Luis Henriques [Fri, 23 Sep 2016 15:39:35 +0000 (16:39 +0100)]
UBUNTU: [Config] CONFIG_GOLDFISH=n
BugLink: http://bugs.launchpad.net/bugs/1627052 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com>
drivers/built-in.o: In function `qe_usb_clock_set':
drivers/soc/fsl/qe/usb.c:25: undefined reference to `qe_immr'
drivers/soc/fsl/qe/usb.c:25: undefined reference to `qe_immr'
drivers/soc/fsl/qe/usb.c:48: undefined reference to `cmxgcr_lock'
drivers/soc/fsl/qe/usb.c:48: undefined reference to `cmxgcr_lock'
drivers/soc/fsl/qe/usb.c:46: undefined reference to `qe_setbrg'
Makefile:965: recipe for target 'vmlinux' failed
make[2]: *** [vmlinux] Error 1
dann frazier [Thu, 22 Sep 2016 03:34:15 +0000 (21:34 -0600)]
UBUNTU: [Config] CONFIG_ACPI_IORT=y
BugLink: http://bugs.launchpad.net/bugs/1626631 Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
UBUNTU: add nls_cp437 to the generic.inclusion-list
BugLink: http://bugs.launchpad.net/bugs/1626158
Add a precautionary measure in the event CONFIG_NLS_CODEPAGE_437 reverts
back to being enabled as a module.
Upstream commit 96368701e1c89057bbf39222e965161c68a85b4b changed the
auditing behavior of seccomp so that actions are only logged when the
audit subsystem is enabled. A default install of Ubuntu does not include
the audit userspace and simply enabling the audit subsystem, without
filtering some audit events, would result in more audit records hitting
the system log than usual.
This patch undoes the functional change in upstream commit 96368701e1c89057bbf39222e965161c68a85b4b and goes back to the old
behavior of logging seccomp actions even when audit is not enabled.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Seth Forshee [Thu, 21 Jan 2016 21:37:53 +0000 (15:37 -0600)]
UBUNTU: SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
An overlayfs mount using an upper or lower directory from a
nosuid filesystem bypasses this restriction. Change this so
that if any lower or upper directory is nosuid at mount time the
overlayfs superblock is marked nosuid. This requires some
additions at the vfs level since nosuid currently only applies to
mounts, so a SB_I_NOSUID flag is added along with a helper
function to check a path for nosuid in both the mount and the
superblock.
Seth Forshee [Thu, 21 Jan 2016 17:52:04 +0000 (11:52 -0600)]
UBUNTU: SAUCE: overlayfs: Be more careful about copying up sxid files
When an overlayfs filesystem's lowerdir is on a nosuid filesystem
but the upperdir is not, it's possible to copy up an sxid file or
stick directory into upperdir without changing the mode by
opening the file rw in the overlayfs mount without writing to it.
This makes it possible to bypass the nosuid restriction on the
lowerdir mount.
It's a bad idea in general to let the mounter copy up a sxid file
if the mounter wouldn't have had permission to create the sxid
file in the first place. Therefore change ovl_set_xattr to
exclude these bits when initially setting the mode, then set the
full mode after setting the user for the inode. This allows copy
up for non-sxid files to work as before but causes copy up to
fail for the cases where the user could not have created the sxid
inode in upperdir.
Seth Forshee [Tue, 19 Jan 2016 19:12:02 +0000 (13:12 -0600)]
UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
The original mounter had CAP_SYS_ADMIN in the user namespace
where the mount happened, and the vfs has validated that the user
has permission to do the requested operation. This is sufficient
for allowing the kernel to write these specific xattrs, so we can
bypass the permission checks for these xattrs.
To support this, export __vfs_setxattr_noperm and add an similar
__vfs_removexattr_noperm which is also exported. Use these when
setting or removing trusted.overlayfs.* xattrs.
In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it
is possible for a user-supplied ipt_entry structure to have a large
next_offset field. This field is not bounds checked prior to writing a
counter value at the supplied offset.
Problem is that xt_entry_foreach() macro stops iterating once e->next_offset
is out of bounds, assuming this is the last entry.
With malformed data thats not necessarily the case so we can
write outside of allocated area later as we might not have walked the
entire blob.
Fix this by simplifying mark_source_chains -- it already has to check
if nextoff is in range to catch invalid jumps, so just do the check
when we move to a next entry as well.
Also, check that the offset meets the xtables_entry alignment.
Reported-by: Ben Hawkes <hawkes@google.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Chris J. Arges <chris.j.arges@canonical.com> Acked-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Brad Figg <brad.figg@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
UBUNTU: SAUCE: (no-up) ACPI: Disable Windows 8 compatibility for some Lenovo ThinkPads
The AML implementation for brightness control on several ThinkPads
contains a workaround to meet a Windows 8 requirement of 101 brightness
levels [1]. The implementation is flawed, as only 16 of the brighness
values reported by _BCL affect a change in brightness. _BCM silently
discards the rest of the values. Disabling Windows 8 compatibility on
these machines reverts them to the old behavior, making _BCL only report
the 16 brightness levels which actually work. Add a quirk to do this
along with a dmi callback to disable Win8 compatibility.
