Paolo Pisati [Thu, 3 Oct 2019 13:48:44 +0000 (13:48 +0000)]
UBUNTU: [Packaging] arm64: snapdragon: switch kernel format to Image
BugLink: https://bugs.launchpad.net/bugs/1846704
Older uboot don't know how to treat Image.gz kernels, and
linux-snapdragon has always used Image as the kernel format target for
that reason: ease the transition by using the same format - starting
with Ubuntu F, we'll switch to Image.gz (and probably merge this
flavour into generic).
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Ori Nimron [Thu, 3 Oct 2019 18:13:18 +0000 (18:13 +0000)]
nfc: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_NFC socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
CVE-2019-17056
Ori Nimron [Thu, 3 Oct 2019 18:13:17 +0000 (18:13 +0000)]
mISDN: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_ISDN socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
CVE-2019-17055
Ori Nimron [Thu, 3 Oct 2019 18:13:16 +0000 (18:13 +0000)]
appletalk: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_APPLETALK socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
CVE-2019-17054
Ori Nimron [Thu, 3 Oct 2019 18:13:15 +0000 (18:13 +0000)]
ieee802154: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_IEEE802154 socket, CAP_NET_RAW needs to be
checked first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Stefan Schmidt <stefan@datenfreihafen.org> Signed-off-by: David S. Miller <davem@davemloft.net>
CVE-2019-17053
Ori Nimron [Thu, 3 Oct 2019 18:13:14 +0000 (18:13 +0000)]
ax25: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_AX25 socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
CVE-2019-17052
Hui Peng [Thu, 3 Oct 2019 15:47:27 +0000 (15:47 +0000)]
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
The `ar_usb` field of `ath6kl_usb_pipe_usb_pipe` objects
are initialized to point to the containing `ath6kl_usb` object
according to endpoint descriptors read from the device side, as shown
below in `ath6kl_usb_setup_pipe_resources`:
for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
endpoint = &iface_desc->endpoint[i].desc;
// get the address from endpoint descriptor
pipe_num = ath6kl_usb_get_logical_pipe_num(ar_usb,
endpoint->bEndpointAddress,
&urbcount);
......
// select the pipe object
pipe = &ar_usb->pipes[pipe_num];
// initialize the ar_usb field
pipe->ar_usb = ar_usb;
}
The driver assumes that the addresses reported in endpoint
descriptors from device side to be complete. If a device is
malicious and does not report complete addresses, it may trigger
NULL-ptr-deref `ath6kl_usb_alloc_urb_from_pipe` and
`ath6kl_usb_free_urb_to_pipe`.
This patch fixes the bug by preventing potential NULL-ptr-deref
(CVE-2019-15098).
Kai-Heng Feng [Thu, 3 Oct 2019 15:38:09 +0000 (23:38 +0800)]
x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
BugLink: https://bugs.launchpad.net/bugs/1846470
The AMD FCH USB XHCI Controller advertises support for generating PME#
while in D0. When in D0, it does signal PME# for USB 3.0 connect events,
but not for USB 2.0 or USB 1.1 connect events, which means the controller
doesn't wake correctly for those events.
00:10.0 USB controller [0c03]: Advanced Micro Devices, Inc. [AMD] FCH USB XHCI Controller [1022:7914] (rev 20) (prog-if 30 [XHCI])
Subsystem: Dell FCH USB XHCI Controller [1028:087e]
Capabilities: [50] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Clear PCI_PM_CAP_PME_D0 in dev->pme_support to indicate the device will not
assert PME# from D0 so we don't rely on it.
Seth Forshee [Thu, 3 Oct 2019 21:44:38 +0000 (16:44 -0500)]
UBUNTU: [Debian] final-checks -- ignore archtictures with no binaries
BugLink: https://bugs.launchpad.net/bugs/1846508
Now that i386 is back in the control file, final-checks is
failing again because we produce no binaries and thus have no
abi files. To avoid this, check the $arch.mk file for the
do_flavour_image_package variable. When this is false, no
binaries will be build, so skip final checks for any architecture
where this variable is false.
Seth Forshee [Thu, 3 Oct 2019 12:17:02 +0000 (07:17 -0500)]
UBUNTU: [Packaging] Build only linux-libc-dev for i386
BugLink: https://bugs.launchpad.net/bugs/1846508
Even though we aren't producing i386 kernels anymore, we still
need to produce a linux-libc-dev package. Re-enable building only
this package for i386.
Acked-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1845820
Avoid a regression on ThunderX - and likely other systems - that
causes peripherals to break due to a misconfigured IOMMU. This disables
a temporary config option provided by upstream to intentionally break
systems that require the less secure passthrough mode. It's too late
in the cycle to fix ThunderX properly and, since this is a new config
in this Ubuntu release, disabling it does not introduce a security
regression from previous releases.
