diff --git a/0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch b/0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch new file mode 100644 index 000000000..8a2f68f82 --- /dev/null +++ b/0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch @@ -0,0 +1,78 @@ +From 39a8883a2b989d1d21bd8dd99f5557f0c5e89694 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Tue, 17 Jul 2018 18:24:27 -0400 +Subject: [PATCH] random: add a config option to trust the CPU's hwrng + +This gives the user building their own kernel (or a Linux +distribution) the option of deciding whether or not to trust the CPU's +hardware random number generator (e.g., RDRAND for x86 CPU's) as being +correctly implemented and not having a back door introduced (perhaps +courtesy of a Nation State's law enforcement or intelligence +agencies). + +This will prevent getrandom(2) from blocking, if there is a +willingness to trust the CPU manufacturer. + +Signed-off-by: Theodore Ts'o +--- + drivers/char/Kconfig | 14 ++++++++++++++ + drivers/char/random.c | 11 ++++++++++- + 2 files changed, 24 insertions(+), 1 deletion(-) + +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index 212f447938ae..ce277ee0a28a 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -554,3 +554,17 @@ config ADI + + endmenu + ++config RANDOM_TRUST_CPU ++ bool "Trust the CPU manufacturer to initialize Linux's CRNG" ++ depends on X86 || S390 || PPC ++ default n ++ help ++ Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or ++ RDRAND, IBM for the S390 and Power PC architectures) is trustworthy ++ for the purposes of initializing Linux's CRNG. Since this is not ++ something that can be independently audited, this amounts to trusting ++ that CPU manufacturer (perhaps with the insistence or mandate ++ of a Nation State's intelligence or law enforcement agencies) ++ has not installed a hidden back door to compromise the CPU's ++ random number generation facilities. ++ +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 34ddfd57419b..f4013b8a711b 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -782,6 +782,7 @@ static void invalidate_batched_entropy(void); + static void crng_initialize(struct crng_state *crng) + { + int i; ++ int arch_init = 1; + unsigned long rv; + + memcpy(&crng->state[0], "expand 32-byte k", 16); +@@ -792,10 +793,18 @@ static void crng_initialize(struct crng_state *crng) + _get_random_bytes(&crng->state[4], sizeof(__u32) * 12); + for (i = 4; i < 16; i++) { + if (!arch_get_random_seed_long(&rv) && +- !arch_get_random_long(&rv)) ++ !arch_get_random_long(&rv)) { + rv = random_get_entropy(); ++ arch_init = 0; ++ } + crng->state[i] ^= rv; + } ++#ifdef CONFIG_RANDOM_TRUST_CPU ++ if (arch_init) { ++ crng_init = 2; ++ pr_notice("random: crng done (trusting CPU's manufacturer)\n"); ++ } ++#endif + crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; + } + +-- +2.17.1 + diff --git a/0001-random-make-CPU-trust-a-boot-parameter.patch b/0001-random-make-CPU-trust-a-boot-parameter.patch new file mode 100644 index 000000000..33695fcb4 --- /dev/null +++ b/0001-random-make-CPU-trust-a-boot-parameter.patch @@ -0,0 +1,82 @@ +From 9b25436662d5fb4c66eb527ead53cab15f596ee0 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Mon, 27 Aug 2018 14:51:54 -0700 +Subject: [PATCH] random: make CPU trust a boot parameter + +Instead of forcing a distro or other system builder to choose +at build time whether the CPU is trusted for CRNG seeding via +CONFIG_RANDOM_TRUST_CPU, provide a boot-time parameter for end users to +control the choice. The CONFIG will set the default state instead. + +Signed-off-by: Kees Cook +Signed-off-by: Theodore Ts'o +--- + Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ + drivers/char/Kconfig | 4 ++-- + drivers/char/random.c | 11 ++++++++--- + 3 files changed, 16 insertions(+), 5 deletions(-) + +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 0c8f7889efa1..227c5c6fa4c1 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -3390,6 +3390,12 @@ + ramdisk_size= [RAM] Sizes of RAM disks in kilobytes + See Documentation/blockdev/ramdisk.txt. + ++ random.trust_cpu={on,off} ++ [KNL] Enable or disable trusting the use of the ++ CPU's random number generator (if available) to ++ fully seed the kernel's