameters-in-sound-.patch deleted file mode 100644 index f45d36d28..000000000 --- a/debian/patches/features/all/lockdown/0035-Annotate-hardware-config-module-parameters-in-sound-.patch +++ /dev/null @@ -1,84 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:30 +0100 -Subject: [35/62] Annotate hardware config module parameters in sound/drivers/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=75c07d4b39cebaebd1d185077c4d062036e7b967 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in sound/drivers/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Jaroslav Kysela -cc: Takashi Iwai -cc: alsa-devel@alsa-project.org ---- - sound/drivers/mpu401/mpu401.c | 4 ++-- - sound/drivers/mtpav.c | 4 ++-- - sound/drivers/serial-u16550.c | 4 ++-- - 3 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/sound/drivers/mpu401/mpu401.c b/sound/drivers/mpu401/mpu401.c -index fed7e7e2177b..9b86e00d7d95 100644 ---- a/sound/drivers/mpu401/mpu401.c -+++ b/sound/drivers/mpu401/mpu401.c -@@ -53,9 +53,9 @@ MODULE_PARM_DESC(enable, "Enable MPU-401 device."); - module_param_array(pnp, bool, NULL, 0444); - MODULE_PARM_DESC(pnp, "PnP detection for MPU-401 device."); - #endif --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for MPU-401 device."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for MPU-401 device."); - module_param_array(uart_enter, bool, NULL, 0444); - MODULE_PARM_DESC(uart_enter, "Issue UART_ENTER command at open."); -diff --git a/sound/drivers/mtpav.c b/sound/drivers/mtpav.c -index 00b31f92c504..0f6392001e30 100644 ---- a/sound/drivers/mtpav.c -+++ b/sound/drivers/mtpav.c -@@ -86,9 +86,9 @@ module_param(index, int, 0444); - MODULE_PARM_DESC(index, "Index value for MotuMTPAV MIDI."); - module_param(id, charp, 0444); - MODULE_PARM_DESC(id, "ID string for MotuMTPAV MIDI."); --module_param(port, long, 0444); -+module_param_hw(port, long, ioport, 0444); - MODULE_PARM_DESC(port, "Parallel port # for MotuMTPAV MIDI."); --module_param(irq, int, 0444); -+module_param_hw(irq, int, irq, 0444); - MODULE_PARM_DESC(irq, "Parallel IRQ # for MotuMTPAV MIDI."); - module_param(hwports, int, 0444); - MODULE_PARM_DESC(hwports, "Hardware ports # for MotuMTPAV MIDI."); -diff --git a/sound/drivers/serial-u16550.c b/sound/drivers/serial-u16550.c -index 60d51ac4ccfe..88e66ea0306d 100644 ---- a/sound/drivers/serial-u16550.c -+++ b/sound/drivers/serial-u16550.c -@@ -84,9 +84,9 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for Serial MIDI."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable UART16550A chip."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for UART16550A chip."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for UART16550A chip."); - module_param_array(speed, int, NULL, 0444); - MODULE_PARM_DESC(speed, "Speed in bauds."); diff --git a/debian/patches/features/all/lockdown/0036-Annotate-hardware-config-module-parameters-in-sound-.patch b/debian/patches/features/all/lockdown/0036-Annotate-hardware-config-module-parameters-in-sound-.patch deleted file mode 100644 index c17e4467f..000000000 --- a/debian/patches/features/all/lockdown/0036-Annotate-hardware-config-module-parameters-in-sound-.patch +++ /dev/null @@ -1,731 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:30 +0100 -Subject: [36/62] Annotate hardware config module parameters in sound/isa/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=b7999a0d338e061fe8319b3860b86efacb12a056 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in sound/isa/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Jaroslav Kysela -cc: Takashi Iwai -cc: alsa-devel@alsa-project.org ---- - sound/isa/ad1848/ad1848.c | 6 +++--- - sound/isa/adlib.c | 2 +- - sound/isa/cmi8328.c | 12 ++++++------ - sound/isa/cmi8330.c | 20 ++++++++++---------- - sound/isa/cs423x/cs4231.c | 12 ++++++------ - sound/isa/cs423x/cs4236.c | 18 +++++++++--------- - sound/isa/es1688/es1688.c | 12 ++++++------ - sound/isa/es18xx.c | 12 ++++++------ - sound/isa/galaxy/galaxy.c | 16 ++++++++-------- - sound/isa/gus/gusclassic.c | 8 ++++---- - sound/isa/gus/gusextreme.c | 16 ++++++++-------- - sound/isa/gus/gusmax.c | 8 ++++---- - sound/isa/gus/interwave.c | 10 +++++----- - sound/isa/msnd/msnd_pinnacle.c | 20 ++++++++++---------- - sound/isa/opl3sa2.c | 16 ++++++++-------- - sound/isa/opti9xx/miro.c | 14 +++++++------- - sound/isa/opti9xx/opti92x-ad1848.c | 14 +++++++------- - sound/isa/sb/jazz16.c | 12 ++++++------ - sound/isa/sb/sb16.c | 14 +++++++------- - sound/isa/sb/sb8.c | 6 +++--- - sound/isa/sc6000.c | 12 ++++++------ - sound/isa/sscape.c | 12 ++++++------ - sound/isa/wavefront/wavefront.c | 18 +++++++++--------- - 23 files changed, 145 insertions(+), 145 deletions(-) - -diff --git a/sound/isa/ad1848/ad1848.c b/sound/isa/ad1848/ad1848.c -index a302d1f8d14f..e739b1c85c25 100644 ---- a/sound/isa/ad1848/ad1848.c -+++ b/sound/isa/ad1848/ad1848.c -@@ -55,11 +55,11 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA1 # for " CRD_NAME " driver."); - module_param_array(thinkpad, bool, NULL, 0444); - MODULE_PARM_DESC(thinkpad, "Enable only for the onboard CS4248 of IBM Thinkpad 360/750/755 series."); -diff --git a/sound/isa/adlib.c b/sound/isa/adlib.c -index 8d3060fd7ad7..5fb619eca5c8 100644 ---- a/sound/isa/adlib.c -+++ b/sound/isa/adlib.c -@@ -27,7 +27,7 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); - - static int snd_adlib_match(struct device *dev, unsigned int n) -diff --git a/sound/isa/cmi8328.c b/sound/isa/cmi8328.c -index 787475084f46..8e1756c3b9bb 100644 ---- a/sound/isa/cmi8328.c -+++ b/sound/isa/cmi8328.c -@@ -51,18 +51,18 @@ MODULE_PARM_DESC(index, "Index value for CMI8328 soundcard."); - module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for CMI8328 soundcard."); - --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for CMI8328 driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for CMI8328 driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA1 for CMI8328 driver."