diff --git a/.gitignore b/.gitignore index a23ef2db8..b30f1f64f 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ clog *.rpm *.orig kernel-[23].*/ +perf-man-*.tar.gz diff --git a/0001-HID-usbhid-Add-HID_QUIRK_NOGET-for-Aten-DVI-KVM-swit.patch b/0001-HID-usbhid-Add-HID_QUIRK_NOGET-for-Aten-DVI-KVM-swit.patch new file mode 100644 index 000000000..d1859af28 --- /dev/null +++ b/0001-HID-usbhid-Add-HID_QUIRK_NOGET-for-Aten-DVI-KVM-swit.patch @@ -0,0 +1,52 @@ +From 25c1b8af5b11bd1dbd17d0c1212586bb56ec4efd Mon Sep 17 00:00:00 2001 +From: Laura Abbott +Date: Fri, 8 May 2015 14:13:56 -0700 +Subject: [PATCH] HID: usbhid: Add HID_QUIRK_NOGET for Aten DVI KVM switch +To: Jiri Kosina +Cc: linux-input@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Cc: linux-usb@vger.kernel.org +Cc: stephane.tranchemer@devinci.fr + +Like other KVM switches, the Aten DVI KVM switch needs a +quirk to avoid spewing errors: + +[791759.606542] usb 1-5.4: input irq status -75 received +[791759.614537] usb 1-5.4: input irq status -75 received +[791759.622542] usb 1-5.4: input irq status -75 received + +Add it. + +Signed-off-by: Laura Abbott +--- + drivers/hid/hid-ids.h | 1 + + drivers/hid/usbhid/hid-quirks.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h +index 41f167e..7ce93d9 100644 +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -164,6 +164,7 @@ + #define USB_DEVICE_ID_ATEN_2PORTKVM 0x2204 + #define USB_DEVICE_ID_ATEN_4PORTKVM 0x2205 + #define USB_DEVICE_ID_ATEN_4PORTKVMC 0x2208 ++#define USB_DEVICE_ID_ATEN_CS682 0x2213 + + #define USB_VENDOR_ID_ATMEL 0x03eb + #define USB_DEVICE_ID_ATMEL_MULTITOUCH 0x211c +diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c +index a775143..4696895e 100644 +--- a/drivers/hid/usbhid/hid-quirks.c ++++ b/drivers/hid/usbhid/hid-quirks.c +@@ -61,6 +61,7 @@ static const struct hid_blacklist { + { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_2PORTKVM, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_4PORTKVM, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_4PORTKVMC, HID_QUIRK_NOGET }, ++ { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_CS682, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_FIGHTERSTICK, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_COMBATSTICK, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_FLIGHT_SIM_ECLIPSE_YOKE, HID_QUIRK_NOGET }, +-- +2.1.0 + diff --git a/0001-cx18-add-missing-caps-for-the-PCM-video-device.patch b/0001-cx18-add-missing-caps-for-the-PCM-video-device.patch new file mode 100644 index 000000000..23040a7a0 --- /dev/null +++ b/0001-cx18-add-missing-caps-for-the-PCM-video-device.patch @@ -0,0 +1,75 @@ +From 0ce518efc8ddd9d2d45dcc2f14b20032d1e88946 Mon Sep 17 00:00:00 2001 +From: Hans Verkuil +Date: Fri, 24 Apr 2015 08:55:07 +0200 +Subject: [PATCH] cx18: add missing caps for the PCM video device + +The cx18 PCM video device didn't have any capabilities set, which caused a warnings +in the v4l2 core: + +[ 6.229393] ------------[ cut here ]------------ +[ 6.229414] WARNING: CPU: 1 PID: 593 at +drivers/media/v4l2-core/v4l2-ioctl.c:1025 v4l_querycap+0x41/0x70 +[videodev]() +[ 6.229415] Modules linked in: cx18_alsa mxl5005s s5h1409 +tuner_simple tuner_types cs5345 tuner intel_rapl iosf_mbi +x86_pkg_temp_thermal coretemp raid1 snd_hda_codec_realtek kvm_intel +snd_hda_codec_generic snd_hda_codec_hdmi kvm snd_oxygen(+) snd_hda_intel +snd_oxygen_lib snd_hda_controller snd_hda_codec snd_mpu401_uart iTCO_wdt +snd_rawmidi iTCO_vendor_support snd_hwdep crct10dif_pclmul crc32_pclmul +crc32c_intel snd_seq cx18 snd_seq_device ghash_clmulni_intel +videobuf_vmalloc tveeprom cx2341x snd_pcm serio_raw videobuf_core vfat +dvb_core fat v4l2_common snd_timer videodev snd lpc_ich i2c_i801 joydev +mfd_core mei_me media soundcore tpm_infineon soc_button_array tpm_tis +mei shpchp tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc +i915 nouveau mxm_wmi wmi e1000e ttm i2c_algo_bit drm_kms_helper +[ 6.229444] drm ptp pps_core video +[ 6.229446] CPU: 1 PID: 593 Comm: v4l_id Not tainted +3.19.3-200.fc21.x86_64 #1 +[ 6.229447] Hardware name: Gigabyte Technology Co., Ltd. +Z87-D3HP/Z87-D3HP-CF, BIOS F6 01/20/2014 +[ 6.229448] 0000000000000000 00000000d12b1131 ffff88042dacfc28 +ffffffff8176e215 +[ 6.229449] 0000000000000000 0000000000000000 ffff88042dacfc68 +ffffffff8109bc1a +[ 6.229451] ffffffffa0594000 ffff88042dacfd90 0000000000000000 +ffffffffa04e2140 +[ 6.229452] Call Trace: +[ 6.229466] [] dump_stack+0x45/0x57 +[ 6.229469] [] warn_slowpath_common+0x8a/0xc0 +[ 6.229472] [] warn_slowpath_null+0x1a/0x20 +[ 