TileOS/linux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refresh patches for 6.6.33

Browse source
This commit is contained in:
Aleksey Samoilov 2024-06-15 01:34:43 +04:00
parent d8ae023995
commit 2c605fa3c5
Signed by: Sunderland93
GPG key ID: D3E730685C28F1FB
4 changed files with 12 additions and 311 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
debian/changelog vendored
View file

@ -1,3 +1,9 @@
linux (6.6.33-2~tileos) bookworm; urgency=medium
* Refresh patches
-- Aleksey Samoilov <samoilov.lex@gmail.com> Sat, 15 Jun 2024 01:33:44 +0400
linux (6.6.33-1~tileos) bookworm; urgency=medium linux (6.6.33-1~tileos) bookworm; urgency=medium
* New upstream release * New upstream release

295
debian/patches/debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch vendored
View file

@ -1,295 +0,0 @@
From 4f86519c560fd00b2ab58721cf2943e07107437d Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 4 Feb 2024 21:02:11 +0100
Subject: [PATCH 2/2] Revert "docs: kernel_feat.py: fix potential command
injection"
This reverts commit e961f8c6966abbd486ff87549e29e53f3c69b685.
---
Documentation/admin-guide/features.rst | 2 +-
Documentation/arch/arc/features.rst | 2 +-
Documentation/arch/arm/features.rst | 2 +-
Documentation/arch/arm64/features.rst | 2 +-
Documentation/arch/loongarch/features.rst | 2 +-
Documentation/arch/m68k/features.rst | 2 +-
Documentation/arch/mips/features.rst | 2 +-
Documentation/arch/nios2/features.rst | 2 +-
Documentation/arch/openrisc/features.rst | 2 +-
Documentation/arch/parisc/features.rst | 2 +-
Documentation/arch/s390/features.rst | 2 +-
Documentation/arch/sh/features.rst | 2 +-
Documentation/arch/sparc/features.rst | 2 +-
Documentation/arch/x86/features.rst | 2 +-
Documentation/arch/xtensa/features.rst | 2 +-
Documentation/powerpc/features.rst | 2 +-
Documentation/riscv/features.rst | 2 +-
Documentation/sphinx/kernel_feat.py | 55 +++++++++++++++----
.../zh_CN/arch/loongarch/features.rst | 2 +-
.../translations/zh_CN/arch/mips/features.rst | 2 +-
20 files changed, 63 insertions(+), 30 deletions(-)
diff --git a/Documentation/admin-guide/features.rst b/Documentation/admin-guide/features.rst
index 7651eca38227..8c167082a84f 100644
--- a/Documentation/admin-guide/features.rst
+++ b/Documentation/admin-guide/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features
+.. kernel-feat:: $srctree/Documentation/features
diff --git a/Documentation/arch/arc/features.rst b/Documentation/arch/arc/features.rst
index 49ff446ff744..b793583d688a 100644
--- a/Documentation/arch/arc/features.rst
+++ b/Documentation/arch/arc/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features arc
+.. kernel-feat:: $srctree/Documentation/features arc
diff --git a/Documentation/arch/arm/features.rst b/Documentation/arch/arm/features.rst
index 0e76aaf68eca..7414ec03dd15 100644
--- a/Documentation/arch/arm/features.rst
+++ b/Documentation/arch/arm/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features arm
+.. kernel-feat:: $srctree/Documentation/features arm
diff --git a/Documentation/arch/arm64/features.rst b/Documentation/arch/arm64/features.rst
index 03321f4309d0..dfa4cb3cd3ef 100644
--- a/Documentation/arch/arm64/features.rst
+++ b/Documentation/arch/arm64/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features arm64
+.. kernel-feat:: $srctree/Documentation/features arm64
diff --git a/Documentation/arch/loongarch/features.rst b/Documentation/arch/loongarch/features.rst
index 009f44c7951f..ebacade3ea45 100644
--- a/Documentation/arch/loongarch/features.rst
+++ b/Documentation/arch/loongarch/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features loongarch
+.. kernel-feat:: $srctree/Documentation/features loongarch
diff --git a/Documentation/arch/m68k/features.rst b/Documentation/arch/m68k/features.rst
index de7f0ccf7fc8..5107a2119472 100644
--- a/Documentation/arch/m68k/features.rst
+++ b/Documentation/arch/m68k/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features m68k
+.. kernel-feat:: $srctree/Documentation/features m68k
diff --git a/Documentation/arch/mips/features.rst b/Documentation/arch/mips/features.rst
index 6e0ffe3e7354..1973d729b29a 100644
--- a/Documentation/arch/mips/features.rst
+++ b/Documentation/arch/mips/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features mips
+.. kernel-feat:: $srctree/Documentation/features mips
diff --git a/Documentation/arch/nios2/features.rst b/Documentation/arch/nios2/features.rst
index 89913810ccb5..8449e63f69b2 100644
--- a/Documentation/arch/nios2/features.rst
+++ b/Documentation/arch/nios2/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features nios2
+.. kernel-feat:: $srctree/Documentation/features nios2
diff --git a/Documentation/arch/openrisc/features.rst b/Documentation/arch/openrisc/features.rst
index bae2e25adfd6..3f7c40d219f2 100644
--- a/Documentation/arch/openrisc/features.rst
+++ b/Documentation/arch/openrisc/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features openrisc
+.. kernel-feat:: $srctree/Documentation/features openrisc
diff --git a/Documentation/arch/parisc/features.rst b/Documentation/arch/parisc/features.rst
index b3aa4d243b93..501d7c450037 100644
--- a/Documentation/arch/parisc/features.rst
+++ b/Documentation/arch/parisc/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features parisc
+.. kernel-feat:: $srctree/Documentation/features parisc
diff --git a/Documentation/arch/s390/features.rst b/Documentation/arch/s390/features.rst
index 2883dc950681..57c296a9d8f3 100644
--- a/Documentation/arch/s390/features.rst
