From: Arne Fitzenreiter <arne_f@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/4] kernel: purge unused patches
Date: Fri, 24 Nov 2023 15:45:01 +0100 [thread overview]
Message-ID: <20231124144503.14577-2-arne_f@ipfire.org> (raw)
In-Reply-To: <20231124144503.14577-1-arne_f@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 11350 bytes --]
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
---
...evtmpfs-mount-with-noexec-and-nosuid.patch | 93 -------------------
....9.8_cs5535audio_fix_logspam_on_geos.patch | 31 -------
...rm64-dpaa2-add-support-for-10g-modes.patch | 39 --------
...inux-5.15-arm64-dpaa2-fix-lock-issue.patch | 81 ----------------
4 files changed, 244 deletions(-)
delete mode 100644 src/patches/linux/devtmpfs-mount-with-noexec-and-nosuid.patch
delete mode 100644 src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch
delete mode 100644 src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes.patch
delete mode 100644 src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch
diff --git a/src/patches/linux/devtmpfs-mount-with-noexec-and-nosuid.patch b/src/patches/linux/devtmpfs-mount-with-noexec-and-nosuid.patch
deleted file mode 100644
index 222b7b6ea..000000000
--- a/src/patches/linux/devtmpfs-mount-with-noexec-and-nosuid.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 28f0c335dd4a1a4b44b3e6c6402825a93132e1a4 Mon Sep 17 00:00:00 2001
-From: Kees Cook <keescook(a)chromium.org>
-Date: Wed, 22 Dec 2021 17:50:20 +0500
-Subject: devtmpfs: mount with noexec and nosuid
-
-devtmpfs is writable. Add the noexec and nosuid as default mount flags
-to prevent code execution from /dev. The systems who don't use systemd
-and who rely on CONFIG_DEVTMPFS_MOUNT=y are the ones to be protected by
-this patch. Other systems are fine with the udev solution.
-
-No sane program should be relying on executing from /dev. So this patch
-reduces the attack surface. It doesn't prevent any specific attack, but
-it reduces the possibility that someone can use /dev as a place to put
-executable code. Chrome OS has been carrying this patch for several
-years. It seems trivial and simple solution to improve the protection of
-/dev when CONFIG_DEVTMPFS_MOUNT=y.
-
-Original patch:
-https://lore.kernel.org/lkml/20121120215059.GA1859(a)www.outflux.net/
-
-Cc: ellyjones(a)chromium.org
-Cc: Kay Sievers <kay(a)vrfy.org>
-Cc: Roland Eggner <edvx1(a)systemanalysen.net>
-Co-developed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com>
-Signed-off-by: Kees Cook <keescook(a)chromium.org>
-Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com>
-Link: https://lore.kernel.org/r/YcMfDOyrg647RCmd(a)debian-BULLSEYE-live-builder-AMD64
-Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
----
- drivers/base/Kconfig | 11 +++++++++++
- drivers/base/devtmpfs.c | 10 ++++++++--
- 2 files changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig
-index ffcbe2bc460eb..6f04b831a5c04 100644
---- a/drivers/base/Kconfig
-+++ b/drivers/base/Kconfig
-@@ -62,6 +62,17 @@ config DEVTMPFS_MOUNT
- rescue mode with init=/bin/sh, even when the /dev directory
- on the rootfs is completely empty.
-
-+config DEVTMPFS_SAFE
-+ bool "Use nosuid,noexec mount options on devtmpfs"
-+ depends on DEVTMPFS
-+ help
-+ This instructs the kernel to include the MS_NOEXEC and MS_NOSUID mount
-+ flags when mounting devtmpfs.
-+
-+ Notice: If enabled, things like /dev/mem cannot be mmapped
-+ with the PROT_EXEC flag. This can break, for example, non-KMS
-+ video drivers.