6.229474] [] v4l_querycap+0x41/0x70 [videodev] +[ 6.229477] [] __video_do_ioctl+0x29c/0x320 [videodev] +[ 6.229479] [] ? do_last+0x2f1/0x1210 +[ 6.229491] [] video_usercopy+0x366/0x5d0 [videodev] +[ 6.229494] [] ? v4l_querycap+0x70/0x70 [videodev] +[ 6.229497] [] video_ioctl2+0x15/0x20 [videodev] +[ 6.229499] [] v4l2_ioctl+0x164/0x180 [videodev] +[ 6.229501] [] do_vfs_ioctl+0x2f8/0x500 +[ 6.229502] [] SyS_ioctl+0x81/0xa0 +[ 6.229505] [] system_call_fastpath+0x12/0x17 +[ 6.229506] ---[ end trace dacd80d4b19277ea ]--- + +Added the necessary capabilities to stop this warning. + +Signed-off-by: Hans Verkuil +Reported-by: Laura Abbott +Cc: # for v3.19 and up +--- + drivers/media/pci/cx18/cx18-streams.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/media/pci/cx18/cx18-streams.c b/drivers/media/pci/cx18/cx18-streams.c +index c82d25d..c986084 100644 +--- a/drivers/media/pci/cx18/cx18-streams.c ++++ b/drivers/media/pci/cx18/cx18-streams.c +@@ -90,6 +90,7 @@ static struct { + "encoder PCM audio", + VFL_TYPE_GRABBER, CX18_V4L2_ENC_PCM_OFFSET, + PCI_DMA_FROMDEVICE, ++ V4L2_CAP_TUNER | V4L2_CAP_AUDIO | V4L2_CAP_READWRITE, + }, + { /* CX18_ENC_STREAM_TYPE_IDX */ + "encoder IDX", +-- +2.1.0 + diff --git a/0001-firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch b/0001-firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch new file mode 100644 index 000000000..3f40e394d --- /dev/null +++ b/0001-firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch @@ -0,0 +1,92 @@ +From: Laura Abbott +Date: Tue, 28 Apr 2015 15:37:44 -0700 +Subject: [PATCH] firmware: Drop WARN from usermodehelper_read_trylock error + case + +We've received a number of reports of warnings when coming +out of suspend with certain bluetooth firmware configurations: + +WARNING: CPU: 3 PID: 3280 at drivers/base/firmware_class.c:1126 +_request_firmware+0x558/0x810() +Modules linked in: ccm ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 +xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter +ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 +ip6table_mangle ip6table_security ip6table_raw ip6table_filter +ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 +nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw +binfmt_misc bnep intel_rapl iosf_mbi arc4 x86_pkg_temp_thermal +snd_hda_codec_hdmi coretemp kvm_intel joydev snd_hda_codec_realtek +iwldvm snd_hda_codec_generic kvm iTCO_wdt mac80211 iTCO_vendor_support +snd_hda_intel snd_hda_controller snd_hda_codec crct10dif_pclmul +snd_hwdep crc32_pclmul snd_seq crc32c_intel ghash_clmulni_intel uvcvideo +snd_seq_device iwlwifi btusb videobuf2_vmalloc snd_pcm videobuf2_core + serio_raw bluetooth cfg80211 videobuf2_memops sdhci_pci v4l2_common +videodev thinkpad_acpi sdhci i2c_i801 lpc_ich mfd_core wacom mmc_core +media snd_timer tpm_tis hid_logitech_hidpp wmi tpm rfkill snd mei_me mei +shpchp soundcore nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 +i2c_algo_bit drm_kms_helper e1000e drm hid_logitech_dj ptp pps_core +video +CPU: 3 PID: 3280 Comm: kworker/u17:0 Not tainted 3.19.3-200.fc21.x86_64 +Hardware name: LENOVO 343522U/343522U, BIOS GCET96WW (2.56 ) 10/22/2013 +Workqueue: hci0 hci_power_on [bluetooth] + 0000000000000000 0000000089944328 ffff88040acffb78 ffffffff8176e215 + 0000000000000000 0000000000000000 ffff88040acffbb8 ffffffff8109bc1a + 0000000000000000 ffff88040acffcd0 00000000fffffff5 ffff8804076bac40 +Call Trace: + [] dump_stack+0x45/0x57 + [] warn_slowpath_common+0x8a/0xc0 + [] warn_slowpath_null+0x1a/0x20 + [] _request_firmware+0x558/0x810 + [] request_firmware+0x35/0x50 + [] btusb_setup_bcm_patchram+0x86/0x590 [btusb] + [] ? rpm_idle+0xd6/0x230 + [] hci_dev_do_open+0xe1/0xa90 [bluetooth] + [] ? ttwu_do_activate.constprop.90+0x5d/0x70 + [] hci_power_on+0x40/0x200 [bluetooth] + [] process_one_work+0x14c/0x3f0 + [] worker_thread+0x53/0x470 + [] ? rescuer_thread+0x300/0x300 + [] kthread+0xd8/0xf0 + [] ? kthread_create_on_node+0x1b0/0x1b0 + [] ret_from_fork+0x58/0x90 + [] ? kthread_create_on_node+0x1b0/0x1b0 + +This occurs after every resume. + +When resuming, the bluetooth driver needs to re-request the +firmware. This re-request is happening before usermodehelper +is fully enabled. If the firmware load succeeded previously, the +caching behavior of the firmware code typically negates the +need to call the usermodehelper code again and the request +succeeds. If the firmware was never loaded because it isn't +actually present in the file system, this results in a call +to usermodehelper and a failure warning every resume. + +The proper fix is to add a reset_resume functionality to the +btusb driver to be able to handle the resume case. The +work for this is ongoing so in the mean time just silence +the warning since we know it's a problem. + +Bugzilla: 1133378 +Upstream-status: Working on it. It's a difficult problem :( +Signed-off-by: Laura Abbott +--- + drivers/base/firmware_class.