+++ b/Documentation/arch/s390/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features s390
+.. kernel-feat:: $srctree/Documentation/features s390
diff --git a/Documentation/arch/sh/features.rst b/Documentation/arch/sh/features.rst
index fae48fe81e9b..f722af3b6c99 100644
--- a/Documentation/arch/sh/features.rst
+++ b/Documentation/arch/sh/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features sh
+.. kernel-feat:: $srctree/Documentation/features sh
diff --git a/Documentation/arch/sparc/features.rst b/Documentation/arch/sparc/features.rst
index 96835b6d598a..c0c92468b0fe 100644
--- a/Documentation/arch/sparc/features.rst
+++ b/Documentation/arch/sparc/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features sparc
+.. kernel-feat:: $srctree/Documentation/features sparc
diff --git a/Documentation/arch/x86/features.rst b/Documentation/arch/x86/features.rst
index a33616346a38..b663f15053ce 100644
--- a/Documentation/arch/x86/features.rst
+++ b/Documentation/arch/x86/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features x86
+.. kernel-feat:: $srctree/Documentation/features x86
diff --git a/Documentation/arch/xtensa/features.rst b/Documentation/arch/xtensa/features.rst
index 28dcce1759be..6b92c7bfa19d 100644
--- a/Documentation/arch/xtensa/features.rst
+++ b/Documentation/arch/xtensa/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features xtensa
+.. kernel-feat:: $srctree/Documentation/features xtensa
diff --git a/Documentation/powerpc/features.rst b/Documentation/powerpc/features.rst
index ee4b95e04202..aeae73df86b0 100644
--- a/Documentation/powerpc/features.rst
+++ b/Documentation/powerpc/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features powerpc
+.. kernel-feat:: $srctree/Documentation/features powerpc
diff --git a/Documentation/riscv/features.rst b/Documentation/riscv/features.rst
index 36e90144adab..c70ef6ac2368 100644
--- a/Documentation/riscv/features.rst
+++ b/Documentation/riscv/features.rst
@@ -1,3 +1,3 @@
.. SPDX-License-Identifier: GPL-2.0
-.. kernel-feat:: features riscv
+.. kernel-feat:: $srctree/Documentation/features riscv
diff --git a/Documentation/sphinx/kernel_feat.py b/Documentation/sphinx/kernel_feat.py
index bdfaa3e4b202..27b701ed3681 100644
--- a/Documentation/sphinx/kernel_feat.py
+++ b/Documentation/sphinx/kernel_feat.py
@@ -37,6 +37,8 @@ import re
import subprocess
import sys
+from os import path
+
from docutils import nodes, statemachine
from docutils.statemachine import ViewList
from docutils.parsers.rst import directives, Directive
@@ -74,26 +76,33 @@ class KernelFeat(Directive):
self.state.document.settings.env.app.warn(message, prefix="")
def run(self):
+
doc = self.state.document
if not doc.settings.file_insertion_enabled:
raise self.warning("docutils: file insertion disabled")
env = doc.settings.env
+ cwd = path.dirname(doc.current_source)
+ cmd = "get_feat.pl rest --enable-fname --dir "
+ cmd += self.arguments[0]
+
+ if len(self.arguments) > 1:
+ cmd += " --arch " + self.arguments[1]
- srctree = os.path.abspath(os.environ["srctree"])
+ srctree = path.abspath(os.environ["srctree"])
- args = [
- os.path.join(srctree, 'scripts/get_feat.pl'),
- 'rest',
- '--enable-fname',
- '--dir',
- os.path.join(srctree, 'Documentation', self.arguments[0]),
- ]
+ fname = cmd
- if len(self.arguments) > 1:
- args.extend(['--arch', self.arguments[1]])
+ # extend PATH with $(srctree)/scripts
+ path_env = os.pathsep.join([
+ srctree + os.sep + "scripts",
+ os.environ["PATH"]
+ ])
+ shell_env = os.environ.copy()
+ shell_env["PATH"] = path_env
+ shell_env["srctree"] = srctree
- lines = subprocess.check_output(args, cwd=os.path.dirname(doc.current_source)).decode('utf-8')
+ lines = self.runCmd(cmd, shell=True, cwd=cwd, env=shell_env)
line_regex = re.compile("^\.\. FILE (\S+)$")
@@ -112,6 +121,30 @@ class KernelFeat(Directive):
nodeList = self.nestedParse(out_lines, fname)
return nodeList
+ def runCmd(self, cmd, **kwargs):
+ u"""Run command ``cmd`` and return its stdout as unicode."""
+
+ try:
+ proc = subprocess.Popen(
+ cmd
+ , stdout = subprocess.PIPE
+ , stderr = subprocess.PIPE
+ , **kwargs
+ )
+ out, err = proc.communicate()
+
+ out, err = codecs.decode(out, 'utf-8'), codecs.decode(err, 'utf-8')
+
+ if proc.returncode != 0:
+ raise self.severe(
+ u"command '%s' failed with return code %d"
+ % (cmd, proc.returncode)
+ )
+ except OSError as exc:
+ raise self.severe(u"problems with '%s' directive: %s."
+ % (self.name, ErrorString(exc)))
+ return out
+
def nestedParse(self, lines, fname):
content = ViewList()
node = nodes.section()
diff --git a/Documentation/translations/zh_CN/arch/loongarch/features.rst b/Documentation/translations/zh_CN/arch/loongarch/features.rst
index cec38dda8298..82bfac180bdc 100644
--- a/Documentation/translations/zh_CN/arch/loongarch/features.rst
+++ b/Documentation/translations/zh_CN/arch/loongarch/features.rst
@@ -5,4 +5,4 @@
:Original: Documentation/arch/loongarch/features.rst
:Translator: Huacai Chen <chenhuacai@loongson.cn>
-.. kernel-feat:: features loongarch
+.. kernel-feat:: $srctree/Documentation/features loongarch
diff --git a/Documentation/translations/zh_CN/arch/mips/features.rst b/Documentation/translations/zh_CN/arch/mips/features.rst
index 0d6df97db069..da1b956e4a40 100644
--- a/Documentation/translations/zh_CN/arch/mips/features.rst
+++ b/Documentation/translations/zh_CN/arch/mips/features.rst
@@ -10,4 +10,4 @@
.. _cn_features:
-.. kernel-feat:: features mips
+.. kernel-feat:: $srctree/Documentation/features mips
--
2.43.0