Jay Vosburgh [Wed, 11 Nov 2015 13:04:50 +0000 (13:04 +0000)]
UBUNTU: SAUCE: fan: add VXLAN implementation
Generify the fan mapping support and utilise that to implement fan
mappings over vxlan transport.
Expose the existance of this functionality (when the module is loaded)
via an additional sysctl marker.
Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
[apw@canonical.com: added feature marker for fan over vxlan.] Signed-off-by: Andy Whitcroft <apw@canonical.com>
Conflicts:
drivers/net/vxlan.c
include/uapi/linux/if_link.h
net/ipv4/ipip.c
Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Michael Cyr [Fri, 26 Aug 2016 19:06:45 +0000 (14:06 -0500)]
UBUNTU: SAUCE: Return TCMU-generated sense data to fabric module
BugLink: http://bugs.launchpad.net/bugs/1615665
If an error status is passed to target_complete_cmd, then by default it
queues the command to target_complete_failure_work, which will generate
Logical Unit Communication Failure sense data, overwriting any sense data
already set in the command. This means that any sense data returned by
TCMU does not get returned to the fabric module.
This change implements a transport_complete function for target-user which
will set the SCF_TRANSPORT_TASK_SENSE flag if we have valid sense data,
which will cause target_complete_cmd to queue the command to
target_complete_ok_work instead of target_complete_failure_work.
Signed-off-by: Michael Cyr <mikecyr@linux.vnet.ibm.com> Reviewed-by: Andy Grover <agrover@redhat.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Chen Yu [Fri, 19 Aug 2016 17:25:57 +0000 (10:25 -0700)]
UBUNTU: SAUCE: PCI: Workaround to enable poweroff on Mac Pro 11
BugLink: http://bugs.launchpad.net/bugs/1587714
People reported that they can not do a poweroff nor a
suspend to ram on their Mac Pro 11. After some investigations
it was found that, once the PCI bridge 0000:00:1c.0 reassigns its
mm windows to ([mem 0x7fa00000-0x7fbfffff] and
[mem 0x7fc00000-0x7fdfffff 64bit pref]), the region of ACPI
io resource 0x1804 becomes unaccessible immediately, where the
ACPI Sleep register is located, as a result neither poweroff(S5)
nor suspend to ram(S3) works.
As suggested by Bjorn, further testing shows that, there is an
unreported device may be (using) conflict with above aperture,
which brings unpredictable result such as the failure of accessing
the io port, which blocks the poweroff(S5). Besides if we reassign
the memory aperture to the other place, the poweroff works again.
As we do not find any resource declared in _CRS which contain above
memory aperture, and Mac OS does not use this pci bridge neither, we
choose a simple workaround to clear the hotplug flag(suggested by
Yinghai Lu), thus do not allocate any resource for this pci bridge,
and thereby no conflict anymore.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=103211 Cc: Bjorn Helgaas <bhelgaas@google.com> Cc: Rafael J. Wysocki <rafael@kernel.org> Cc: Lukas Wunner <lukas@wunner.de> Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Reference: https://patchwork.kernel.org/patch/9289777/ Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
UBUNTU: SAUCE: powerpc/pseries: Increase RMA size to 512MB.
BugLink: http://bugs.launchpad.net/bugs/1614309
When trying to boot large kernel and initrd images on large systems
(with hundreds of CPUs and Terabytes of memory), we sometimes run out
of memory for the flattened device tree (FDT).
Increase the memory allocated for the Real Mode Area (RMA) to 512MB to
allow more room for the FDT.
Ben Hutchings [Tue, 16 Aug 2016 16:27:00 +0000 (10:27 -0600)]
UBUNTU: SAUCE: security,perf: Allow further restriction of perf_event_open
https://lkml.org/lkml/2016/1/11/587
The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity. Adds the
option to disable perf_event_open() entirely for unprivileged users.
This standalone version doesn't include making the variable read-only
(or renaming it).
When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.
This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
UBUNTU: SAUCE: Clear Linux: reduce e1000e boot time by tightening sleep ranges
The e1000e driver is a great user of the usleep_range() API,
and has any nice ranges that in principle help power management.
However the ranges that are used only during system startup are
very long (and can add easily 100 msec to the boot time) while
the power savings of such long ranges is irrelevant due to the
one-off, boot only, nature of these functions.
This patch shrinks some of the longest ranges to be shorter
(while still using a power friendly 1 msec range); this saves
100msec+ of boot time on my BDW NUCs
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>