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA2 for CMI8328 driver."); - --module_param_array(mpuport, long, NULL, 0444); -+module_param_hw_array(mpuport, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpuport, "MPU-401 port # for CMI8328 driver."); --module_param_array(mpuirq, int, NULL, 0444); -+module_param_hw_array(mpuirq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpuirq, "IRQ # for CMI8328 MPU-401 port."); - #ifdef SUPPORT_JOYSTICK - module_param_array(gameport, bool, NULL, 0444); -diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c -index dfedfd85f205..f64b29ab5cc7 100644 ---- a/sound/isa/cmi8330.c -+++ b/sound/isa/cmi8330.c -@@ -95,27 +95,27 @@ module_param_array(isapnp, bool, NULL, 0444); - MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); - #endif - --module_param_array(sbport, long, NULL, 0444); -+module_param_hw_array(sbport, long, ioport, NULL, 0444); - MODULE_PARM_DESC(sbport, "Port # for CMI8330/CMI8329 SB driver."); --module_param_array(sbirq, int, NULL, 0444); -+module_param_hw_array(sbirq, int, irq, NULL, 0444); - MODULE_PARM_DESC(sbirq, "IRQ # for CMI8330/CMI8329 SB driver."); --module_param_array(sbdma8, int, NULL, 0444); -+module_param_hw_array(sbdma8, int, dma, NULL, 0444); - MODULE_PARM_DESC(sbdma8, "DMA8 for CMI8330/CMI8329 SB driver."); --module_param_array(sbdma16, int, NULL, 0444); -+module_param_hw_array(sbdma16, int, dma, NULL, 0444); - MODULE_PARM_DESC(sbdma16, "DMA16 for CMI8330/CMI8329 SB driver."); - --module_param_array(wssport, long, NULL, 0444); -+module_param_hw_array(wssport, long, ioport, NULL, 0444); - MODULE_PARM_DESC(wssport, "Port # for CMI8330/CMI8329 WSS driver."); --module_param_array(wssirq, int, NULL, 0444); -+module_param_hw_array(wssirq, int, irq, NULL, 0444); - MODULE_PARM_DESC(wssirq, "IRQ # for CMI8330/CMI8329 WSS driver."); --module_param_array(wssdma, int, NULL, 0444); -+module_param_hw_array(wssdma, int, dma, NULL, 0444); - MODULE_PARM_DESC(wssdma, "DMA for CMI8330/CMI8329 WSS driver."); - --module_param_array(fmport, long, NULL, 0444); -+module_param_hw_array(fmport, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fmport, "FM port # for CMI8330/CMI8329 driver."); --module_param_array(mpuport, long, NULL, 0444); -+module_param_hw_array(mpuport, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpuport, "MPU-401 port # for CMI8330/CMI8329 driver."); --module_param_array(mpuirq, int, NULL, 0444); -+module_param_hw_array(mpuirq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpuirq, "IRQ # for CMI8330/CMI8329 MPU-401 port."); - #ifdef CONFIG_PNP - static int isa_registered; -diff --git a/sound/isa/cs423x/cs4231.c b/sound/isa/cs423x/cs4231.c -index ef7448e9f813..e8edd9017a2f 100644 ---- a/sound/isa/cs423x/cs4231.c -+++ b/sound/isa/cs423x/cs4231.c -@@ -55,17 +55,17 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); --module_param_array(mpu_irq, int, NULL, 0444); -+module_param_hw_array(mpu_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA1 # for " CRD_NAME " driver."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA2 # for " CRD_NAME " driver."); - - static int snd_cs4231_match(struct device *dev, unsigned int n) -diff --git a/sound/isa/cs423x/cs4236.c b/sound/isa/cs423x/cs4236.c -index 9d7582c90a95..1f9a3b2be7a1 100644 ---- a/sound/isa/cs423x/cs4236.c -+++ b/sound/isa/cs423x/cs4236.c -@@ -98,23 +98,23 @@ MODULE_PARM_DESC(enable, "Enable " IDENT " soundcard."); - module_param_array(isapnp, bool, NULL, 0444); - MODULE_PARM_DESC(isapnp, "ISA PnP detection for specified soundcard."); - #endif --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for " IDENT " driver."); --module_param_array(cport, long, NULL, 0444); -+module_param_hw_array(cport, long, ioport, NULL, 0444); - MODULE_PARM_DESC(cport, "Control port # for " IDENT " driver."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " IDENT " driver."); --module_param_array(fm_port, long, NULL, 0444); -+module_param_hw_array(fm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fm_port, "FM port # for " IDENT " driver."); --module_param_array(sb_port, long, NULL, 0444); -+module_param_hw_array(sb_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(sb_port, "SB port # for " IDENT " driver (optional)."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for " IDENT " driver."); --module_param_array(mpu_irq, int, NULL, 0444); -+module_param_hw_array(mpu_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " IDENT " driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA1 # for " IDENT " driver."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA2 # for " IDENT " driver."); - - #ifdef CONFIG_PNP -diff --git a/sound/isa/es1688/es1688.c b/sound/isa/es1688/es1688.c -index 1901c2bb6c3b..36320e7f2789 100644 ---- a/sound/isa/es1688/es1688.c -+++ b/sound/isa/es1688/es1688.c -@@ -71,17 +71,17 @@ module_param_array(isapnp, bool, NULL, 0444); - MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); - #endif - MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver."); --module_param_array(irq, int, NULL, 0444); --module_param_array(fm_port, long, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); -+module_param_hw_array(fm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fm_port, "FM port # for ES1688 driver."); - MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); --module_param_array(mpu_irq, int, NULL, 0444); -+module_param_hw_array(mpu_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver."); --module_param_array(dma8, int, NULL, 0444); -+module_param_hw_array(dma8, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma8, "8-bit DMA # for " CRD_NAME " driver."); - - #ifdef CONFIG_PNP -diff --git a/sound/isa/es18xx.c b/sound/isa/es18xx.c -index 5094b62d8f77..0cabe2b8974f 100644 ---- a/sound/isa/es18xx.c -+++ b/sound/isa/es18xx.c -@@ -1999,17 +1999,17 @@ MODULE_PARM_DESC(enable, "Enable ES18xx soundcard."); - module_param_array(isapnp, bool, NULL, 0444); - MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); - #endif --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for ES18xx driver."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for ES18xx driver."); --module_param_array(fm_port, long, NULL, 0444); -+module_param_hw_array(fm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fm_port, "FM port # for ES18xx driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for ES18xx driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA 1 # for ES18xx driver."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA 2 # for ES18xx driver."); - - #ifdef CONFIG_PNP -diff --git a/sound/isa/galaxy/galaxy.c b/sound/isa/galaxy/galaxy.c -index 379abe2cbeb2..b9994cc9f5fb 100644 ---- a/sound/isa/galaxy/galaxy.c -+++ b/sound/isa/galaxy/galaxy.c -@@ -53,21 +53,21 @@ static int mpu_irq[SNDRV_CARDS] = SNDRV_DEFAULT_IRQ; - static int dma1[SNDRV_CARDS] = SNDRV_DEFAULT_DMA; - static int dma2[SNDRV_CARDS] = SNDRV_DEFAULT_DMA; - --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); --module_param_array(wss_port, long, NULL, 0444); -+module_param_hw_array(wss_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(wss_port, "WSS port # for " CRD_NAME " driver."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver."); --module_param_array(fm_port, long, NULL, 0444); -+module_param_hw_array(fm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fm_port, "FM port # for " CRD_NAME " driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); --module_param_array(mpu_irq, int, NULL, 0444); -+module_param_hw_array(mpu_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "Playback DMA # for " CRD_NAME " driver."