CRNG. Default is controlled ++ by CONFIG_RANDOM_TRUST_CPU. ++ + ras=option[,option,...] [KNL] RAS-specific options + + cec_disable [X86] +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index ce277ee0a28a..40728491f37b 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -566,5 +566,5 @@ config RANDOM_TRUST_CPU + that CPU manufacturer (perhaps with the insistence or mandate + of a Nation State's intelligence or law enforcement agencies) + has not installed a hidden back door to compromise the CPU's +- random number generation facilities. +- ++ random number generation facilities. This can also be configured ++ at boot with "random.trust_cpu=on/off". +diff --git a/drivers/char/random.c b/drivers/char/random.c +index bf5f99fc36f1..c75b6cdf0053 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -779,6 +779,13 @@ static struct crng_state **crng_node_pool __read_mostly; + + static void invalidate_batched_entropy(void); + ++static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU); ++static int __init parse_trust_cpu(char *arg) ++{ ++ return kstrtobool(arg, &trust_cpu); ++} ++early_param("random.trust_cpu", parse_trust_cpu); ++ + static void crng_initialize(struct crng_state *crng) + { + int i; +@@ -799,12 +806,10 @@ static void crng_initialize(struct crng_state *crng) + } + crng->state[i] ^= rv; + } +-#ifdef CONFIG_RANDOM_TRUST_CPU +- if (arch_init) { ++ if (trust_cpu && arch_init) { + crng_init = 2; + pr_notice("random: crng done (trusting CPU's manufacturer)\n"); + } +-#endif + crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; + } + +-- +2.17.1 + diff --git a/CVE-2018-5391-additional.patch b/CVE-2018-5391-additional.patch new file mode 100644 index 000000000..47c9be758 --- /dev/null +++ b/CVE-2018-5391-additional.patch @@ -0,0 +1,110 @@ +From 5d407b071dc369c26a38398326ee2be53651cfe4 Mon Sep 17 00:00:00 2001 +From: Taehee Yoo +Date: Mon, 10 Sep 2018 02:47:05 +0900 +Subject: [PATCH] ip: frags: fix crash in ip_do_fragment() + +A kernel crash occurrs when defragmented packet is fragmented +in ip_do_fragment(). +In defragment routine, skb_orphan() is called and +skb->ip_defrag_offset is set. but skb->sk and +skb->ip_defrag_offset are same union member. so that +frag->sk is not NULL. +Hence crash occurrs in skb->sk check routine in ip_do_fragment() when +defragmented packet is fragmented. + +test commands: + %iptables -t nat -I POSTROUTING -j MASQUERADE + %hping3 192.168.4.2 -s 1000 -p 2000 -d 60000 + +splat looks like: +[ 261.069429] kernel BUG at net/ipv4/ip_output.c:636! +[ 261.075753] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI +[ 261.083854] CPU: 1 PID: 1349 Comm: hping3 Not tainted 4.19.0-rc2+ #3 +[ 261.100977] RIP: 0010:ip_do_fragment+0x1613/0x2600 +[ 261.106945] Code: e8 e2 38 e3 fe 4c 8b 44 24 18 48 8b 74 24 08 e9 92 f6 ff ff 80 3c 02 00 0f 85 da 07 00 00 48 8b b5 d0 00 00 00 e9 25 f6 ff ff <0f> 0b 0f 0b 44 8b 54 24 58 4c 8b 4c 24 18 4c 8b 5c 24 60 4c 8b 6c +[ 261.127015] RSP: 0018:ffff8801031cf2c0 EFLAGS: 00010202 +[ 261.134156] RAX: 1ffff1002297537b RBX: ffffed0020639e6e RCX: 0000000000000004 +[ 261.142156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880114ba9bd8 +[ 261.150157] RBP: ffff880114ba8a40 R08: ffffed0022975395 R09: ffffed0022975395 +[ 261.158157] R10: 0000000000000001 R11: ffffed0022975394 R12: ffff880114ba9ca4 +[ 261.166159] R13: 0000000000000010 R14: ffff880114ba9bc0 R15: dffffc0000000000 +[ 261.174169] FS: 00007fbae2199700(0000) GS:ffff88011b400000(0000) knlGS:0000000000000000 +[ 261.183012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 261.189013] CR2: 00005579244fe000 CR3: 0000000119bf4000 CR4: 00000000001006e0 +[ 261.198158] Call Trace: +[ 261.199018] ? dst_output+0x180/0x180 +[ 261.205011] ? save_trace+0x300/0x300 +[ 261.209018] ? ip_copy_metadata+0xb00/0xb00 +[ 261.213034] ? sched_clock_local+0xd4/0x140 +[ 261.218158] ? kill_l4proto+0x120/0x120 [nf_conntrack] +[ 261.223014] ? rt_cpu_seq_stop+0x10/0x10 +[ 261.227014] ? find_held_lock+0x39/0x1c0 +[ 261.233008] ip_finish_output+0x51d/0xb50 +[ 261.237006] ? ip_fragment.constprop.56+0x220/0x220 +[ 261.243011] ? nf_ct_l4proto_register_one+0x5b0/0x5b0 [nf_conntrack] +[ 261.250152] ? rcu_is_watching+0x77/0x120 +[ 261.255010] ? nf_nat_ipv4_out+0x1e/0x2b0 [nf_nat_ipv4] +[ 