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c +index 171841a..48ce9ac 100644 +--- a/drivers/base/firmware_class.c ++++ b/drivers/base/firmware_class.c +@@ -1115,7 +1115,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, + } + } else { + ret = usermodehelper_read_trylock(); +- if (WARN_ON(ret)) { ++ if (ret) { + dev_err(device, "firmware: %s will not be loaded\n", + name); + goto out; +-- +2.1.0 + diff --git a/0001-media-media-Fix-regression-in-some-more-dib0700-base.patch b/0001-media-media-Fix-regression-in-some-more-dib0700-base.patch new file mode 100644 index 000000000..a61969e40 --- /dev/null +++ b/0001-media-media-Fix-regression-in-some-more-dib0700-base.patch @@ -0,0 +1,58 @@ +From e989a73ebd09d22c22ead51fa363a2f56f70f28a Mon Sep 17 00:00:00 2001 +From: Thomas Reitmayr +Date: Fri, 1 May 2015 20:18:04 -0300 +Subject: [PATCH] [media] media: Fix regression in some more dib0700 based + devices + +Fix an oops during device initialization by correctly setting size_of_priv +instead of leaving it 0. +The regression was introduced by 8abe4a0a3f6d4217b16a ("[media] dib7000: +export just one symbol") and only fixed for one type of dib0700 based +devices in 9e334c75642b6e5bfb95 ("[media] Fix regression in some dib0700 +based devices"). + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=92301 + +Fixes: 8abe4a0a3f6d4217b16a ("[media] dib7000: export just one symbol") + +Cc: stable@vger.kernel.org # for version 3.17+ +Signed-off-by: Thomas Reitmayr +Signed-off-by: Mauro Carvalho Chehab +--- + drivers/media/usb/dvb-usb/dib0700_devices.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/media/usb/dvb-usb/dib0700_devices.c b/drivers/media/usb/dvb-usb/dib0700_devices.c +index 90cee38..e87ce83 100644 +--- a/drivers/media/usb/dvb-usb/dib0700_devices.c ++++ b/drivers/media/usb/dvb-usb/dib0700_devices.c +@@ -3944,6 +3944,8 @@ struct dvb_usb_device_properties dib0700_devices[] = { + + DIB0700_DEFAULT_STREAMING_CONFIG(0x02), + }}, ++ .size_of_priv = sizeof(struct ++ dib0700_adapter_state), + }, { + .num_frontends = 1, + .fe = {{ +@@ -3956,6 +3958,8 @@ struct dvb_usb_device_properties dib0700_devices[] = { + + DIB0700_DEFAULT_STREAMING_CONFIG(0x03), + }}, ++ .size_of_priv = sizeof(struct ++ dib0700_adapter_state), + } + }, + +@@ -4009,6 +4013,8 @@ struct dvb_usb_device_properties dib0700_devices[] = { + + DIB0700_DEFAULT_STREAMING_CONFIG(0x02), + }}, ++ .size_of_priv = sizeof(struct ++ dib0700_adapter_state), + }, + }, + +-- +2.1.0 + diff --git a/0001-mwifiex-use-del_timer-variant-in-interrupt-context.patch b/0001-mwifiex-use-del_timer-variant-in-interrupt-context.patch new file mode 100644 index 000000000..3e862a180 --- /dev/null +++ b/0001-mwifiex-use-del_timer-variant-in-interrupt-context.patch @@ -0,0 +1,68 @@ +From 6e9344fd8e90ff0bd8e74c15ec7c21eae7d54bd3 Mon Sep 17 00:00:00 2001 +From: Amitkumar Karwar +Date: Thu, 12 Mar 2015 00:38:40 -0700 +Subject: [PATCH] mwifiex: use del_timer variant in interrupt context + +We might be in interrupt context at few places. So replace +del_timer_sync() with del_timer(). This patch fixes a kernel +trace problem seen occasionally during our testing. + +Signed-off-by: Amitkumar Karwar +Signed-off-by: Kalle Valo +--- + drivers/net/wireless/mwifiex/main.c | 2 +- + drivers/net/wireless/mwifiex/sta_event.c | 4 ++-- + drivers/net/wireless/mwifiex/usb.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/wireless/mwifiex/main.c b/drivers/net/wireless/mwifiex/main.c +index 74488ab..42bf884 100644 +--- a/drivers/net/wireless/mwifiex/main.c ++++ b/drivers/net/wireless/mwifiex/main.c +@@ -247,7 +247,7 @@ process_start: + if (IS_CARD_RX_RCVD(adapter)) { + adapter->data_received = false; + adapter->pm_wakeup_fw_try = false; +- del_timer_sync(&adapter->wakeup_timer); ++ del_timer(&adapter->wakeup_timer); + if (adapter->ps_state == PS_STATE_SLEEP) + adapter->ps_state = PS_STATE_AWAKE; + } else { +diff --git a/drivers/net/wireless/mwifiex/sta_event.c b/drivers/net/wireless/mwifiex/sta_event.c +index 64c4223..0dc7a1d 100644 +--- a/drivers/net/wireless/mwifiex/sta_event.c ++++ b/drivers/net/wireless/mwifiex/sta_event.c +@@ -312,7 +312,7 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv) + adapter->ps_state = PS_STATE_AWAKE; + adapter->pm_wakeup_card_req = false; + adapter->pm_wakeup_fw_try = false; +- del_timer_sync(&adapter->wakeup_timer); ++ del_timer(&adapter->wakeup_timer); + break; + } + if (!mwifiex_send_null_packet +@@ -327,7 +327,7 @@ int mwifiex_process_sta_event(struct mwifiex_private *priv) + adapter->ps_state = PS_STATE_AWAKE; + adapter->pm_wakeup_card_req = false; + adapter->pm_wakeup_fw_try = false; +- del_timer_sync(&adapter->wakeup_timer); ++ del_timer(&adapter->wakeup_timer); + + break; + +diff --git a/drivers/net/wireless/mwifiex/usb.c b/drivers/net/wireless/mwifiex/usb.c +index 2238730..8beb38c 100644 +--- a/drivers/net/wireless/mwifiex/usb.c ++++ b/drivers/net/wireless/mwifiex/usb.c +@@ -1006,7 +1006,7 @@ static int mwifiex_pm_wakeup_card(struct mwifiex_adapter *adapter) + { + /* Simulation of HS_AWAKE event */ + adapter->pm_wakeup_fw_try = false; +- del_timer_sync(&adapter->wakeup_timer); ++ del_timer(&adapter->wakeup_timer); + adapter->pm_wakeup_card_req = false; + adapter->ps_state = PS_STATE_AWAKE; + +-- +2.4.1 + diff --git a/0001-n_tty-Fix-auditing-support-for-cannonical-mode.patch b/0001-n_tty-Fix-auditing-support-for-cannonical-mode.patch new file mode 100644 index 000000000..4a39105b7 --- /dev/null +++ b/0001-n_tty-Fix-auditing-support-for-cannonical-mode.patch @@ -0,0 +1,64 @@ +From 9983ea5b8ff57286d625787ee8fd6ce5df430fbc Mon Sep 17 00:00:00 2001 +From: Laura Abbott +Date: Wed, 13 May 2015 17:03:06 -0700 +Subject: [PATCH] n_tty: Fix auditing support for cannonical mode +To: Greg Kroah-Hartman +To: Jiri Slaby +To: Peter Hurley +To: Andy Lutomirski +Cc: linux-kernel@vger.kernel.org + +Commit 32f13521ca68bc624ff6effc77f308a52b038bf0 +("n_tty: Line copy to user buffer in canonical mode") +changed cannonical mode copying to use copy_to_user +but missed adding the call to the audit framework. +Add in the appropriate functions to get audit support. + +Fixes: 32f13521ca68 ("n_tty: Line copy to user buffer in canonical mode") +Reported-by: Miloslav Trmač +Signed-off-by: Laura Abbott +--- + drivers/tty/n_tty.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c +index cf6e0f2..1a3d39b 100644 +--- a/drivers/tty/n_tty.c ++++ b/drivers/tty/n_tty.c +@@ -162,6 +162,17 @@ static inline int tty_put_user(struct tty_struct *tty, unsigned char x, + return put_user(x, ptr); + } + ++static inline int tty_copy_to_user(struct tty_struct *tty, ++ void __user *to, ++ const void *from, ++ unsigned long n) ++{ ++ struct n_tty_data *ldata = tty->disc_data; ++ ++ tty_audit_add_data(tty, to, n, ldata->icanon); ++ return copy_to_user(to, from, n); ++} ++ + /** + * n_tty_kick_worker - start input worker (if required) + * @tty: terminal +@@ -2072,12 +2083,12 @@ static int canon_copy_from_read_buf(struct tty_struct *tty, + __func__, eol, found, n, c, size, more); + + if (n > size) { +- ret = copy_to_user(*b, read_buf_addr(ldata, tail), size); ++ ret = tty_copy_to_user(tty, *b, read_buf_addr(ldata, tail), size); + if (ret) + return -EFAULT; +- ret = copy_to_user(*b + size, ldata->read_buf, n - size); ++ ret = tty_copy_to_user(tty, *b + size, ldata->read_buf, n - size); + } else +- ret = copy_to_user(*b, read_buf_addr(ldata, tail), n); ++ ret = tty_copy_to_user(tty, *b, read_buf_addr(ldata, tail), n); + + if (ret) + return -EFAULT; +-- +2.1.0 + diff --git a/0001-target-use-vfs_iter_read-write-in-fd_do_rw.patch b/0001-target-use-vfs_iter_read-write-in-fd_do_rw.patch new file mode 100644 index 000000000..a90fb6407 --- /dev/null +++ b/0001-target-use-vfs_iter_read-write-in-fd_do_rw.patch @@ -0,0 +1,70 @@ +From 6b9a44d0939ca6235c72b811bd55b462d6a0a553 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Sun, 22 Feb 2015 08:48:41 -0800 +Subject: [PATCH] target: use vfs_iter_read/write in fd_do_rw + +Signed-off-by: Christoph Hellwig +Reviewed-by: Sagi Grimberg +Signed-off-by: Nicholas Bellinger +--- + drivers/target/target_core_file.c | 31 ++++++++++++++----------------- + 1 file changed, 14 insertions(+), 17 deletions(-) + +diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c +index 44620fb..ea6e14e 100644 +--- a/drivers/target/target_core_file.c ++++ b/drivers/target/target_core_file.c +@@ -331,36 +331,33 @@ static int fd_do_rw(struct se_cmd *cmd, struct scatterlist *sgl, + struct fd_dev *dev = FD_DEV(se_dev); + struct file *fd = dev->fd_file; + struct scatterlist *sg; +- struct iovec *iov; +- mm_segment_t old_fs; ++ struct iov_iter iter; ++ struct bio_vec *bvec; ++ ssize_t len = 0; + loff_t pos = (cmd->t_task_lba * se_dev->dev_attrib.block_size); + int ret = 0, i; + +- iov = kzalloc(sizeof(struct iovec) * sgl_nents, GFP_KERNEL); +- if (!iov) { ++ bvec = kcalloc(sgl_nents, sizeof(struct bio_vec), GFP_KERNEL); ++ if (!bvec) { + pr_err("Unable to allocate fd_do_readv iov[]\n"); + return -ENOMEM; + } + + for_each_sg(sgl, sg, sgl_nents, i) { +- iov[i].iov_len = sg->length; +- iov[i].iov_base = kmap(sg_page(sg)) + sg->offset; +- } ++ bvec[i].bv_page = sg_page(sg); ++ bvec[i].bv_len = sg->length; ++ bvec[i].bv_offset = sg->offset; + +- old_fs = get_fs(); +- set_fs(get_ds()); ++ len += sg->length; ++ } + ++ iov_iter_bvec(&iter, ITER_BVEC, bvec, sgl_nents, len); + if (is_write) +- ret = vfs_writev(fd, &iov[0], sgl_nents, &pos); ++ ret = vfs_iter_write(fd, &iter, &pos); + else +- ret = vfs_readv(fd, &iov[0], sgl_nents, &pos); +- +- set_fs(old_fs); +- +- for_each_sg(sgl, sg, sgl_nents, i) +- kunmap(sg_page(sg)); ++ ret = vfs_iter_read(fd, &iter, &pos); + +- kfree(iov); ++ kfree(bvec); + + if (is_write) { + if (ret < 0 || ret != cmd->data_length) { +-- +2.4.1 + diff --git a/ACPI-Limit-access-to-custom_method.patch b/ACPI-Limit-access-to-custom_method.patch new file mode 100644 index 000000000..636c25b4c --- /dev/null +++ b/ACPI-Limit-access-to-custom_method.patch @@ -0,0 +1,30 @@ +From: Matthew Garrett +Date: Fri, 9 Mar 2012 08:39:37 -0500 +Subject: [PATCH] ACPI: Limit access to custom_method + +custom_method effectively allows arbitrary access to system memory, making +it possible for an attacker to circumvent restrictions on module loading. +Disable it if any such restrictions have been enabled. + +Signed-off-by: Matthew Garrett +--- + drivers/acpi/custom_method.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c +index c68e72414a67..4277938af700 100644 +--- a/drivers/acpi/custom_method.c ++++ b/drivers/acpi/custom_method.c +@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, + struct acpi_table_header table; + acpi_status status; + ++ if (secure_modules()) ++ return -EPERM; ++ + if (!(*ppos)) { + /* parse the table header to get the table length */ + if (count <= sizeof(struct acpi_table_header)) +-- +1.9.3 + diff --git a/ARM-tegra-usb-no-reset.patch b/ARM-tegra-usb-no-reset.patch new file mode 100644 index 000000000..2b1058b26 --- /dev/null +++ b/ARM-tegra-usb-no-reset.patch @@ -0,0 +1,31 @@ +From: Peter Robinson +Date: Thu, 3 May 2012 20:27:11 +0100 +Subject: [PATCH] ARM: tegra: usb no reset + +Patch for disconnect issues with storage attached to a + tegra-ehci controller +--- + drivers/usb/core/hub.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index b649fef2e35d..fb89290710ad 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -5023,6 +5023,13 @@ static void hub_event(struct work_struct *work) + (u16) hub->change_bits[0], + (u16) hub->event_bits[0]); + ++ /* Don't disconnect USB-SATA on TrimSlice */ ++ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) { ++ if ((hdev->state == 7) && (hub->change_bits[0] == 0) && ++ (hub->event_bits[0] == 0x2)) ++ hub->event_bits[0] = 0; ++ } ++ + /* Lock the device, then check to see if we were + * disconnected while waiting for the lock to succeed. */ + usb_lock_device(hdev); +-- +2.1.0 + diff --git a/Add-EFI-signature-data-types.patch b/Add-EFI-signature-data-types.patch new file mode 100644 index 000000000..b6df877a9 --- /dev/null +++ b/Add-EFI-signature-data-types.patch @@ -0,0 +1,56 @@ +From: Dave Howells +Date: Tue, 23 Oct 2012 09:30:54 -0400 +Subject: [PATCH] Add EFI signature data types + +Add the data types that are used for containing hashes, keys and certificates +for cryptographic verification. + +Bugzilla: N/A +Upstream-status: Fedora mustard for now + +Signed-off-by: David Howells +--- + include/linux/efi.h | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/include/linux/efi.h b/include/linux/efi.h +index ebe6a24cc1e1..5ce40e215f15 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -581,6 +581,12 @@ void efi_native_runtime_setup(void); + #define DEVICE_TREE_GUID \ + EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 ) + ++#define EFI_CERT_SHA256_GUID \ ++ EFI_GUID( 0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 ) ++ ++#define EFI_CERT_X509_GUID \ ++ EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 ) ++ + typedef struct { + efi_guid_t guid; + u64 table; +@@ -796,6 +802,20 @@ typedef struct _efi_file_io_interface { + + #define EFI_INVALID_TABLE_ADDR (~0UL) + ++typedef struct { ++ efi_guid_t signature_owner; ++ u8 signature_data[]; ++} efi_signature_data_t; ++ ++typedef struct { ++ efi_guid_t signature_type; ++ u32 signature_list_size; ++ u32 