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "Capture DMA # for " CRD_NAME " driver."); - - /* -diff --git a/sound/isa/gus/gusclassic.c b/sound/isa/gus/gusclassic.c -index c169be49ed71..92a997ab1229 100644 ---- a/sound/isa/gus/gusclassic.c -+++ b/sound/isa/gus/gusclassic.c -@@ -58,13 +58,13 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA1 # for " CRD_NAME " driver."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA2 # for " CRD_NAME " driver."); - module_param_array(joystick_dac, int, NULL, 0444); - MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for " CRD_NAME " driver."); -diff --git a/sound/isa/gus/gusextreme.c b/sound/isa/gus/gusextreme.c -index 77ac2fd723b4..beb52c0f70ea 100644 ---- a/sound/isa/gus/gusextreme.c -+++ b/sound/isa/gus/gusextreme.c -@@ -66,21 +66,21 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for " CRD_NAME " soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable " CRD_NAME " soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for " CRD_NAME " driver."); --module_param_array(gf1_port, long, NULL, 0444); -+module_param_hw_array(gf1_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(gf1_port, "GF1 port # for " CRD_NAME " driver (optional)."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for " CRD_NAME " driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for " CRD_NAME " driver."); --module_param_array(mpu_irq, int, NULL, 0444); -+module_param_hw_array(mpu_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for " CRD_NAME " driver."); --module_param_array(gf1_irq, int, NULL, 0444); -+module_param_hw_array(gf1_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(gf1_irq, "GF1 IRQ # for " CRD_NAME " driver."); --module_param_array(dma8, int, NULL, 0444); -+module_param_hw_array(dma8, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma8, "8-bit DMA # for " CRD_NAME " driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "GF1 DMA # for " CRD_NAME " driver."); - module_param_array(joystick_dac, int, NULL, 0444); - MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for " CRD_NAME " driver."); -diff --git a/sound/isa/gus/gusmax.c b/sound/isa/gus/gusmax.c -index dd88c9d33492..63309a453140 100644 ---- a/sound/isa/gus/gusmax.c -+++ b/sound/isa/gus/gusmax.c -@@ -56,13 +56,13 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for GUS MAX soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable GUS MAX soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for GUS MAX driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for GUS MAX driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA1 # for GUS MAX driver."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA2 # for GUS MAX driver."); - module_param_array(joystick_dac, int, NULL, 0444); - MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for GUS MAX driver."); -diff --git a/sound/isa/gus/interwave.c b/sound/isa/gus/interwave.c -index 70d0040484c8..0687b7ef3e53 100644 ---- a/sound/isa/gus/interwave.c -+++ b/sound/isa/gus/interwave.c -@@ -92,17 +92,17 @@ MODULE_PARM_DESC(enable, "Enable InterWave soundcard."); - module_param_array(isapnp, bool, NULL, 0444); - MODULE_PARM_DESC(isapnp, "ISA PnP detection for specified soundcard."); - #endif --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for InterWave driver."); - #ifdef SNDRV_STB --module_param_array(port_tc, long, NULL, 0444); -+module_param_hw_array(port_tc, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port_tc, "Tone control (TEA6330T - i2c bus) port # for InterWave driver."); - #endif --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for InterWave driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA1 # for InterWave driver."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA2 # for InterWave driver."); - module_param_array(joystick_dac, int, NULL, 0444); - MODULE_PARM_DESC(joystick_dac, "Joystick DAC level 0.59V-4.52V or 0.389V-2.98V for InterWave driver."); -diff --git a/sound/isa/msnd/msnd_pinnacle.c b/sound/isa/msnd/msnd_pinnacle.c -index 4c072666115d..ad4897337df5 100644 ---- a/sound/isa/msnd/msnd_pinnacle.c -+++ b/sound/isa/msnd/msnd_pinnacle.c -@@ -800,22 +800,22 @@ MODULE_LICENSE("GPL"); - MODULE_FIRMWARE(INITCODEFILE); - MODULE_FIRMWARE(PERMCODEFILE); - --module_param_array(io, long, NULL, S_IRUGO); -+module_param_hw_array(io, long, ioport, NULL, S_IRUGO); - MODULE_PARM_DESC(io, "IO port #"); --module_param_array(irq, int, NULL, S_IRUGO); --module_param_array(mem, long, NULL, S_IRUGO); -+module_param_hw_array(irq, int, irq, NULL, S_IRUGO); -+module_param_hw_array(mem, long, iomem, NULL, S_IRUGO); - module_param_array(write_ndelay, int, NULL, S_IRUGO); - module_param(calibrate_signal, int, S_IRUGO); - #ifndef MSND_CLASSIC - module_param_array(digital, int, NULL, S_IRUGO); --module_param_array(cfg, long, NULL, S_IRUGO); -+module_param_hw_array(cfg, long, ioport, NULL, S_IRUGO); - module_param_array(reset, int, 0, S_IRUGO); --module_param_array(mpu_io, long, NULL, S_IRUGO); --module_param_array(mpu_irq, int, NULL, S_IRUGO); --module_param_array(ide_io0, long, NULL, S_IRUGO); --module_param_array(ide_io1, long, NULL, S_IRUGO); --module_param_array(ide_irq, int, NULL, S_IRUGO); --module_param_array(joystick_io, long, NULL, S_IRUGO); -+module_param_hw_array(mpu_io, long, ioport, NULL, S_IRUGO); -+module_param_hw_array(mpu_irq, int, irq, NULL, S_IRUGO); -+module_param_hw_array(ide_io0, long, ioport, NULL, S_IRUGO); -+module_param_hw_array(ide_io1, long, ioport, NULL, S_IRUGO); -+module_param_hw_array(ide_irq, int, irq, NULL, S_IRUGO); -+module_param_hw_array(joystick_io, long, ioport, NULL, S_IRUGO); - #endif - - -diff --git a/sound/isa/opl3sa2.c b/sound/isa/opl3sa2.c -index ae133633a420..4098e3e0353d 100644 ---- a/sound/isa/opl3sa2.c -+++ b/sound/isa/opl3sa2.c -@@ -69,21 +69,21 @@ MODULE_PARM_DESC(enable, "Enable OPL3-SA soundcard."); - module_param_array(isapnp, bool, NULL, 0444); - MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); - #endif --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for OPL3-SA driver."); --module_param_array(sb_port, long, NULL, 0444); -+module_param_hw_array(sb_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(sb_port, "SB port # for OPL3-SA driver."); --module_param_array(wss_port, long, NULL, 0444); -+module_param_hw_array(wss_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(wss_port, "WSS port # for OPL3-SA driver."); --module_param_array(fm_port, long, NULL, 0444); -+module_param_hw_array(fm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fm_port, "FM port # for OPL3-SA driver."); --module_param_array(midi_port, long, NULL, 0444); -+module_param_hw_array(midi_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(midi_port, "MIDI port # for OPL3-SA driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for OPL3-SA driver."