261.261033] ? nf_hook_slow+0xb1/0x160 +[ 261.265007] ip_output+0x1c7/0x710 +[ 261.269005] ? ip_mc_output+0x13f0/0x13f0 +[ 261.273002] ? __local_bh_enable_ip+0xe9/0x1b0 +[ 261.278152] ? ip_fragment.constprop.56+0x220/0x220 +[ 261.282996] ? nf_hook_slow+0xb1/0x160 +[ 261.287007] raw_sendmsg+0x21f9/0x4420 +[ 261.291008] ? dst_output+0x180/0x180 +[ 261.297003] ? sched_clock_cpu+0x126/0x170 +[ 261.301003] ? find_held_lock+0x39/0x1c0 +[ 261.306155] ? stop_critical_timings+0x420/0x420 +[ 261.311004] ? check_flags.part.36+0x450/0x450 +[ 261.315005] ? _raw_spin_unlock_irq+0x29/0x40 +[ 261.320995] ? _raw_spin_unlock_irq+0x29/0x40 +[ 261.326142] ? cyc2ns_read_end+0x10/0x10 +[ 261.330139] ? raw_bind+0x280/0x280 +[ 261.334138] ? sched_clock_cpu+0x126/0x170 +[ 261.338995] ? check_flags.part.36+0x450/0x450 +[ 261.342991] ? __lock_acquire+0x4500/0x4500 +[ 261.348994] ? inet_sendmsg+0x11c/0x500 +[ 261.352989] ? dst_output+0x180/0x180 +[ 261.357012] inet_sendmsg+0x11c/0x500 +[ ... ] + +v2: + - clear skb->sk at reassembly routine.(Eric Dumarzet) + +Fixes: fa0f527358bd ("ip: use rb trees for IP frag queue.") +Suggested-by: Eric Dumazet +Signed-off-by: Taehee Yoo +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +--- + net/ipv4/ip_fragment.c | 1 + + net/ipv6/netfilter/nf_conntrack_reasm.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c +index 88281fbce88c..e7227128df2c 100644 +--- a/net/ipv4/ip_fragment.c ++++ b/net/ipv4/ip_fragment.c +@@ -599,6 +599,7 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *skb, + nextp = &fp->next; + fp->prev = NULL; + memset(&fp->rbnode, 0, sizeof(fp->rbnode)); ++ fp->sk = NULL; + head->data_len += fp->len; + head->len += fp->len; + if (head->ip_summed != fp->ip_summed) +diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c +index 2a14d8b65924..8f68a518d9db 100644 +--- a/net/ipv6/netfilter/nf_conntrack_reasm.c ++++ b/net/ipv6/netfilter/nf_conntrack_reasm.c +@@ -445,6 +445,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff *prev, struct net_devic + else if (head->ip_summed == CHECKSUM_COMPLETE) + head->csum = csum_add(head->csum, fp->csum); + head->truesize += fp->truesize; ++ fp->sk = NULL; + } + sub_frag_mem_limit(fq->q.net, head->truesize); + +-- +2.17.1 + diff --git a/HID-fixes.patch b/HID-fixes.patch new file mode 100644 index 000000000..c934baad7 --- /dev/null +++ b/HID-fixes.patch @@ -0,0 +1,406 @@ +From patchwork Tue Sep 4 13:31:12 2018 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Benjamin Tissoires +X-Patchwork-Id: 10587363 +Return-Path: +Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org + [172.30.200.125]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C6F0A13AC + for ; + Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B853A297E4 + for ; + Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) + id B5F90298AD; Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + pdx-wl-mail.web.codeaurora.org +X-Spam-Level: +X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, + RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 +Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 59B642985E + for ; + Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S1727136AbeIDR4q (ORCPT + ); + Tue, 4 Sep 2018 13:56:46 -0400 +Received: from mx3-rdu2.redhat.com ([66.187.233.73]:54264 "EHLO + mx1.redhat.com" + rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP + id S1727057AbeIDR4q (ORCPT ); + Tue, 4 Sep 2018 13:56:46 -0400 +Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com + [10.11.54.5]) + (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) + (No client certificate requested) + by mx1.redhat.com (Postfix) with ESMTPS id AEC9A804B9F2; + Tue, 4 Sep 2018 13:31:36 +0000 (UTC) +Received: from plouf.redhat.com (ovpn-116-25.ams2.redhat.com [10.36.116.25]) + by smtp.corp.redhat.com (Postfix) with ESMTP id 88B24A9EF9; + Tue, 4 Sep 2018 13:31:35 +0000 (UTC) +From: Benjamin Tissoires +To: Jiri Kosina , + Dmitry Torokhov +Cc: Benjamin Tissoires , + linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, + stable@vger.kernel.org +Subject: [PATCH 1/4] HID: multitouch: fix Elan panels with 2 input modes + declaration +Date: Tue, 4 Sep 2018 15:31:12 +0200 +Message-Id: <20180904133115.5111-2-benjamin.tissoires@redhat.com> +In-Reply-To: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +References: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 +X-Greylist: Sender IP whitelisted, + not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); + Tue, 04 Sep 2018 13:31:36 +0000 (UTC) +X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); + Tue, + 04 Sep 2018 13:31:36 +0000 (UTC) for IP:'10.11.54.5' + DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' + HELO:'smtp.corp.redhat.com' FROM:'benjamin.tissoires@redhat.com' RCPT:'' +Sender: linux-input-owner@vger.kernel.org +Precedence: bulk +List-ID: +X-Mailing-List: linux-input@vger.kernel.org +X-Virus-Scanned: ClamAV using ClamSMTP + +When implementing commit 7f81c8db5489 ("HID: multitouch: simplify +the settings of the various features"), I wrongly removed a test +that made sure we never try to set the second InputMode feature +to something else than 0. + +This broke badly some recent Elan panels that now forget to send the +click button in some area of the touchpad. + +Fixes 7f81c8db5489 + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=200899 + +Cc: stable@vger.kernel.org # v4.18+ +Signed-off-by: Benjamin Tissoires +--- + drivers/hid/hid-multitouch.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c +index 40fbb7c52723..88da991ef256 100644 +--- a/drivers/hid/hid-multitouch.c ++++ b/drivers/hid/hid-multitouch.c +@@ -1375,7 +1375,8 @@ static bool mt_need_to_apply_feature(struct hid_device *hdev, + struct hid_usage *usage, + enum latency_mode latency, + bool surface_switch, +- bool button_switch) ++ bool button_switch, ++ bool *inputmode_found) + { + struct mt_device *td = hid_get_drvdata(hdev); + struct mt_class *cls = &td->mtclass; +@@ -1387,6 +1388,14 @@ static bool mt_need_to_apply_feature(struct hid_device *hdev, + + switch (usage->hid) { + case HID_DG_INPUTMODE: ++ /* ++ * Some elan panels wrongly declare 2 input mode features, ++ * and silently ignore when we set the value in the second ++ * field. Skip the second feature and hope for the best. ++ */ ++ if (*inputmode_found) ++ return false; ++ + if (cls->quirks & MT_QUIRK_FORCE_GET_FEATURE) { + report_len = hid_report_len(report); + buf = hid_alloc_report_buf(report, GFP_KERNEL); +@@ -1402,6 +1411,7 @@ static bool mt_need_to_apply_feature(struct hid_device *hdev, + } + + field->value[index] = td->inputmode_value; ++ *inputmode_found = true; + return true; + + case HID_DG_CONTACTMAX: +@@ -1439,6 +1449,7 @@ static void mt_set_modes(struct hid_device *hdev, enum latency_mode latency, + struct hid_usage *usage; + int i, j; + bool update_report; ++ bool inputmode_found = false; + + rep_enum = &hdev->report_enum[HID_FEATURE_REPORT]; + list_for_each_entry(rep, &rep_enum->report_list, list) { +@@ -1457,7 +1468,8 @@ static void mt_set_modes(struct hid_device *hdev, enum latency_mode latency, + usage, + latency, + surface_switch, +- button_switch)) ++ button_switch, ++ &inputmode_found)) + update_report = true; + } + } + +From patchwork Tue Sep 4 13:31:13 2018 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Benjamin Tissoires +X-Patchwork-Id: 10587365 +Return-Path: +Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org + [172.30.200.125]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0CE7013BB + for ; + Tue, 4 Sep 2018 13:31:43 +0000 (UTC) +Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F2E1E29869 + for ; + Tue, 4 Sep 2018 13:31:42 +0000 (UTC) +Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) + id F10BF2988D; Tue, 4 Sep 2018 13:31:42 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + pdx-wl-mail.web.codeaurora.org +X-Spam-Level: +X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, + RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 +Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AA59D29869 + for ; + Tue, 4 Sep 2018 13:31:42 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S1727401AbeIDR4u (ORCPT + ); + Tue, 4 Sep 2018 13:56:50 -0400 +Received: from mx3-rdu2.redhat.com ([66.187.233.73]:46152 "EHLO + mx1.redhat.com" + rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP + id S1727057AbeIDR4u (ORCPT ); + Tue, 4 Sep 2018 13:56:50 -0400 +Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com + [10.11.54.5]) + (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) + (No