signature_header_size; ++ u32 signature_size; ++ u8 signature_header[]; ++ /* efi_signature_data_t signatures[][] */ ++} efi_signature_list_t; ++ + /* + * All runtime access to EFI goes through this structure: + */ +-- +1.9.3 + diff --git a/Add-an-EFI-signature-blob-parser-and-key-loader.patch b/Add-an-EFI-signature-blob-parser-and-key-loader.patch new file mode 100644 index 000000000..7c5c7e7cd --- /dev/null +++ b/Add-an-EFI-signature-blob-parser-and-key-loader.patch @@ -0,0 +1,178 @@ +From: Dave Howells +Date: Tue, 23 Oct 2012 09:36:28 -0400 +Subject: [PATCH] Add an EFI signature blob parser and key loader. + +X.509 certificates are loaded into the specified keyring as asymmetric type +keys. + +Signed-off-by: David Howells +--- + crypto/asymmetric_keys/Kconfig | 8 +++ + crypto/asymmetric_keys/Makefile | 1 + + crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++ + include/linux/efi.h | 4 ++ + 4 files changed, 122 insertions(+) + create mode 100644 crypto/asymmetric_keys/efi_parser.c + +diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig +index 4870f28403f5..4a1b50d73b80 100644 +--- a/crypto/asymmetric_keys/Kconfig ++++ b/crypto/asymmetric_keys/Kconfig +@@ -67,4 +67,12 @@ config SIGNED_PE_FILE_VERIFICATION + This option provides support for verifying the signature(s) on a + signed PE binary. + ++config EFI_SIGNATURE_LIST_PARSER ++ bool "EFI signature list parser" ++ depends on EFI ++ select X509_CERTIFICATE_PARSER ++ help ++ This option provides support for parsing EFI signature lists for ++ X.509 certificates and turning them into keys. ++ + endif # ASYMMETRIC_KEY_TYPE +diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile +index e47fcd9ac5e8..6512f6596785 100644 +--- a/crypto/asymmetric_keys/Makefile ++++ b/crypto/asymmetric_keys/Makefile +@@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o + + obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o + obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o ++obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o + + # + # X.509 Certificate handling +diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c +new file mode 100644 +index 000000000000..424896a0b169 +--- /dev/null ++++ b/crypto/asymmetric_keys/efi_parser.c +@@ -0,0 +1,109 @@ ++/* EFI signature/key/certificate list parser ++ * ++ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) "EFI: "fmt ++#include ++#include ++#include ++#include ++#include ++ ++static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID; ++ ++/** ++ * parse_efi_signature_list - Parse an EFI signature list for certificates ++ * @data: The data blob to parse ++ * @size: The size of the data blob ++ * @keyring: The keyring to add extracted keys to ++ */ ++int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring) ++{ ++ unsigned offs = 0; ++ size_t lsize, esize, hsize, elsize; ++ ++ pr_devel("-->%s(,%zu)\n", __func__, size); ++ ++ while (size > 0) { ++ efi_signature_list_t list; ++ const efi_signature_data_t *elem; ++ key_ref_t key; ++ ++ if (size < sizeof(list)) ++ return -EBADMSG; ++ ++ memcpy(&list, data, sizeof(list)); ++ pr_devel("LIST[%04x] guid=%pUl ls=%x hs=%x ss=%x\n", ++ offs, ++ list.signature_type.b, list.signature_list_size, ++ list.signature_header_size, list.signature_size); ++ ++ lsize = list.signature_list_size; ++ hsize = list.signature_header_size; ++ esize = list.signature_size; ++ elsize = lsize - sizeof(list) - hsize; ++ ++ if (lsize > size) { ++ pr_devel("<--%s() = -EBADMSG [overrun @%x]\n", ++ __func__, offs); ++ return -EBADMSG; ++ } ++ if (lsize < sizeof(list) || ++ lsize - sizeof(list) < hsize || ++ esize < sizeof(*elem) || ++ elsize < esize || ++ elsize % esize != 0) { ++ pr_devel("- bad size combo @%x\n", offs); ++ return -EBADMSG; ++ } ++ ++ if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) { ++ data += lsize; ++ size -= lsize; ++ offs += lsize; ++ continue; ++ } ++ ++ data += sizeof(list) + hsize; ++ size -= sizeof(list) + hsize; ++ offs += sizeof(list) + hsize; ++ ++ for (; elsize > 0; elsize -= esize) { ++ elem = data; ++ ++ pr_devel("ELEM[%04x]\n", offs); ++ ++ key = key_create_or_update( ++ make_key_ref(keyring, 1), ++ "asymmetric", ++ NULL, ++ &elem->signature_data, ++ esize - sizeof(*elem), ++ (KEY_POS_ALL & ~KEY_POS_SETATTR) | ++ KEY_USR_VIEW, ++ KEY_ALLOC_NOT_IN_QUOTA | ++ KEY_ALLOC_TRUSTED); ++ ++ if (IS_ERR(key)) ++ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n", ++ PTR_ERR(key)); ++ else ++ pr_notice("Loaded cert '%s' linked to '%s'\n", ++ key_ref_to_ptr(key)->description, ++ keyring->description); ++ ++ data += esize; ++ size -= esize; ++ offs += esize; ++ } ++ } ++ ++ return 0; ++} +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 58d7feadd149..b1d686e9175e 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -919,6 +919,10 @@ extern bool efi_poweroff_required(void); + char * __init efi_md_typeattr_format(char *buf, size_t size, + const efi_memory_desc_t *md); + ++struct key; ++extern int __init parse_efi_signature_list(const void *data, size_t size, ++ struct key *keyring); ++ + /** + * efi_range_is_wc - check the WC bit on an address range + * @start: starting kvirt address +-- +2.1.0 + diff --git a/Add-option-to-automatically-enforce-module-signature.patch b/Add-option-to-automatically-enforce-module-signature.patch new file mode 100644 index 000000000..b3ce38ce5 --- /dev/null +++ b/Add-option-to-automatically-enforce-module-signature.patch @@ -0,0 +1,182 @@ +From: Matthew Garrett +Date: Fri, 9 Aug 2013 18:36:30 -0400 +Subject: [PATCH] Add option to automatically enforce module signatures when in + Secure Boot mode + +UEFI Secure Boot provides a mechanism for ensuring that the firmware will +only load signed bootloaders and kernels. Certain use cases may also +require that all kernel modules also be signed. Add a configuration option +that enforces this automatically when enabled. + +Signed-off-by: Matthew Garrett +--- + Documentation/x86/zero-page.txt | 2 ++ + arch/x86/Kconfig | 10 ++++++++++ + arch/x86/boot/compressed/eboot.c | 36 +++++++++++++++++++++++++++++++++++ + arch/x86/include/uapi/asm/bootparam.h | 3 ++- + arch/x86/kernel/setup.c | 6 ++++++ + include/linux/module.h | 6 ++++++ + kernel/module.c | 7 +++++++ + 7 files changed, 69 insertions(+), 1 deletion(-) + +diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt +index 82fbdbc1e0b0..a811210ad486 100644 +--- a/Documentation/x86/zero-page.txt ++++ b/Documentation/x86/zero-page.txt +@@ -30,6 +30,8 @@ Offset Proto Name Meaning + 1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below) + 1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer + (below) ++1EB/001 ALL kbd_status Numlock is enabled ++1EC/001 ALL secure_boot Secure boot is enabled in the firmware + 1EF/001 ALL sentinel Used to detect broken bootloaders + 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures + 2D0/A00 ALL e820_map E820 memory map table +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index b7d31ca55187..ab403a636357 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1695,6 +1695,16 @@ config EFI_MIXED + + If unsure, say N. + ++config EFI_SECURE_BOOT_SIG_ENFORCE ++ def_bool n ++ prompt "Force module signing when UEFI Secure Boot is enabled" ++ ---help--- ++ UEFI Secure Boot provides a mechanism for ensuring that the ++ firmware will only load signed bootloaders and kernels. Certain ++ use cases may also require that all kernel modules also be signed. ++ Say Y here to automatically enable module signature enforcement ++ when a system boots with UEFI Secure Boot enabled. ++ + config SECCOMP + def_bool y + prompt "Enable seccomp to safely compute untrusted bytecode" +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index ef17683484e9..105e7360d747 100644 +--- a/arch/x86/boot/compressed/eboot.c ++++ b/arch/x86/boot/compressed/eboot.c +@@ -12,6 +12,7 @@ + #include + #include + #include ++#include + + #include "../string.h" + #include "eboot.h" +@@ -827,6 +828,37 @@ out: + return status; + } + ++static int get_secure_boot(void) ++{ ++ u8 sb, setup; ++ unsigned long datasize = sizeof(sb); ++ efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; ++ efi_status_t status; ++ ++ status = efi_early->call((unsigned long)sys_table->runtime->get_variable, ++ L"SecureBoot", &var_guid, NULL, &datasize, &sb); ++ ++ if (status != EFI_SUCCESS) ++ return 0; ++ ++ if (sb == 0) ++ return 0; ++ ++ ++ status = efi_early->call((unsigned long)sys_table->runtime->get_variable, ++ L"SetupMode", &var_guid, NULL, &datasize, ++ &setup); ++ ++ if (status != EFI_SUCCESS) ++ return 0; ++ ++ if (setup == 1) ++ return 0; ++ ++ return 1; ++} ++ ++ + /* + * See if we have Graphics Output Protocol + */ +@@ -1406,6 +1438,10 @@ struct boot_params *efi_main(struct efi_config *c, + else + setup_boot_services32(efi_early); + ++ sanitize_boot_params(boot_params); ++ ++ boot_params->secure_boot = get_secure_boot(); ++ + setup_graphics(boot_params); + + setup_efi_pci(boot_params); +diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h +index 225b0988043a..90dbfb73e11f 100644 +--- a/arch/x86/include/uapi/asm/bootparam.h ++++ b/arch/x86/include/uapi/asm/bootparam.h +@@ -133,7 +133,8 @@ struct boot_params { + __u8 eddbuf_entries; /* 0x1e9 */ + __u8 edd_mbr_sig_buf_entries; /* 0x1ea */ + __u8 kbd_status; /* 0x1eb */ +- __u8 _pad5[3]; /* 0x1ec */ ++ __u8 secure_boot; /* 0x1ec */ ++ __u8 _pad5[2]; /* 0x1ed */ + /* + * The sentinel is set to a nonzero value (0xff) in header.S. + * +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index 0a2421cca01f..a3d8174dedf9 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -1151,6 +1151,12 @@ void __init setup_arch(char **cmdline_p) + + io_delay_init(); + ++#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE ++ if (boot_params.secure_boot) { ++ enforce_signed_modules(); ++ } ++#endif ++ + /* + * Parse the ACPI tables for possible boot-time SMP configuration. + */ +diff --git a/include/linux/module.h b/include/linux/module.h +index b033dab5c8bf..f526b6e02f59 100644 +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add); + + struct notifier_block; + ++#ifdef CONFIG_MODULE_SIG ++extern void enforce_signed_modules(void); ++#else ++static inline void enforce_signed_modules(void) {}; ++#endif ++ + #ifdef CONFIG_MODULES + + extern int modules_disabled; /* for sysctl */ +diff --git a/kernel/module.c b/kernel/module.c +index 0372c3961016..55dacebb687b 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -3909,6 +3909,13 @@ void module_layout(struct module *mod, + EXPORT_SYMBOL(module_layout); + #endif + ++#ifdef CONFIG_MODULE_SIG ++void enforce_signed_modules(void) ++{ ++ sig_enforce = true; ++} ++#endif ++ + bool secure_modules(void) + { + #ifdef CONFIG_MODULE_SIG diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch new file mode 100644 index 000000000..ecf5b894f --- /dev/null +++ b/Add-secure_modules-call.patch @@ -0,0 +1,63 @@ +From: Matthew Garrett +Date: Fri, 9 Aug 2013 17:58:15 -0400 +Subject: [PATCH] Add secure_modules() call + +Provide a single call to allow kernel code to determine whether the system +has been configured to either disable module loading entirely or to load +only modules signed with a trusted key. + +Bugzilla: N/A +Upstream-status: Fedora mustard. Replaced by securelevels, but that was nak'd + +Signed-off-by: Matthew Garrett +--- + include/linux/module.h | 7 +++++++ + kernel/module.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +diff --git a/include/linux/module.h b/include/linux/module.h +index 71f282a4e307..341a73ecea2e 100644 +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -516,6 +516,8 @@ int unregister_module_notifier(struct notifier_block *nb); + + extern void print_modules(void); + ++extern bool secure_modules(void); ++ + #else /* !CONFIG_MODULES... */ + + /* Given an address, look for it in the exception tables. */ +@@ -626,6 +628,11 @@ static inline int unregister_module_notifier(struct notifier_block *nb) + static inline void print_modules(void) + { + } ++ ++static inline bool secure_modules(void) ++{ ++ return false; ++} + #endif /* CONFIG_MODULES */ + + #ifdef CONFIG_SYSFS +diff --git a/kernel/module.c b/kernel/module.c +index 03214bd288e9..1f7b4664300e 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -3842,3 +3842,13 @@ void module_layout(struct module *mod, + } + EXPORT_SYMBOL(module_layout); + #endif ++ ++bool secure_modules(void) ++{ ++#ifdef CONFIG_MODULE_SIG ++ return (sig_enforce || modules_disabled); ++#else ++ return modules_disabled; ++#endif ++} ++EXPORT_SYMBOL(secure_modules); +-- +1.9.3 + diff --git a/devel-sysrq-secure-boot-20130717.patch b/Add-sysrq-option-to-disable-secure-boot-mode.patch similarity index 66% rename from devel-sysrq-secure-boot-20130717.patch rename to Add-sysrq-option-to-disable-secure-boot-mode.patch index a40f26ce5..7e23c8131 100644 --- a/devel-sysrq-secure-boot-20130717.patch +++ b/Add-sysrq-option-to-disable-secure-boot-mode.patch @@ -1,5 +1,21 @@ +From: Kyle McMartin +Date: Fri, 30 Aug 2013 09:28:51 -0400 +Subject: [PATCH] Add sysrq option to disable secure boot mode + +Bugzilla: N/A +Upstream-status: Fedora mustard +--- + arch/x86/kernel/setup.c | 36 ++++++++++++++++++++++++++++++++++++ + drivers/input/misc/uinput.c | 1 + + drivers/tty/sysrq.c | 19 +++++++++++++------ + include/linux/input.h | 5 +++++ + include/linux/sysrq.h | 8 +++++++- + kernel/debug/kdb/kdb_main.c | 2 +- + kernel/module.c | 4 ++-- + 7 files changed, 65 insertions(+), 10 deletions(-) + diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 167ca34..2a06699 100644 +index 26c5d54124c1..dab298f03a9c 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -70,6 +70,11 @@ @@ -14,53 +30,24 @@ index 167ca34..2a06699 100644 #include