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA1 # for OPL3-SA driver."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA2 # for OPL3-SA driver."); - module_param_array(opl3sa3_ymode, int, NULL, 0444); - MODULE_PARM_DESC(opl3sa3_ymode, "Speaker size selection for 3D Enhancement mode: Desktop/Large Notebook/Small Notebook/HiFi."); -diff --git a/sound/isa/opti9xx/miro.c b/sound/isa/opti9xx/miro.c -index 3a9067db1a84..bcbff56f060d 100644 ---- a/sound/isa/opti9xx/miro.c -+++ b/sound/isa/opti9xx/miro.c -@@ -69,19 +69,19 @@ module_param(index, int, 0444); - MODULE_PARM_DESC(index, "Index value for miro soundcard."); - module_param(id, charp, 0444); - MODULE_PARM_DESC(id, "ID string for miro soundcard."); --module_param(port, long, 0444); -+module_param_hw(port, long, ioport, 0444); - MODULE_PARM_DESC(port, "WSS port # for miro driver."); --module_param(mpu_port, long, 0444); -+module_param_hw(mpu_port, long, ioport, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for miro driver."); --module_param(fm_port, long, 0444); -+module_param_hw(fm_port, long, ioport, 0444); - MODULE_PARM_DESC(fm_port, "FM Port # for miro driver."); --module_param(irq, int, 0444); -+module_param_hw(irq, int, irq, 0444); - MODULE_PARM_DESC(irq, "WSS irq # for miro driver."); --module_param(mpu_irq, int, 0444); -+module_param_hw(mpu_irq, int, irq, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU-401 irq # for miro driver."); --module_param(dma1, int, 0444); -+module_param_hw(dma1, int, dma, 0444); - MODULE_PARM_DESC(dma1, "1st dma # for miro driver."); --module_param(dma2, int, 0444); -+module_param_hw(dma2, int, dma, 0444); - MODULE_PARM_DESC(dma2, "2nd dma # for miro driver."); - module_param(wss, int, 0444); - MODULE_PARM_DESC(wss, "wss mode"); -diff --git a/sound/isa/opti9xx/opti92x-ad1848.c b/sound/isa/opti9xx/opti92x-ad1848.c -index 0a5266003786..ceddb392b1e3 100644 ---- a/sound/isa/opti9xx/opti92x-ad1848.c -+++ b/sound/isa/opti9xx/opti92x-ad1848.c -@@ -88,20 +88,20 @@ MODULE_PARM_DESC(id, "ID string for opti9xx based soundcard."); - module_param(isapnp, bool, 0444); - MODULE_PARM_DESC(isapnp, "Enable ISA PnP detection for specified soundcard."); - #endif --module_param(port, long, 0444); -+module_param_hw(port, long, ioport, 0444); - MODULE_PARM_DESC(port, "WSS port # for opti9xx driver."); --module_param(mpu_port, long, 0444); -+module_param_hw(mpu_port, long, ioport, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for opti9xx driver."); --module_param(fm_port, long, 0444); -+module_param_hw(fm_port, long, ioport, 0444); - MODULE_PARM_DESC(fm_port, "FM port # for opti9xx driver."); --module_param(irq, int, 0444); -+module_param_hw(irq, int, irq, 0444); - MODULE_PARM_DESC(irq, "WSS irq # for opti9xx driver."); --module_param(mpu_irq, int, 0444); -+module_param_hw(mpu_irq, int, irq, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU-401 irq # for opti9xx driver."); --module_param(dma1, int, 0444); -+module_param_hw(dma1, int, dma, 0444); - MODULE_PARM_DESC(dma1, "1st dma # for opti9xx driver."); - #if defined(CS4231) || defined(OPTi93X) --module_param(dma2, int, 0444); -+module_param_hw(dma2, int, dma, 0444); - MODULE_PARM_DESC(dma2, "2nd dma # for opti9xx driver."); - #endif /* CS4231 || OPTi93X */ - -diff --git a/sound/isa/sb/jazz16.c b/sound/isa/sb/jazz16.c -index 4d909971eedb..bfa0055e1fd6 100644 ---- a/sound/isa/sb/jazz16.c -+++ b/sound/isa/sb/jazz16.c -@@ -50,17 +50,17 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for Media Vision Jazz16 based soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable Media Vision Jazz16 based soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for jazz16 driver."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for jazz16 driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for jazz16 driver."); --module_param_array(mpu_irq, int, NULL, 0444); -+module_param_hw_array(mpu_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for jazz16 driver."); --module_param_array(dma8, int, NULL, 0444); -+module_param_hw_array(dma8, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma8, "DMA8 # for jazz16 driver."); --module_param_array(dma16, int, NULL, 0444); -+module_param_hw_array(dma16, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma16, "DMA16 # for jazz16 driver."); - - #define SB_JAZZ16_WAKEUP 0xaf -diff --git a/sound/isa/sb/sb16.c b/sound/isa/sb/sb16.c -index 4a7d7c89808f..3b2e4f405ff2 100644 ---- a/sound/isa/sb/sb16.c -+++ b/sound/isa/sb/sb16.c -@@ -99,21 +99,21 @@ MODULE_PARM_DESC(enable, "Enable SoundBlaster 16 soundcard."); - module_param_array(isapnp, bool, NULL, 0444); - MODULE_PARM_DESC(isapnp, "PnP detection for specified soundcard."); - #endif --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for SB16 driver."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for SB16 driver."); --module_param_array(fm_port, long, NULL, 0444); -+module_param_hw_array(fm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fm_port, "FM port # for SB16 PnP driver."); - #ifdef SNDRV_SBAWE_EMU8000 --module_param_array(awe_port, long, NULL, 0444); -+module_param_hw_array(awe_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(awe_port, "AWE port # for SB16 PnP driver."); - #endif --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for SB16 driver."); --module_param_array(dma8, int, NULL, 0444); -+module_param_hw_array(dma8, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma8, "8-bit DMA # for SB16 driver."); --module_param_array(dma16, int, NULL, 0444); -+module_param_hw_array(dma16, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma16, "16-bit DMA # for SB16 driver."); - module_param_array(mic_agc, int, NULL, 0444); - MODULE_PARM_DESC(mic_agc, "Mic Auto-Gain-Control switch."); -diff --git a/sound/isa/sb/sb8.c b/sound/isa/sb/sb8.c -index ad42d2364199..d77dcba276b5 100644 ---- a/sound/isa/sb/sb8.c -+++ b/sound/isa/sb/sb8.c -@@ -47,11 +47,11 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for Sound Blaster soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable Sound Blaster soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for SB8 driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for SB8 driver."); --module_param_array(dma8, int, NULL, 0444); -+module_param_hw_array(dma8, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma8, "8-bit DMA # for SB8 driver."); - - struct snd_sb8 { -diff --git a/sound/isa/sc6000.c b/sound/isa/sc6000.c -index b61a6633d8f2..c09d9b914efe 100644 ---- a/sound/isa/sc6000.c -+++ b/sound/isa/sc6000.c -@@ -64,17 +64,17 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for sc-6000 based soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable sc-6000 based soundcard."); --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for sc-6000 driver."); --module_param_array(mss_port, long, NULL, 0444); -+module_param_hw_array(mss_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mss_port, "MSS Port # for sc-6000 driver."