client certificate requested) + by mx1.redhat.com (Postfix) with ESMTPS id E039740241C8; + Tue, 4 Sep 2018 13:31:40 +0000 (UTC) +Received: from plouf.redhat.com (ovpn-116-25.ams2.redhat.com [10.36.116.25]) + by smtp.corp.redhat.com (Postfix) with ESMTP id DC6AEA9EFD; + Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +From: Benjamin Tissoires +To: Jiri Kosina , + Dmitry Torokhov +Cc: Benjamin Tissoires , + linux-input@vger.kernel.org, linux-kernel@vger.kernel.org +Subject: [PATCH 2/4] HID: input: do not append a suffix if the name already + has it +Date: Tue, 4 Sep 2018 15:31:13 +0200 +Message-Id: <20180904133115.5111-3-benjamin.tissoires@redhat.com> +In-Reply-To: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +References: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 +X-Greylist: Sender IP whitelisted, + not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); + Tue, 04 Sep 2018 13:31:40 +0000 (UTC) +X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); + Tue, + 04 Sep 2018 13:31:40 +0000 (UTC) for IP:'10.11.54.5' + DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' + HELO:'smtp.corp.redhat.com' FROM:'benjamin.tissoires@redhat.com' RCPT:'' +Sender: linux-input-owner@vger.kernel.org +Precedence: bulk +List-ID: +X-Mailing-List: linux-input@vger.kernel.org +X-Virus-Scanned: ClamAV using ClamSMTP + +Or it creates some weird input names like: +"MI Dongle MI Wireless Mouse Mouse" + +Signed-off-by: Benjamin Tissoires +--- + drivers/hid/hid-input.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c +index ac201817a2dd..1e9ba8f7a16b 100644 +--- a/drivers/hid/hid-input.c ++++ b/drivers/hid/hid-input.c +@@ -1516,6 +1516,7 @@ static struct hid_input *hidinput_allocate(struct hid_device *hid, + struct hid_input *hidinput = kzalloc(sizeof(*hidinput), GFP_KERNEL); + struct input_dev *input_dev = input_allocate_device(); + const char *suffix = NULL; ++ size_t suffix_len, name_len; + + if (!hidinput || !input_dev) + goto fail; +@@ -1559,10 +1560,15 @@ static struct hid_input *hidinput_allocate(struct hid_device *hid, + } + + if (suffix) { +- hidinput->name = kasprintf(GFP_KERNEL, "%s %s", +- hid->name, suffix); +- if (!hidinput->name) +- goto fail; ++ name_len = strlen(hid->name); ++ suffix_len = strlen(suffix); ++ if ((name_len < suffix_len) || ++ strcmp(hid->name + name_len - suffix_len, suffix)) { ++ hidinput->name = kasprintf(GFP_KERNEL, "%s %s", ++ hid->name, suffix); ++ if (!hidinput->name) ++ goto fail; ++ } + } + + input_set_drvdata(input_dev, hid); + +From patchwork Tue Sep 4 13:31:14 2018 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Benjamin Tissoires +X-Patchwork-Id: 10587369 +Return-Path: +Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org + [172.30.200.125]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5F2F2175A + for ; + Tue, 4 Sep 2018 13:32:00 +0000 (UTC) +Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4F1E4297D5 + for ; + Tue, 4 Sep 2018 13:32:00 +0000 (UTC) +Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) + id 418FE297FE; Tue, 4 Sep 2018 13:32:00 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + pdx-wl-mail.web.codeaurora.org +X-Spam-Level: +X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, + RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 +Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C746C297D5 + for ; + Tue, 4 Sep 2018 13:31:59 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S1727490AbeIDR44 (ORCPT + ); + Tue, 4 Sep 2018 13:56:56 -0400 +Received: from mx3-rdu2.redhat.com ([66.187.233.73]:60400 "EHLO + mx1.redhat.com" + rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP + id S1727057AbeIDR4z (ORCPT ); + Tue, 4 Sep 2018 13:56:55 -0400 +Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com + [10.11.54.5]) + (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) + (No client certificate requested) + by mx1.redhat.com (Postfix) with ESMTPS id 640FC4023842; + Tue, 4 Sep 2018 13:31:46 +0000 (UTC) +Received: from plouf.redhat.com (ovpn-116-25.ams2.redhat.com [10.36.116.25]) + by smtp.corp.redhat.com (Postfix) with ESMTP id 6F8E8A9EF7; + Tue, 4 Sep 2018 13:31:43 +0000 (UTC) +From: Benjamin Tissoires +To: Jiri Kosina , + Dmitry Torokhov +Cc: Benjamin Tissoires , + linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, + stable@vger.kernel.org +Subject: [PATCH 3/4] HID: core: fix grouping by application +Date: Tue, 4 Sep 2018 15:31:14 +0200 +Message-Id: <20180904133115.5111-4-benjamin.tissoires@redhat.com> +In-Reply-To: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +References: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 +X-Greylist: Sender IP whitelisted, + not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); + Tue, 04 Sep 2018 13:31:46 +0000 (UTC) +X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); + Tue, + 04 Sep 2018 13:31:46 +0000 (UTC) for IP:'10.11.54.5' + DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' + HELO:'smtp.corp.redhat.com' FROM:'benjamin.tissoires@redhat.com' RCPT:'' +Sender: linux-input-owner@vger.kernel.org +Precedence: bulk +List-ID: +X-Mailing-List: linux-input@vger.kernel.org +X-Virus-Scanned: ClamAV using ClamSMTP + +commit f07b3c1da92d ("HID: generic: create one input report per +application type") was effectively the same as MULTI_INPUT: +hidinput->report was never set, so hidinput_match_application() +always returned null. + +Fix that by testing against the real application. + +Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT +instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward +compatibility on all non-Win8 touchscreens. + +link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 +link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 +link: https://bugs.archlinux.org/task/59699 +link: https://github.com/NixOS/nixpkgs/issues/45165 + +Cc: stable@vger.kernel.org # v4.18+ +Signed-off-by: Benjamin Tissoires +--- + +This replaces https://patchwork.kernel.org/patch/10583471/ +A proper fix is better than a revert. + + drivers/hid/hid-input.c | 4 ++-- + drivers/hid/hid-multitouch.c | 3 +++ + include/linux/hid.h | 1 + + 3 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c +index 1e9ba8f7a16b..907b08e50a9b 100644 +--- a/drivers/hid/hid-input.c ++++ b/drivers/hid/hid-input.c +@@ -1588,6 +1588,7 @@ static struct hid_input *hidinput_allocate(struct hid_device *hid, + input_dev->dev.parent = &hid->dev; + + hidinput->input = input_dev; ++ hidinput->application = application; + list_add_tail(&hidinput->list, &hid->inputs); + + INIT_LIST_HEAD(&hidinput->reports); +@@ -1683,8 +1684,7 @@ static struct hid_input *hidinput_match_application(struct hid_report *report) + struct hid_input *hidinput; + + list_for_each_entry(hidinput, &hid->inputs, list) { +- if (hidinput->report && +- hidinput->report->application == report->application) ++ if (hidinput->application == report->application) + return hidinput; + } + +diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c +index 88da991ef256..da954f3f4da7 100644 +--- a/drivers/hid/hid-multitouch.c ++++ b/drivers/hid/hid-multitouch.c +@@ -1697,6 +1697,9 @@ static int mt_probe(struct hid_device *hdev, const struct hid_device_id *id) + */ + hdev->quirks |= HID_QUIRK_INPUT_PER_APP; + ++ if (id->group != HID_GROUP_MULTITOUCH_WIN_8) ++ hdev->quirks |= HID_QUIRK_MULTI_INPUT; ++ + timer_setup(&td->release_timer, mt_expired_timeout, 0); + + ret = hid_parse(hdev); +diff --git a/include/linux/hid.h b/include/linux/hid.h +index 834e6461a690..d44a78362942 100644 +--- a/include/linux/hid.h ++++ b/include/linux/hid.h +@@ -526,6 +526,7 @@ struct hid_input { + const char *name; + bool registered; + struct list_head reports; /* the list of reports */ ++ unsigned int application; /* application usage for this input */ + }; + + enum hid_type { + diff --git a/configs/fedora/generic/CONFIG_RANDOM_TRUST_CPU b/configs/fedora/generic/CONFIG_RANDOM_TRUST_CPU new file mode 100644 index 000000000..f79be1a54 --- /dev/null +++ b/configs/fedora/generic/CONFIG_RANDOM_TRUST_CPU @@ -0,0 +1 @@ +CONFIG_RANDOM_TRUST_CPU=y diff --git a/configs/fedora/generic/s390x/CONFIG_EXPOLINE_AUTO b/configs/fedora/generic/s390x/CONFIG_EXPOLINE_AUTO new file mode 100644 index 000000000..465c4673e --- /dev/null +++ b/configs/fedora/generic/s390x/CONFIG_EXPOLINE_AUTO @@ -0,0 +1 @@ +CONFIG_EXPOLINE_AUTO=y diff --git a/configs/fedora/generic/s390x/CONFIG_EXPOLINE_FULL b/configs/fedora/generic/s390x/CONFIG_EXPOLINE_FULL new file mode 100644 index 