As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling
bypass by default"), this config will eventually be removed upstream, so
Ubuntu will drop this workaround via a normal rebase, if not before.
Signed-off-by: dann frazier <dann.frazier@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Paolo Pisati <paolo.pisati@canonical.com>
[ saf: fix syntax from "=n" to "is not set" ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com>
[ saf: rewrite commit message to indicate what is fixed by the revert ] Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Seth Forshee [Thu, 3 Oct 2019 15:09:43 +0000 (10:09 -0500)]
UBUNTU: [Debian] Add unstable and bootstrap ppas to getabis
These ppas are used for building development-series kernels, so
add them to getabis to avoid the need for any local hacks when
updating abis from builds which never made it out of the ppas.
UBUNTU: [Debian] final-checks -- Get arch list from debian/control
BugLink: https://bugs.launchpad.net/bugs/1845714
Getting the list of architectures from kernelconfig means we
can't keep i386 in the list for updating configs. Instead get the
list from the control file. This means that the finalchecks
target needs to depend on debian/control.
UBUNTU: [Packaging] Remove x32 arch references from control files
BugLink: https://bugs.launchpad.net/bugs/1845714
These were added for an arch bringup which never happened. Remove
them to facilitate generating a list of supported architectures
from the control file.
UBUNTU: [Debian] Fix conditional for setting zfs debug package path
BugLink: https://bugs.launchpad.net/bugs/1840704
The conditional there now tests for skipdbg=false, which is not
something our build scripts ever set this variable to. Therefore
in practice the condition always evaluates to false, and
dbgpkgdir_zfs is never set in real builds, only in test builds
where the value of skipdbg has been overridden to be false.
Correct this to check for true, and swap the order of then-part
and else-part accordingly.
Acked-by: Andy Whitcroft <apw@canonical.com> Acked-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: [Packaging] Update sphinx build dependencies to python3 packages
BugLink: https://bugs.launchpad.net/bugs/1845808
python2 is nearing eol and has been demoted to universe. Get rid
of our last build dependency on python2 by switching to the
python3 versions of the sphinx tools used for generating the html
documentation.
Acked-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Jerry Snitselaar [Wed, 25 Sep 2019 17:27:05 +0000 (10:27 -0700)]
efi/tpm: only set efi_tpm_final_log_size after successful event log parsing
BugLink: https://bugs.launchpad.net/bugs/1845454
If __calc_tpm2_event_size fails to parse an event it will return 0,
resulting tpm2_calc_event_log_size returning -1. Currently there is
no check of this return value, and efi_tpm_final_log_size can end up
being set to this negative value resulting in a panic like the
the one given below.
Also __calc_tpm2_event_size returns a size of 0 when it fails
to parse an event, so update function documentation to reflect this.
The root cause of the issue that caused the failure of event parsing
in this case is resolved by Peter Jone's patchset dealing with large
event logs where crossing over a page boundary causes the page with
the event count to be unmapped.
Fixes: c46f3405692de ("tpm: Reserve the TPM final events table") Cc: linux-efi@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: stable@vger.kernel.org Cc: Matthew Garrett <mjg59@google.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
(cherry picked from commit c0e71ec75e07043eb7003b9601bc3c4eb1f156cc
git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git) Acked-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Peter Jones [Wed, 25 Sep 2019 10:16:19 +0000 (13:16 +0300)]
efi/tpm: don't traverse an event log with no events
BugLink: https://bugs.launchpad.net/bugs/1845454
When there are no entries to put into the final event log, some machines
will return the template they would have populated anyway. In this case
the nr_events field is 0, but the rest of the log is just garbage.
This patch stops us from trying to iterate the table with
__calc_tpm2_event_size() when the number of events in the table is 0.
Fixes: c46f3405692d ("tpm: Reserve the TPM final events table") Cc: linux-efi@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Peter Jones <pjones@redhat.com> Tested-by: Lyude Paul <lyude@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Acked-by: Matthew Garrett <mjg59@google.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
(cherry picked from commit 1f112c0544b1a6bb49bbf4f7457a7d4bb0d304b6
git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git) Acked-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Peter Jones [Wed, 25 Sep 2019 10:16:18 +0000 (13:16 +0300)]
efi/tpm: Don't access event->count when it isn't mapped.
BugLink: https://bugs.launchpad.net/bugs/1845454
Some machines generate a lot of event log entries. When we're
iterating over them, the code removes the old mapping and adds a
new one, so once we cross the page boundary we're unmapping the page
with the count on it. Hilarity ensues.
This patch keeps the info from the header in local variables so we don't
need to access that page again or keep track of if it's mapped.