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port # for sc-6000 driver."); --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for sc-6000 driver."); --module_param_array(mpu_irq, int, NULL, 0444); -+module_param_hw_array(mpu_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ # for sc-6000 driver."); --module_param_array(dma, int, NULL, 0444); -+module_param_hw_array(dma, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma, "DMA # for sc-6000 driver."); - module_param_array(joystick, bool, NULL, 0444); - MODULE_PARM_DESC(joystick, "Enable gameport."); -diff --git a/sound/isa/sscape.c b/sound/isa/sscape.c -index fdcfa29e2205..54f5758a1bb3 100644 ---- a/sound/isa/sscape.c -+++ b/sound/isa/sscape.c -@@ -63,22 +63,22 @@ MODULE_PARM_DESC(index, "Index number for SoundScape soundcard"); - module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "Description for SoundScape card"); - --module_param_array(port, long, NULL, 0444); -+module_param_hw_array(port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(port, "Port # for SoundScape driver."); - --module_param_array(wss_port, long, NULL, 0444); -+module_param_hw_array(wss_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(wss_port, "WSS Port # for SoundScape driver."); - --module_param_array(irq, int, NULL, 0444); -+module_param_hw_array(irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(irq, "IRQ # for SoundScape driver."); - --module_param_array(mpu_irq, int, NULL, 0444); -+module_param_hw_array(mpu_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(mpu_irq, "MPU401 IRQ # for SoundScape driver."); - --module_param_array(dma, int, NULL, 0444); -+module_param_hw_array(dma, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma, "DMA # for SoundScape driver."); - --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA2 # for SoundScape driver."); - - module_param_array(joystick, bool, NULL, 0444); -diff --git a/sound/isa/wavefront/wavefront.c b/sound/isa/wavefront/wavefront.c -index a0987a57c8a9..da4e9a85f0af 100644 ---- a/sound/isa/wavefront/wavefront.c -+++ b/sound/isa/wavefront/wavefront.c -@@ -63,23 +63,23 @@ MODULE_PARM_DESC(enable, "Enable WaveFront soundcard."); - module_param_array(isapnp, bool, NULL, 0444); - MODULE_PARM_DESC(isapnp, "ISA PnP detection for WaveFront soundcards."); - #endif --module_param_array(cs4232_pcm_port, long, NULL, 0444); -+module_param_hw_array(cs4232_pcm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(cs4232_pcm_port, "Port # for CS4232 PCM interface."); --module_param_array(cs4232_pcm_irq, int, NULL, 0444); -+module_param_hw_array(cs4232_pcm_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(cs4232_pcm_irq, "IRQ # for CS4232 PCM interface."); --module_param_array(dma1, int, NULL, 0444); -+module_param_hw_array(dma1, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma1, "DMA1 # for CS4232 PCM interface."); --module_param_array(dma2, int, NULL, 0444); -+module_param_hw_array(dma2, int, dma, NULL, 0444); - MODULE_PARM_DESC(dma2, "DMA2 # for CS4232 PCM interface."); --module_param_array(cs4232_mpu_port, long, NULL, 0444); -+module_param_hw_array(cs4232_mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(cs4232_mpu_port, "port # for CS4232 MPU-401 interface."); --module_param_array(cs4232_mpu_irq, int, NULL, 0444); -+module_param_hw_array(cs4232_mpu_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(cs4232_mpu_irq, "IRQ # for CS4232 MPU-401 interface."); --module_param_array(ics2115_irq, int, NULL, 0444); -+module_param_hw_array(ics2115_irq, int, irq, NULL, 0444); - MODULE_PARM_DESC(ics2115_irq, "IRQ # for ICS2115."); --module_param_array(ics2115_port, long, NULL, 0444); -+module_param_hw_array(ics2115_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(ics2115_port, "Port # for ICS2115."); --module_param_array(fm_port, long, NULL, 0444); -+module_param_hw_array(fm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fm_port, "FM port #."); - module_param_array(use_cs4232_midi, bool, NULL, 0444); - MODULE_PARM_DESC(use_cs4232_midi, "Use CS4232 MPU-401 interface (inaccessibly located inside your computer)"); diff --git a/debian/patches/features/all/lockdown/0037-Annotate-hardware-config-module-parameters-in-sound-.patch b/debian/patches/features/all/lockdown/0037-Annotate-hardware-config-module-parameters-in-sound-.patch deleted file mode 100644 index 5ca0751d3..000000000 --- a/debian/patches/features/all/lockdown/0037-Annotate-hardware-config-module-parameters-in-sound-.patch +++ /dev/null @@ -1,320 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:30 +0100 -Subject: [37/62] Annotate hardware config module parameters in sound/oss/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=aa247badbbe86b0d25ccd7050b375938632fc407 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in sound/oss/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Jaroslav Kysela -cc: Takashi Iwai -cc: Riccardo Facchetti -cc: Andrew Veliath -cc: alsa-devel@alsa-project.org ---- - sound/oss/ad1848.c | 8 ++++---- - sound/oss/aedsp16.c | 12 ++++++------ - sound/oss/mpu401.c | 4 ++-- - sound/oss/msnd_pinnacle.c | 20 ++++++++++---------- - sound/oss/opl3.c | 2 +- - sound/oss/pas2_card.c | 18 +++++++++--------- - sound/oss/pss.c | 14 +++++++------- - sound/oss/sb_card.c | 10 +++++----- - sound/oss/trix.c | 18 +++++++++--------- - sound/oss/uart401.c | 4 ++-- - sound/oss/uart6850.c | 4 ++-- - sound/oss/waveartist.c | 8 ++++---- - 12 files changed, 61 insertions(+), 61 deletions(-) - -diff --git a/sound/oss/ad1848.c b/sound/oss/ad1848.c -index f6156d8169d0..2421f59cf279 100644 ---- a/sound/oss/ad1848.c -+++ b/sound/oss/ad1848.c -@@ -2805,10 +2805,10 @@ static int __initdata dma = -1; - static int __initdata dma2 = -1; - static int __initdata type = 0; - --module_param(io, int, 0); /* I/O for a raw AD1848 card */ --module_param(irq, int, 0); /* IRQ to use */ --module_param(dma, int, 0); /* First DMA channel */ --module_param(dma2, int, 0); /* Second DMA channel */ -+module_param_hw(io, int, ioport, 0); /* I/O for a raw AD1848 card */ -+module_param_hw(irq, int, irq, 0); /* IRQ to use */ -+module_param_hw(dma, int, dma, 0); /* First DMA channel */ -+module_param_hw(dma2, int, dma, 