000000000..b6ea26036 --- /dev/null +++ b/configs/fedora/generic/s390x/CONFIG_EXPOLINE_FULL @@ -0,0 +1 @@ +# CONFIG_EXPOLINE_FULL is not set diff --git a/configs/fedora/generic/s390x/CONFIG_EXPOLINE_MEDIUM b/configs/fedora/generic/s390x/CONFIG_EXPOLINE_MEDIUM deleted file mode 100644 index 82c8370c3..000000000 --- a/configs/fedora/generic/s390x/CONFIG_EXPOLINE_MEDIUM +++ /dev/null @@ -1 +0,0 @@ -CONFIG_EXPOLINE_MEDIUM=y diff --git a/configs/fedora/generic/s390x/CONFIG_KERNEL_NOBP b/configs/fedora/generic/s390x/CONFIG_KERNEL_NOBP index b3c291602..dd71bbe4a 100644 --- a/configs/fedora/generic/s390x/CONFIG_KERNEL_NOBP +++ b/configs/fedora/generic/s390x/CONFIG_KERNEL_NOBP @@ -1 +1 @@ -CONFIG_KERNEL_NOBP=y +# CONFIG_KERNEL_NOBP is not set diff --git a/efi-x86-call-parse-options-from-efi-main.patch b/efi-x86-call-parse-options-from-efi-main.patch new file mode 100644 index 000000000..44fb01d00 --- /dev/null +++ b/efi-x86-call-parse-options-from-efi-main.patch @@ -0,0 +1,58 @@ +From 5f5251591ad0e9ae2e446eca48e27ac251c0d14b Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 12 Sep 2018 20:32:05 +0200 +Subject: [PATCH] efi/x86: Call efi_parse_options() from efi_main() + +Before this commit we were only calling efi_parse_options() from +make_boot_params(), but make_boot_params() only gets called if the +kernel gets booted directly as an EFI executable. So when booted through +e.g. grub we ended up not parsing the commandline in the boot code. + +This makes the drivers/firmware/efi/libstub code ignore the "quiet" +commandline argument resulting in the following message being printed: +"EFI stub: UEFI Secure Boot is enabled." + +Despite the quiet request. This commits adds an extra call to +efi_parse_options() to efi_main() to make sure that the options are +always processed. This fixes quiet not working. + +This also fixes the libstub code ignoring nokaslr and efi=nochunk. + +Reported-by: Peter Robinson +Signed-off-by: Hans de Goede +Signed-off-by: Ard Biesheuvel +--- + arch/x86/boot/compressed/eboot.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index e98522e..8aa6f96 100644 +--- a/arch/x86/boot/compressed/eboot.c ++++ b/arch/x86/boot/compressed/eboot.c +@@ -918,6 +918,7 @@ struct boot_params *efi_main(struct efi_config *c, + struct desc_struct *desc; + void *handle; + efi_system_table_t *_table; ++ unsigned long cmdline_paddr; + bool is64; + + efi_early = c; +@@ -937,6 +938,15 @@ struct boot_params *efi_main(struct efi_config *c, + else + setup_boot_services32(efi_early); + ++ /* ++ * make_boot_params() may have been called before efi_main(), in which ++ * case this is the second time we parse the cmdline. This is ok, ++ * parsing the cmdline multiple times does not have side-effects. ++ */ ++ cmdline_paddr = ((u64)hdr->cmd_line_ptr | ++ ((u64)boot_params->ext_cmd_line_ptr << 32)); ++ efi_parse_options((char *)cmdline_paddr); ++ + /* + * If the boot loader gave us a value for secure_boot then we use that, + * otherwise we ask the BIOS. +-- +2.19.0.rc1 + diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index e541e683f..bfca042dd 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -4653,6 +4653,7 @@ CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MODULE_REGION_FULL=y +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-aarch64.config b/kernel-aarch64.config index b9f5a5b13..6a6d403b1 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -4630,6 +4630,7 @@ CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MODULE_REGION_FULL=y +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 2163c9d3f..96152515d 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -4927,6 +4927,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 93264c3c1..eab58da03 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -4652,6 +4652,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index 4d60ac8d3..7e21d6a62 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -4629,6 +4629,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 3a21c2a1c..d99f68ea5 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -4904,6 +4904,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index 4df33ecab..8bb52324b 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -4381,6 +4381,7 @@ CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index eeebe7911..c4f37cf4b 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -4405,6 +4405,7 @@ CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index 485f38cc8..15de8dae9 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -4405,6 +4405,7 @@ CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-i686.config b/kernel-i686.config index 355359352..e3008bd4a 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -4381,6 +4381,7 @@ CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 183eba1da..f738a60ea 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -4148,6 +4148,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index b48434f3e..3ca9d47fb 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -4122,6 +4122,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index 1a2147560..d0c414b44 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1357,9 +1357,8 @@ CONFIG_ETHERNET=y # CONFIG_EXOFS_DEBUG is not set # CONFIG_EXOFS_FS is not set # CONFIG_EXPERT is not set -# CONFIG_EXPOLINE_AUTO is not set -CONFIG_EXPOLINE_FULL=y -CONFIG_EXPOLINE_MEDIUM=y +CONFIG_EXPOLINE_AUTO=y +# CONFIG_EXPOLINE_FULL is not set # CONFIG_EXPOLINE_OFF is not set CONFIG_EXPOLINE=y CONFIG_EXPORTFS=y @@ -2445,7 +2444,7 @@ CONFIG_KERNEL_GZIP=y # CONFIG_KERNEL_LZ4 is not set # CONFIG_KERNEL_LZMA is not set # CONFIG_KERNEL_LZO is not set -CONFIG_KERNEL_NOBP=y +# CONFIG_KERNEL_NOBP is not set # CONFIG_KERNEL_XZ is not set CONFIG_KEXEC_FILE=y CONFIG_KEXEC=y @@ -4040,6 +4039,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set CONFIG_RAW_DRIVER=y diff --git a/kernel-s390x.config b/kernel-s390x.config index 697f5d9cd..559002a51 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1344,9 +1344,8 @@ CONFIG_ETHERNET=y # CONFIG_EXOFS_DEBUG is not set # CONFIG_EXOFS_FS is not set # CONFIG_EXPERT is not set -# CONFIG_EXPOLINE_AUTO is not set -CONFIG_EXPOLINE_FULL=y -CONFIG_EXPOLINE_MEDIUM=y +CONFIG_EXPOLINE_AUTO=y +# CONFIG_EXPOLINE_FULL is not set # CONFIG_EXPOLINE_OFF is not set CONFIG_EXPOLINE=y CONFIG_EXPORTFS=y @@ -2422,7 +2421,7 @@ CONFIG_KERNEL_GZIP=y # CONFIG_KERNEL_LZ4 is not set # CONFIG_KERNEL_LZMA is not set # CONFIG_KERNEL_LZO is not set -CONFIG_KERNEL_NOBP=y +# CONFIG_KERNEL_NOBP is not set # CONFIG_KERNEL_XZ is not set CONFIG_KEXEC_FILE=y CONFIG_KEXEC=y @@ -4014,6 +4013,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set CONFIG_RAW_DRIVER=y diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index fe46a50ae..7150560c3 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -4449,6 +4449,7 @@ CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-x86_64.config b/kernel-x86_64.config index a33ff6b59..7ba5ef998 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -4425,6 +4425,7 @@ CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel.spec b/kernel.spec index 56c8cc5b2..59baf2d85 100644 --- a/kernel.spec +++ b/kernel.spec @@ -561,6 +561,10 @@ Patch211: drm-i915-hush-check-crtc-state.patch Patch212: efi-secureboot.patch Patch213: lockdown-fix-coordination-of-kernel-module-signature-verification.patch +# Fix printing of "EFI stub: UEFI Secure Boot is enabled.", +# queued upstream in efi.git/next +Patch214: efi-x86-call-parse-options-from-efi-main.patch + # 300 - ARM patches Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch @@ -655,6 +659,16 @@ Patch530: 0010-fbcon-Do-not-takeover-the-console-from-atomic-contex.patch # CVE-2018-15471 rhbz 1610555 1618414 Patch531: xsa270.patch +# rhbz 1627963 1628715 +Patch532: HID-fixes.patch + +# rhbz 1572944 +Patch533: 0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch +Patch534: 0001-random-make-CPU-trust-a-boot-parameter.patch + +# Additional Fixes for CVE-2018-5391 +# Patch535: CVE-2018-5391-additional.patch + # END OF PATCH DEFINITIONS %endif @@ -1914,6 +1928,18 @@ fi # # %changelog +* Fri Sep 14 2018 Justin M. Forbes +- Additional Fixes for CVE-2018-5391 (rhbz 1616059) + +* Thu Sep 13 2018 Laura Abbott +- Use the CPU RNG for entropy (rhbz 1572944) + +* Thu Sep 13 2018 Laura Abbott +- HID fixes (rhbz 1627963 1628715) + +* Thu Sep 13 2018 Hans de Goede +- Add patch silencing "EFI stub: UEFI Secure Boot is enabled." at boot + * Mon Sep 10 2018 Peter Robinson - Add 96boards rk3399 Ficus and Rock960 support