21
debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch vendored
View file

@ -26,16 +26,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
--- a/arch/x86/kernel/setup.c --- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c
@@ -1031,6 +1031,8 @@ void __init setup_arch(char **cmdline_p) @@ -1190,8 +1190,6 @@
if (efi_enabled(EFI_BOOT))
efi_init();
+ efi_set_secure_boot(boot_params.secure_boot);
+
reserve_ibft_region();
dmi_setup();
@@ -1192,8 +1194,6 @@ void __init setup_arch(char **cmdline_p)
/* Allocate bigger log buffer */ /* Allocate bigger log buffer */
setup_log_buf(1); setup_log_buf(1);
@ -54,7 +45,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
/* /*
* Decide what to do when UEFI secure boot mode is enabled. * Decide what to do when UEFI secure boot mode is enabled.
@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi @@ -28,6 +29,10 @@
break; break;
case efi_secureboot_mode_enabled: case efi_secureboot_mode_enabled:
set_bit(EFI_SECURE_BOOT, &efi.flags); set_bit(EFI_SECURE_BOOT, &efi.flags);
@ -67,7 +58,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
default: default:
--- a/include/linux/security.h --- a/include/linux/security.h
+++ b/include/linux/security.h +++ b/include/linux/security.h
@@ -482,6 +482,7 @@ int security_inode_notifysecctx(struct i @@ -486,6 +486,7 @@
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
int security_locked_down(enum lockdown_reason what); int security_locked_down(enum lockdown_reason what);
@ -75,7 +66,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
#else /* CONFIG_SECURITY */ #else /* CONFIG_SECURITY */
static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
@@ -1388,6 +1389,11 @@ static inline int security_locked_down(e @@ -1404,6 +1405,11 @@
{ {
return 0; return 0;
} }
@ -89,7 +80,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
--- a/security/lockdown/Kconfig --- a/security/lockdown/Kconfig
+++ b/security/lockdown/Kconfig +++ b/security/lockdown/Kconfig
@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI @@ -45,3 +45,18 @@
disabled. disabled.
endchoice endchoice
@ -110,7 +101,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
+ triggered in integrity mode if EFI Secure Boot is set. + triggered in integrity mode if EFI Secure Boot is set.
--- a/security/lockdown/lockdown.c --- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c
@@ -23,7 +23,7 @@ static const enum lockdown_reason lockdo @@ -23,7 +23,7 @@
/* /*
* Put the kernel into lock-down mode. * Put the kernel into lock-down mode.
*/ */

1
debian/patches/series vendored
View file

@ -78,7 +78,6 @@ features/x86/x86-make-x32-syscall-support-conditional.patch
# Miscellaneous bug fixes # Miscellaneous bug fixes
bugfix/all/disable-some-marvell-phys.patch bugfix/all/disable-some-marvell-phys.patch
bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
debian/Revert-docs-kernel_feat.py-fix-potential-command-inj.patch
# Miscellaneous features # Miscellaneous features