0); /* Second DMA channel */ - module_param(type, int, 0); /* Card type */ - module_param(deskpro_xl, bool, 0); /* Special magic for Deskpro XL boxen */ - module_param(deskpro_m, bool, 0); /* Special magic for Deskpro M box */ -diff --git a/sound/oss/aedsp16.c b/sound/oss/aedsp16.c -index bb477d5c8528..f058ed6bdb69 100644 ---- a/sound/oss/aedsp16.c -+++ b/sound/oss/aedsp16.c -@@ -1303,17 +1303,17 @@ static int __initdata mpu_irq = -1; - static int __initdata mss_base = -1; - static int __initdata mpu_base = -1; - --module_param(io, int, 0); -+module_param_hw(io, int, ioport, 0); - MODULE_PARM_DESC(io, "I/O base address (0x220 0x240)"); --module_param(irq, int, 0); -+module_param_hw(irq, int, irq, 0); - MODULE_PARM_DESC(irq, "IRQ line (5 7 9 10 11)"); --module_param(dma, int, 0); -+module_param_hw(dma, int, dma, 0); - MODULE_PARM_DESC(dma, "dma line (0 1 3)"); --module_param(mpu_irq, int, 0); -+module_param_hw(mpu_irq, int, irq, 0); - MODULE_PARM_DESC(mpu_irq, "MPU-401 IRQ line (5 7 9 10 0)"); --module_param(mss_base, int, 0); -+module_param_hw(mss_base, int, ioport, 0); - MODULE_PARM_DESC(mss_base, "MSS emulation I/O base address (0x530 0xE80)"); --module_param(mpu_base, int, 0); -+module_param_hw(mpu_base, int, ioport, 0); - MODULE_PARM_DESC(mpu_base,"MPU-401 I/O base address (0x300 0x310 0x320 0x330)"); - MODULE_AUTHOR("Riccardo Facchetti "); - MODULE_DESCRIPTION("Audio Excel DSP 16 Driver Version " VERSION); -diff --git a/sound/oss/mpu401.c b/sound/oss/mpu401.c -index 862735005b43..20e8fa46f647 100644 ---- a/sound/oss/mpu401.c -+++ b/sound/oss/mpu401.c -@@ -1748,8 +1748,8 @@ static struct address_info cfg; - static int io = -1; - static int irq = -1; - --module_param(irq, int, 0); --module_param(io, int, 0); -+module_param_hw(irq, int, irq, 0); -+module_param_hw(io, int, ioport, 0); - - static int __init init_mpu401(void) - { -diff --git a/sound/oss/msnd_pinnacle.c b/sound/oss/msnd_pinnacle.c -index f34ec01d2239..d2abc2cf3213 100644 ---- a/sound/oss/msnd_pinnacle.c -+++ b/sound/oss/msnd_pinnacle.c -@@ -1727,22 +1727,22 @@ static int - calibrate_signal __initdata = CONFIG_MSND_CALSIGNAL; - #endif /* MODULE */ - --module_param (io, int, 0); --module_param (irq, int, 0); --module_param (mem, int, 0); -+module_param_hw (io, int, ioport, 0); -+module_param_hw (irq, int, irq, 0); -+module_param_hw (mem, int, iomem, 0); - module_param (write_ndelay, int, 0); - module_param (fifosize, int, 0); - module_param (calibrate_signal, int, 0); - #ifndef MSND_CLASSIC - module_param (digital, bool, 0); --module_param (cfg, int, 0); -+module_param_hw (cfg, int, ioport, 0); - module_param (reset, int, 0); --module_param (mpu_io, int, 0); --module_param (mpu_irq, int, 0); --module_param (ide_io0, int, 0); --module_param (ide_io1, int, 0); --module_param (ide_irq, int, 0); --module_param (joystick_io, int, 0); -+module_param_hw (mpu_io, int, ioport, 0); -+module_param_hw (mpu_irq, int, irq, 0); -+module_param_hw (ide_io0, int, ioport, 0); -+module_param_hw (ide_io1, int, ioport, 0); -+module_param_hw (ide_irq, int, irq, 0); -+module_param_hw (joystick_io, int, ioport, 0); - #endif - - static int __init msnd_init(void) -diff --git a/sound/oss/opl3.c b/sound/oss/opl3.c -index b6d19adf8f41..f0f5b5be6314 100644 ---- a/sound/oss/opl3.c -+++ b/sound/oss/opl3.c -@@ -1200,7 +1200,7 @@ static int me; - - static int io = -1; - --module_param(io, int, 0); -+module_param_hw(io, int, ioport, 0); - - static int __init init_opl3 (void) - { -diff --git a/sound/oss/pas2_card.c b/sound/oss/pas2_card.c -index b07954a79536..769fca692d2a 100644 ---- a/sound/oss/pas2_card.c -+++ b/sound/oss/pas2_card.c -@@ -383,15 +383,15 @@ static int __initdata sb_irq = -1; - static int __initdata sb_dma = -1; - static int __initdata sb_dma16 = -1; - --module_param(io, int, 0); --module_param(irq, int, 0); --module_param(dma, int, 0); --module_param(dma16, int, 0); -- --module_param(sb_io, int, 0); --module_param(sb_irq, int, 0); --module_param(sb_dma, int, 0); --module_param(sb_dma16, int, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(irq, int, irq, 0); -+module_param_hw(dma, int, dma, 0); -+module_param_hw(dma16, int, dma, 0); -+ -+module_param_hw(sb_io, int, ioport, 0); -+module_param_hw(sb_irq, int, irq, 0); -+module_param_hw(sb_dma, int, dma, 0); -+module_param_hw(sb_dma16, int, dma, 0); - - module_param(joystick, bool, 0); - module_param(symphony, bool, 0); -diff --git a/sound/oss/pss.c b/sound/oss/pss.c -index 81314f9e2ccb..33c3a442e162 100644 ---- a/sound/oss/pss.c -+++ b/sound/oss/pss.c -@@ -1139,19 +1139,19 @@ static bool pss_no_sound = 0; /* Just configure non-sound components */ - static bool pss_keep_settings = 1; /* Keep hardware settings at module exit */ - static char *pss_firmware = "/etc/sound/pss_synth"; - --module_param(pss_io, int, 0); -+module_param_hw(pss_io, int, ioport, 0); - MODULE_PARM_DESC(pss_io, "Set i/o base of PSS card (probably 0x220 or 0x240)"); --module_param(mss_io, int, 0); -+module_param_hw(mss_io, int, ioport, 0); - MODULE_PARM_DESC(mss_io, "Set WSS (audio) i/o base (0x530, 0x604, 0xE80, 0xF40, or other. Address must end in 0 or 4 and must be from 0x100 to 0xFF4)"); --module_param(mss_irq, int, 0); -+module_param_hw(mss_irq, int, irq, 0); - MODULE_PARM_DESC(mss_irq, "Set WSS (audio) IRQ (3, 5, 7, 9, 10, 11, 12)"); --module_param(mss_dma, int, 0); -+module_param_hw(mss_dma, int, dma, 0); - MODULE_PARM_DESC(mss_dma, "Set WSS (audio) DMA (0, 1, 3)"); --module_param(mpu_io, int, 0); -+module_param_hw(mpu_io, int, ioport, 0); - MODULE_PARM_DESC(mpu_io, "Set MIDI i/o base (0x330 or other. Address must be on 4 location boundaries and must be from 0x100 to 0xFFC)"); --module_param(mpu_irq, int, 0); -+module_param_hw(mpu_irq, int, irq, 0); - MODULE_PARM_DESC(mpu_irq, "Set MIDI IRQ (3, 5, 7, 9, 10, 11, 12)"); --module_param(pss_cdrom_port, int, 0); -+module_param_hw(pss_cdrom_port, int, ioport, 0); - MODULE_PARM_DESC(pss_cdrom_port, "Set the PSS CDROM port i/o base (0x340 or other)"); - module_param(pss_enable_joystick, bool, 0); - MODULE_PARM_DESC(pss_enable_joystick, "Enables the PSS joystick port (1 to enable, 0 to disable)"); -diff --git a/sound/oss/sb_card.c b/sound/oss/sb_card.c -index fb5d7250de38..2a92cfe6cfe9 100644 ---- a/sound/oss/sb_card.c -+++ b/sound/oss/sb_card.c -@@ -61,15 +61,15 @@ static int __initdata uart401 = 0; - static int __initdata pnp = 0; - #endif - --module_param(io, int, 000); -+module_param_hw(io, int, ioport, 000); - MODULE_PARM_DESC(io, "Soundblaster i/o base address (0x220,0x240,0x260,0x280)"); --module_param(irq, int, 000); -+module_param_hw(irq, int, irq, 000); - MODULE_PARM_DESC(irq, "IRQ (5,7,9,10)"); --module_param(dma, int, 000); -+module_param_hw(dma, int, dma, 