Fixes: 44038bc514a2 ("tpm: Abstract crypto agile event size calculations") Cc: linux-efi@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Peter Jones <pjones@redhat.com> Tested-by: Lyude Paul <lyude@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Acked-by: Matthew Garrett <mjg59@google.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
(cherry picked from commit 512fb49c9e547f85c588d063cff8bbeb8fd6a643
git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git) Acked-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: [Debian] Don't use CROSS_COMPILE for i386 configs
BugLink: https://bugs.launchpad.net/bugs/1845714
Since i386 support is being removed in eoan, we will no longer
have cross toolchains to use when updating configs. Stop setting
CROSS_COMPILE for i386 so that the host toolchain will be used
instead.
UBUNTU: [Debian] Remove support for producing i386 kernels
BugLink: https://bugs.launchpad.net/bugs/1845714
i386 will not be a supported architecture in eoan, so drop i386
from our kernel packaging. However, we will still be building
i386 hwe kernel based on eoan, so we will keep the configs and
other bits required for i386 in place.
This causes an early udevadm trigger to fail. On some installer versions of
Ubuntu, this will cause init to exit, thus panicing the system very early
during boot.
Removing the bus_type from the parent device will remove some of the extra
empty files from /sys/devices/vio/, but will keep the rest of the layout for
vio devices, keeping them under /sys/devices/vio/.
It has been tested that uevents for vio devices don't change after this fix,
they still contain MODALIAS.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Jan Höppner [Fri, 27 Sep 2019 15:46:23 +0000 (16:46 +0100)]
UBUNTU: SAUCE: s390/dasd: Fix error handling during online processing
BugLink: https://bugs.launchpad.net/bugs/1845323
It is possible that the CCW commands for reading volume and extent pool
information are not supported, either by the storage server (for
dedicated DASDs) or by z/VM (for virtual devices, such as MDISKs).
As a command reject will occur in such a case, the current error
handling leads to a failing online processing and thus the DASD can't be
used at all.
Since the data being read is not essential for an fully operational
DASD, the error handling can be removed. Information about the failing
command is sent to the s390dbf debug feature.
Fixes: c729696bcf8b ("s390/dasd: Recognise data for ESE volumes") Cc: <stable@vger.kernel.org> # 5.3 Reported-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com> Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1845584
The memory region intel-lpss-pci uses has been declared as
write-combining
[ 0.001728] 5 base 4000000000 mask 6000000000 write-combining
This leads to the system hangs up during booting up.
Tuowen Zhao(ztuowen@gmail.com) provides a diff patch for intel-lpss
driver to claim to use un-cacheable memory while calling
__devm_ioremap(), and it works well. But it haven't been accepted by
maintainer yet.
To avoid the potential impact on other machines, I add a quirk to list
the machines which has the write-combining area in MTRR which overlaps
with the address that intel-lpss uses, only the machines in the list
pass the DEVM_IOREMAP_UC to __devm_ioremap().
Link: https://bugzilla.kernel.org/show_bug.cgi?id=203485 Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Paolo Pisati <paolo.pisati@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1845355
The only caller of hisi_zip_vf_q_assign() is hidden in an #ifdef,
so the function causes a warning when CONFIG_PCI_IOV is disabled:
drivers/crypto/hisilicon/zip/zip_main.c:740:12: error: unused function 'hisi_zip_vf_q_assign' [-Werror,-Wunused-function]
Replace the #ifdef with an IS_ENABLED() check that leads to the
function being dropped based on the configuration.
Fixes: 79e09f30eeba ("crypto: hisilicon - add SRIOV support for ZIP") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit bf6a7a5ad6fa69e48b735be75eeb90569d9584bb) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Reviewed-by: John Garry <john.garry@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit ad3f0a93b639c342abbe8982cc34a3370169c464) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zhou Wang [Fri, 2 Aug 2019 07:57:55 +0000 (15:57 +0800)]
crypto: hisilicon - add debugfs for ZIP and QM
BugLink: https://bugs.launchpad.net/bugs/1845355
HiSilicon ZIP engine driver uses debugfs to provide debug information,
the usage can be found in /Documentation/ABI/testing/debugfs-hisi-zip.
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 72c7a68d2ea34803e9c4ef948261ec6744fc72fc) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 8201fdf49ff0950fa7a0c55a4aeb1ba3d747d404) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zhou Wang [Fri, 2 Aug 2019 07:57:53 +0000 (15:57 +0800)]
crypto: hisilicon - add SRIOV support for ZIP
BugLink: https://bugs.launchpad.net/bugs/1845355
HiSilicon ZIP engine supports PCI SRIOV. This patch enable this feature.
User can enable VFs and pass through them to VM, same ZIP driver can work
in VM to provide ZLIB and GZIP algorithm by crypto acomp interface.
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 79e09f30eeba857b09832209bfc66bd689c58328) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zhou Wang [Fri, 2 Aug 2019 07:57:52 +0000 (15:57 +0800)]
crypto: hisilicon - add HiSilicon ZIP accelerator support
BugLink: https://bugs.launchpad.net/bugs/1845355
The HiSilicon ZIP accelerator implements the zlib and gzip algorithm. It
uses Hisilicon QM as the interface to the CPU.