-+
- config STANDALONE
- bool "Select only drivers that don't need compile-time external firmware"
- default y
-diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
-index 8be352ab4ddbf..1e2c2d3882e2c 100644
---- a/drivers/base/devtmpfs.c
-+++ b/drivers/base/devtmpfs.c
-@@ -29,6 +29,12 @@
- #include <uapi/linux/mount.h>
- #include "base.h"
-
-+#ifdef CONFIG_DEVTMPFS_SAFE
-+#define DEVTMPFS_MFLAGS (MS_SILENT | MS_NOEXEC | MS_NOSUID)
-+#else
-+#define DEVTMPFS_MFLAGS (MS_SILENT)
-+#endif
-+
- static struct task_struct *thread;
-
- static int __initdata mount_dev = IS_ENABLED(CONFIG_DEVTMPFS_MOUNT);
-@@ -363,7 +369,7 @@ int __init devtmpfs_mount(void)
- if (!thread)
- return 0;
-
-- err = init_mount("devtmpfs", "dev", "devtmpfs", MS_SILENT, NULL);
-+ err = init_mount("devtmpfs", "dev", "devtmpfs", DEVTMPFS_MFLAGS, NULL);
- if (err)
- printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
- else
-@@ -412,7 +418,7 @@ static noinline int __init devtmpfs_setup(void *p)
- err = ksys_unshare(CLONE_NEWNS);
- if (err)
- goto out;
-- err = init_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, NULL);
-+ err = init_mount("devtmpfs", "/", "devtmpfs", DEVTMPFS_MFLAGS, NULL);
- if (err)
- goto out;
- init_chdir("/.."); /* will traverse into overmounted root */
---
-cgit
-
diff --git a/src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch b/src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch
deleted file mode 100644
index 79bd5e69e..000000000
--- a/src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-diff -Naur linux-4.9.8.org/sound/pci/cs5535audio/cs5535audio.c linux-4.9.8/sound/pci/cs5535audio/cs5535audio.c
---- linux-4.9.8.org/sound/pci/cs5535audio/cs5535audio.c 2017-02-04 09:47:29.000000000 +0100
-+++ linux-4.9.8/sound/pci/cs5535audio/cs5535audio.c 2017-02-09 19:24:55.658297050 +0100
-@@ -83,9 +83,9 @@
- break;
- udelay(1);
- } while (--timeout);
-- if (!timeout)
-- dev_err(cs5535au->card->dev,
-- "Failure writing to cs5535 codec\n");
-+// if (!timeout)
-+// dev_err(cs5535au->card->dev,
-+// "Failure writing to cs5535 codec\n");
- }
-
- static unsigned short snd_cs5535audio_codec_read(struct cs5535audio *cs5535au,
-@@ -109,10 +109,10 @@
- break;
- udelay(1);
- } while (--timeout);
-- if (!timeout)
-- dev_err(cs5535au->card->dev,
-- "Failure reading codec reg 0x%x, Last value=0x%x\n",
-- reg, val);
-+// if (!timeout)
-+// dev_err(cs5535au->card->dev,
-+// "Failure reading codec reg 0x%x, Last value=0x%x\n",
-+// reg, val);
-
- return (unsigned short) val;
- }
diff --git a/src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes.patch b/src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes.patch
deleted file mode 100644
index ef8d459b7..000000000
--- a/src/patches/linux/linux-5-15-arm64-dpaa2-add-support-for-10g-modes.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From c314138bd045e050432158ab021160de3ba51c5e Mon Sep 17 00:00:00 2001
-From: Russell King <rmk+kernel(a)armlinux.org.uk>
-Date: Thu, 30 Jan 2020 22:42:38 +0000
-Subject: [PATCH 2/4] net: dpaa2-mac: add support for more 10G modes
-
-Phylink documentation says:
- * Note that the PHY may be able to transform from one connection
- * technology to another, so, eg, don't clear 1000BaseX just
- * because the MAC is unable to BaseX mode. This is more about
- * clearing unsupported speeds and duplex settings. The port modes
- * should not be cleared; phylink_set_port_modes() will help with this.
-
-So add the missing 10G modes.