000); - MODULE_PARM_DESC(dma, "8-bit DMA channel (0,1,3)"); --module_param(dma16, int, 000); -+module_param_hw(dma16, int, dma, 000); - MODULE_PARM_DESC(dma16, "16-bit DMA channel (5,6,7)"); --module_param(mpu_io, int, 000); -+module_param_hw(mpu_io, int, ioport, 000); - MODULE_PARM_DESC(mpu_io, "MPU base address"); - module_param(type, int, 000); - MODULE_PARM_DESC(type, "You can set this to specific card type (doesn't " \ -diff --git a/sound/oss/trix.c b/sound/oss/trix.c -index 3c494dc93b93..a57bc635d758 100644 ---- a/sound/oss/trix.c -+++ b/sound/oss/trix.c -@@ -413,15 +413,15 @@ static int __initdata sb_irq = -1; - static int __initdata mpu_io = -1; - static int __initdata mpu_irq = -1; - --module_param(io, int, 0); --module_param(irq, int, 0); --module_param(dma, int, 0); --module_param(dma2, int, 0); --module_param(sb_io, int, 0); --module_param(sb_dma, int, 0); --module_param(sb_irq, int, 0); --module_param(mpu_io, int, 0); --module_param(mpu_irq, int, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(irq, int, irq, 0); -+module_param_hw(dma, int, dma, 0); -+module_param_hw(dma2, int, dma, 0); -+module_param_hw(sb_io, int, ioport, 0); -+module_param_hw(sb_dma, int, dma, 0); -+module_param_hw(sb_irq, int, irq, 0); -+module_param_hw(mpu_io, int, ioport, 0); -+module_param_hw(mpu_irq, int, irq, 0); - module_param(joystick, bool, 0); - - static int __init init_trix(void) -diff --git a/sound/oss/uart401.c b/sound/oss/uart401.c -index dae4d4344407..83dcc85b8688 100644 ---- a/sound/oss/uart401.c -+++ b/sound/oss/uart401.c -@@ -429,8 +429,8 @@ static struct address_info cfg_mpu; - static int io = -1; - static int irq = -1; - --module_param(io, int, 0444); --module_param(irq, int, 0444); -+module_param_hw(io, int, ioport, 0444); -+module_param_hw(irq, int, irq, 0444); - - - static int __init init_uart401(void) -diff --git a/sound/oss/uart6850.c b/sound/oss/uart6850.c -index 1079133dd6ab..eda32d7eddbd 100644 ---- a/sound/oss/uart6850.c -+++ b/sound/oss/uart6850.c -@@ -315,8 +315,8 @@ static struct address_info cfg_mpu; - static int __initdata io = -1; - static int __initdata irq = -1; - --module_param(io, int, 0); --module_param(irq, int, 0); -+module_param_hw(io, int, ioport, 0); -+module_param_hw(irq, int, irq, 0); - - static int __init init_uart6850(void) - { -diff --git a/sound/oss/waveartist.c b/sound/oss/waveartist.c -index 0b8d0de87273..4f0c3a232e41 100644 ---- a/sound/oss/waveartist.c -+++ b/sound/oss/waveartist.c -@@ -2036,8 +2036,8 @@ __setup("waveartist=", setup_waveartist); - #endif - - MODULE_DESCRIPTION("Rockwell WaveArtist RWA-010 sound driver"); --module_param(io, int, 0); /* IO base */ --module_param(irq, int, 0); /* IRQ */ --module_param(dma, int, 0); /* DMA */ --module_param(dma2, int, 0); /* DMA2 */ -+module_param_hw(io, int, ioport, 0); /* IO base */ -+module_param_hw(irq, int, irq, 0); /* IRQ */ -+module_param_hw(dma, int, dma, 0); /* DMA */ -+module_param_hw(dma2, int, dma, 0); /* DMA2 */ - MODULE_LICENSE("GPL"); diff --git a/debian/patches/features/all/lockdown/0038-Annotate-hardware-config-module-parameters-in-sound-.patch b/debian/patches/features/all/lockdown/0038-Annotate-hardware-config-module-parameters-in-sound-.patch deleted file mode 100644 index 9cdf36967..000000000 --- a/debian/patches/features/all/lockdown/0038-Annotate-hardware-config-module-parameters-in-sound-.patch +++ /dev/null @@ -1,154 +0,0 @@ -From: David Howells -Date: Tue, 4 Apr 2017 16:54:30 +0100 -Subject: [38/62] Annotate hardware config module parameters in sound/pci/ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=625c33b384a0f2e3ac63d6d513e389d4e290b667 - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -To this end, annotate module_param* statements that refer to hardware -configuration and indicate for future reference what type of parameter they -specify. The parameter parser in the core sees this information and can -skip such parameters with an error message if the kernel is locked down. -The module initialisation then runs as normal, but just sees whatever the -default values for those parameters is. - -Note that we do still need to do the module initialisation because some -drivers have viable defaults set in case parameters aren't specified and -some drivers support automatic configuration (e.g. PNP or PCI) in addition -to manually coded parameters. - -This patch annotates drivers in sound/pci/. - -Suggested-by: Alan Cox -Signed-off-by: David Howells -cc: Jaroslav Kysela -cc: Takashi Iwai -cc: alsa-devel@alsa-project.org ---- - sound/pci/als4000.c | 2 +- - sound/pci/cmipci.c | 6 +++--- - sound/pci/ens1370.c | 2 +- - sound/pci/riptide/riptide.c | 6 +++--- - sound/pci/sonicvibes.c | 2 +- - sound/pci/via82xx.c | 2 +- - sound/pci/ymfpci/ymfpci.c | 6 +++--- - 7 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/sound/pci/als4000.c b/sound/pci/als4000.c -index 92bc06d01288..7844a75d8ed9 100644 ---- a/sound/pci/als4000.c -+++ b/sound/pci/als4000.c -@@ -102,7 +102,7 @@ MODULE_PARM_DESC(id, "ID string for ALS4000 soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable ALS4000 soundcard."); - #ifdef SUPPORT_JOYSTICK --module_param_array(joystick_port, int, NULL, 0444); -+module_param_hw_array(joystick_port, int, ioport, NULL, 0444); - MODULE_PARM_DESC(joystick_port, "Joystick port address for ALS4000 soundcard. (0 = disabled)"); - #endif - -diff --git a/sound/pci/cmipci.c b/sound/pci/cmipci.c -index aeedc270ed9b..430f064c64da 100644 ---- a/sound/pci/cmipci.c -+++ b/sound/pci/cmipci.c -@@ -68,14 +68,14 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for C-Media PCI soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable C-Media PCI soundcard."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port."); --module_param_array(fm_port, long, NULL, 0444); -+module_param_hw_array(fm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fm_port, "FM port."); - module_param_array(soft_ac3, bool, NULL, 0444); - MODULE_PARM_DESC(soft_ac3, "Software-conversion of raw SPDIF packets (model 033 only)."); - #ifdef SUPPORT_JOYSTICK --module_param_array(joystick_port, int, NULL, 0444); -+module_param_hw_array(joystick_port, int, ioport, NULL, 0444); - MODULE_PARM_DESC(joystick_port, "Joystick port address."); - #endif - -diff --git a/sound/pci/ens1370.c b/sound/pci/ens1370.c -index 164adad91650..90376739c5e1 100644 ---- a/sound/pci/ens1370.c -+++ b/sound/pci/ens1370.c -@@ -106,7 +106,7 @@ module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable Ensoniq AudioPCI soundcard."); - #ifdef SUPPORT_JOYSTICK - #ifdef CHIP1371 --module_param_array(joystick_port, int, NULL, 0444); -+module_param_hw_array(joystick_port, int, ioport, NULL, 0444); - MODULE_PARM_DESC(joystick_port, "Joystick port address."); - #else - module_param_array(joystick, bool, NULL, 0444); -diff --git a/sound/pci/riptide/riptide.c b/sound/pci/riptide/riptide.c -index 19c9df6b0f3d..f067c76d77f8 100644 ---- a/sound/pci/riptide/riptide.c -+++ b/sound/pci/riptide/riptide.c -@@ -137,12 +137,12 @@ MODULE_PARM_DESC(id, "ID string for Riptide soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable Riptide soundcard."); - #ifdef SUPPORT_JOYSTICK --module_param_array(joystick_port, int, NULL, 0444); -+module_param_hw_array(joystick_port, int, ioport, NULL, 0444); - MODULE_PARM_DESC(joystick_port, "Joystick port # for Riptide soundcard."); - #endif --module_param_array(mpu_port, int, NULL, 0444); -+module_param_hw_array(mpu_port, int, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU401 port # for Riptide driver."); --module_param_array(opl3_port, int, NULL, 0444); -+module_param_hw_array(opl3_port, int, ioport, NULL, 0444); - MODULE_PARM_DESC(opl3_port, "OPL3 port # for Riptide driver."); - - /* -diff --git a/sound/pci/sonicvibes.c b/sound/pci/sonicvibes.c -index a6aa48c5b969..8e3d4ec39c35 100644 ---- a/sound/pci/sonicvibes.c -+++ b/sound/pci/sonicvibes.c -@@ -66,7 +66,7 @@ module_param_array(reverb, bool, NULL, 0444); - MODULE_PARM_DESC(reverb, "Enable reverb (SRAM is present) for S3 SonicVibes soundcard."); - module_param_array(mge, bool, NULL, 0444); - MODULE_PARM_DESC(mge, "MIC Gain Enable for S3 SonicVibes soundcard."); --module_param(dmaio, uint, 0444); -+module_param_hw(dmaio, uint, ioport, 0444); - MODULE_PARM_DESC(dmaio, "DDMA i/o base address for S3 SonicVibes soundcard."); - - /* -diff --git a/sound/pci/via82xx.c b/sound/pci/via82xx.c -index 2d8c14e3f8d2..127834021175 100644 ---- a/sound/pci/via82xx.c -+++ b/sound/pci/via82xx.c -@@ -92,7 +92,7 @@ module_param(index, int, 0444); - MODULE_PARM_DESC(index, "Index value for VIA 82xx bridge."); - module_param(id, charp, 0444); - MODULE_PARM_DESC(id, "ID string for VIA 82xx bridge."); --module_param(mpu_port, long, 0444); -+module_param_hw(mpu_port, long, ioport, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 port. (VT82C686x only)"); - #ifdef SUPPORT_JOYSTICK - module_param(joystick, bool, 0444); -diff --git a/sound/pci/ymfpci/ymfpci.c b/sound/pci/ymfpci/ymfpci.c -index 812e27a1bcbc..4faf3e1ed06a 100644 ---- a/sound/pci/ymfpci/ymfpci.c -+++ b/sound/pci/ymfpci/ymfpci.c -@@ -55,12 +55,12 @@ module_param_array(id, charp, NULL, 0444); - MODULE_PARM_DESC(id, "ID string for the Yamaha DS-1 PCI soundcard."); - module_param_array(enable, bool, NULL, 0444); - MODULE_PARM_DESC(enable, "Enable Yamaha DS-1 soundcard."); --module_param_array(mpu_port, long, NULL, 0444); -+module_param_hw_array(mpu_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(mpu_port, "MPU-401 Port."); --module_param_array(fm_port, long, NULL, 0444); -+module_param_hw_array(fm_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(fm_port, "FM OPL-3 Port."); - #ifdef SUPPORT_JOYSTICK --module_param_array(joystick_port, long, NULL, 0444); -+module_param_hw_array(joystick_port, long, ioport, NULL, 0444); - MODULE_PARM_DESC(joystick_port, "Joystick port address"); - #endif - module_param_array(rear_switch, bool, NULL, 0444); diff --git a/debian/patches/features/all/lockdown/0039-efi-Add-EFI_SECURE_BOOT-bit.patch b/debian/patches/features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch similarity index 97% rename from debian/patches/features/all/lockdown/0039-efi-Add-EFI_SECURE_BOOT-bit.patch rename to debian/patches/features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch index 06ed97317..b8dd1b923 100644 --- a/debian/patches/features/all/lockdown/0039-efi-Add-EFI_SECURE_BOOT-bit.patch +++ b/debian/patches/features/all/lockdown/0038-efi-Add-EFI_SECURE_BOOT-bit.patch @@ -1,6 +1,6 @@ From: Josh Boyer Date: Wed, 5 Apr 2017 17:40:29 +0100 -Subject: [39/62] efi: Add EFI_SECURE_BOOT bit +Subject: [38/61] efi: Add EFI_SECURE_BOOT bit Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=7c121e1d97d6af4d25fb49bffb10571964f37ab1 UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit diff --git a/debian/patches/features/all/lockdown/0040-Add-the-ability-to-lock-down-access-to-the-running-k.patch b/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch similarity index 98% rename from debian/patches/features/all/lockdown/0040-Add-the-ability-to-lock-down-access-to-the-running-k.patch rename to debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch index 1718610f5..ece981a25 100644 --- a/debian/patches/features/all/lockdown/0040-Add-the-ability-to-lock-down-access-to-the-running-k.patch +++ b/debian/patches/features/all/lockdown/0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch @@ -1,6 +1,6 @@ From: David Howells Date: Wed, 5 Apr 2017 17:40:29 +0100 -Subject: [40/62] Add the ability to lock down access to the running kernel +Subject: [39/61] Add the ability to lock down access to the running kernel image Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=4e038dfc742f11bcd02e5a3fba5718cefbf06d70 diff --git a/debian/patches/features/all/lockdown/0041-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch similarity index 85% rename from debian/patches/features/all/lockdown/0041-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch rename to debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch index 94c33c4d9..7bc8d5a5c 100644 --- a/debian/patches/features/all/lockdown/0041-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +++ b/debian/patches/features/all/lockdown/0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch @@ -1,6 +1,6 @@ From: David Howells Date: Wed, 5 Apr 2017 17:40:29 +0100 -Subject: [41/62] efi: Lock down the kernel if booted in secure boot mode +Subject: [40/61] efi: Lock down the kernel if booted in secure boot mode Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=48f943a855fa850977db9071250db2b9e12287ce UEFI Secure Boot provides a mechanism for ensuring that the firmware will @@ -15,11 +15,9 @@ Signed-off-by: David Howells arch/x86/kernel/setup.c | 8 +++++++- 2 files changed, 19 insertions(+), 1 deletion(-) -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index cc98d5a294ee..21f39855661d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1817,6 +1817,18 @@ config EFI_MIXED +@@ -1827,6 +1827,18 @@ config EFI_MIXED If unsure, say N. @@ -38,8 +36,6 @@ index cc98d5a294ee..21f39855661d 100644 config SECCOMP def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" -diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 396285bddb93..85dfa745c442 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -69,6 +69,7 @@ @@ -48,9 +44,9 @@ index 396285bddb93..85dfa745c442 100644 #include +#include + #include #include