This patch provides PCIe driver to the accelerator and registers it to
crypto acomp interface. It also uses sgl as data input/output interface.
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Shiju Jose <shiju.jose@huawei.com> Signed-off-by: Kenneth Lee <liguozhu@hisilicon.com> Signed-off-by: Hao Fang <fanghao11@huawei.com> Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Reviewed-by: John Garry <john.garry@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 62c455ca853e3e352e465d66a6cc39f1f88caa60) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zhou Wang [Fri, 2 Aug 2019 07:57:51 +0000 (15:57 +0800)]
crypto: hisilicon - add hardware SGL support
BugLink: https://bugs.launchpad.net/bugs/1845355
HiSilicon accelerators in Hip08 use same hardware scatterlist for data format.
We support it in this module.
Specific accelerator drivers can use hisi_acc_create_sgl_pool to allocate
hardware SGLs ahead. Then use hisi_acc_sg_buf_map_to_hw_sgl to get one
hardware SGL and pass related information to hardware SGL.
The DMA address of mapped hardware SGL can be passed to SGL src/dst field
in QM SQE.
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit dfed0098ab91f647b5720ab6f1e03b5b55139408) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1845355
QM is a general IP used by HiSilicon accelerators. It provides a general
PCIe interface for the CPU and the accelerator to share a group of queues.
A QM integrated in an accelerator provides queue management service.
Queues can be assigned to PF and VFs, and queues can be controlled by
unified mailboxes and doorbells. Specific task request are descripted by
specific description buffer, which will be controlled and pass to related
accelerator IP by QM.
This patch adds a QM driver used by the accelerator driver to access
the QM hardware.
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Kenneth Lee <liguozhu@hisilicon.com> Signed-off-by: Shiju Jose <shiju.jose@huawei.com> Signed-off-by: Hao Fang <fanghao11@huawei.com> Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Reviewed-by: John Garry <john.garry@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 263c9959c9376ec0217d6adc61222a53469eed3c) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: [Config] Build SafeSetID LSM but don't enable it by default
BugLink: https://launchpad.net/bugs/1845391
We can safely build the SafeSetID LSM while leaving it turned off by
default. It will be off by default due to CONFIG_LSM not containing
"safesetid" in our kernel configs. A security-minded system integrator
may want to make use of SafeSetID and can do so by enabling it with the
"lsm" kernel command-line parameter.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johnansen@canonical.com> Acked-by: Steve Beattie <steve.beattie@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://launchpad.net/bugs/1845391
The first time a rule set is configured for SafeSetID, we shouldn't be
trying to release the previously configured ruleset, since there isn't
one. Currently, the pointer that would point to a previously configured
ruleset is uninitialized on first rule set configuration, leading to a
crash when we try to call release_ruleset with that pointer.
Acked-by: Jann Horn <jannh@google.com> Signed-off-by: Micah Morton <mortonm@chromium.org>
(cherry picked from commit 21ab8580b383f27b7f59b84ac1699cb26d6c3d69) Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johnansen@canonical.com> Acked-by: Steve Beattie <steve.beattie@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Mika Westerberg [Wed, 25 Sep 2019 10:06:01 +0000 (13:06 +0300)]
ACPI / property: Add two new Thunderbolt property GUIDs to the list
BugLink: http://bugs.launchpad.net/bugs/1844680
Ice Lake Thunderbolt controller includes two new device property
compatible properties that we need to be able to extract in the driver
so add them to the growing array of GUIDs.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
(cherry picked from commit dfda204198848b47bdb98ab83b94dbb7c7692b55) Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Mika Westerberg [Wed, 25 Sep 2019 10:06:00 +0000 (13:06 +0300)]
thunderbolt: Add support for Intel Ice Lake
BugLink: http://bugs.launchpad.net/bugs/1844680
The Thunderbolt controller is integrated into the Ice Lake CPU itself
and requires special flows to power it on and off using force power bit
in NHI VSEC registers. Runtime PM (RTD3) and Sx flows also differ from
the discrete solutions. Now the firmware notifies the driver whether
RTD3 entry or exit are possible. The driver is responsible of sending
Go2Sx command through link controller mailbox when system enters Sx
states (suspend-to-mem/disk). Rest of the ICM firwmare flows follow
Titan Ridge.
Signed-off-by: Raanan Avargil <raanan.avargil@intel.com> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Reviewed-by: Yehezkel Bernat <YehezkelShB@gmail.com> Tested-by: Mario Limonciello <mario.limonciello@dell.com>
(cherry picked from commit 3cdb9446a117d5d63af823bde6fe6babc312e77b) Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
projects / mirror_ubuntu-eoan-kernel.git / log