-
-Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk>
----
- drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
-index 8fe32ed4f6dc..3be849cee47b 100644
---- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
-+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
-@@ -140,6 +140,12 @@ static void dpaa2_mac_validate(struct phylink_config *config,
- case PHY_INTERFACE_MODE_10GBASER:
- case PHY_INTERFACE_MODE_USXGMII:
- phylink_set(mask, 10000baseT_Full);
-+ phylink_set(mask, 10000baseKR_Full);
-+ phylink_set(mask, 10000baseCR_Full);
-+ phylink_set(mask, 10000baseSR_Full);
-+ phylink_set(mask, 10000baseLR_Full);
-+ phylink_set(mask, 10000baseLRM_Full);
-+ phylink_set(mask, 10000baseER_Full);
- if (state->interface == PHY_INTERFACE_MODE_10GBASER)
- break;
- phylink_set(mask, 5000baseT_Full);
---
-2.30.1
-
diff --git a/src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch b/src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch
deleted file mode 100644
index 587821bac..000000000
--- a/src/patches/linux/linux-5.15-arm64-dpaa2-fix-lock-issue.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 3a39dbe0c0c41f8dba5246ce6e2c5c4bcd6ba661 Mon Sep 17 00:00:00 2001
-From: Ioana Ciornei <ioana.ciornei(a)nxp.com>
-Date: Thu, 21 Nov 2019 21:15:25 +0200
-Subject: [PATCH 1/4] dpaa2-eth: do not hold rtnl_lock on phylink_create() or
- _destroy()
-
-The rtnl_lock should not be held when calling phylink_create() or
-phylink_destroy() since it leads to the deadlock listed below:
-
-[ 18.656576] rtnl_lock+0x18/0x20
-[ 18.659798] sfp_bus_add_upstream+0x28/0x90
-[ 18.663974] phylink_create+0x2cc/0x828
-[ 18.667803] dpaa2_mac_connect+0x14c/0x2a8
-[ 18.671890] dpaa2_eth_connect_mac+0x94/0xd8
-
-Fix this by moving the _lock() and _unlock() calls just outside of
-phylink_of_phy_connect() and phylink_disconnect_phy().
-
-Fixes: 719479230893 ("dpaa2-eth: add MAC/PHY support through phylink")
-Reported-by: Russell King <linux(a)armlinux.org.uk>
-Signed-off-by: Ioana Ciornei <ioana.ciornei(a)nxp.com>
-Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk>
----
- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 4 ----
- drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 4 ++++
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
-index 8b7a29e1e221..20e65053f036 100644
---- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
-+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
-@@ -4214,12 +4214,10 @@ static irqreturn_t dpni_irq0_handler_thread(int irq_num, void *arg)
- dpaa2_eth_set_mac_addr(netdev_priv(net_dev));
- dpaa2_eth_update_tx_fqids(priv);
-
-- rtnl_lock();
- if (dpaa2_eth_has_mac(priv))
- dpaa2_eth_disconnect_mac(priv);
- else
- dpaa2_eth_connect_mac(priv);
-- rtnl_unlock();
- }
-
- return IRQ_HANDLED;
-@@ -4513,9 +4511,7 @@ static int dpaa2_eth_remove(struct fsl_mc_device *ls_dev)
- #endif
-
- unregister_netdev(net_dev);
-- rtnl_lock();
- dpaa2_eth_disconnect_mac(priv);
-- rtnl_unlock();
-
- dpaa2_eth_dl_port_del(priv);
- dpaa2_eth_dl_traps_unregister(priv);
-diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
-index ae6d382d8735..8fe32ed4f6dc 100644
---- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
-+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
-@@ -351,7 +351,9 @@ int dpaa2_mac_connect(struct dpaa2_mac *mac)
- if (mac->pcs)
- phylink_set_pcs(mac->phylink, &mac->pcs->pcs);
-
-+ rtnl_lock();
- err = phylink_fwnode_phy_connect(mac->phylink, dpmac_node, 0);
-+ rtnl_unlock();
- if (err) {
- netdev_err(net_dev, "phylink_fwnode_phy_connect() = %d\n", err);
- goto err_phylink_destroy;
-@@ -372,7 +374,9 @@ void dpaa2_mac_disconnect(struct dpaa2_mac *mac)
- if (!mac->phylink)
- return;
-
-+ rtnl_lock();
- phylink_disconnect_phy(mac->phylink);
-+ rtnl_unlock();
- phylink_destroy(mac->phylink);
- dpaa2_pcs_destroy(mac);
- }
---
-2.30.1
-
--
2.42.0
next parent reply other threads:[~2023-11-24 14:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20231124144503.14577-1-arne_f@ipfire.org>
2023-11-24 14:45 ` Arne Fitzenreiter [this message]
2023-11-24 14:45 ` [PATCH 3/4] rtl8812au: update to 202110629-e6a0d17 Arne Fitzenreiter
2023-11-24 14:45 ` [PATCH 4/4] rtl8xxx: remove unused or replaced external modules Arne Fitzenreiter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231124144503.14577-2-arne_f@ipfire.org \
--to=arne_f@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox