From: Sasha Levin Date: Sun, 14 Feb 2021 16:44:58 +0000 (-0500) Subject: Fixes for 4.14 X-Git-Tag: v5.4.99~38 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=634ef4615abae8471afee9cb594f9795e3021738;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/arm-dts-lpc32xx-revert-set-default-clock-rate-of-hcl.patch b/queue-4.14/arm-dts-lpc32xx-revert-set-default-clock-rate-of-hcl.patch new file mode 100644 index 00000000000..97d00ec34ad --- /dev/null +++ b/queue-4.14/arm-dts-lpc32xx-revert-set-default-clock-rate-of-hcl.patch @@ -0,0 +1,47 @@ +From a56d00e08ab21618e1b7f1c002e3addc82173c19 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 3 Feb 2021 10:03:20 +0100 +Subject: ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL + +From: Alexandre Belloni + +[ Upstream commit 5638159f6d93b99ec9743ac7f65563fca3cf413d ] + +This reverts commit c17e9377aa81664d94b4f2102559fcf2a01ec8e7. + +The lpc32xx clock driver is not able to actually change the PLL rate as +this would require reparenting ARM_CLK, DDRAM_CLK, PERIPH_CLK to SYSCLK, +then stop the PLL, update the register, restart the PLL and wait for the +PLL to lock and finally reparent ARM_CLK, DDRAM_CLK, PERIPH_CLK to HCLK +PLL. + +Currently, the HCLK driver simply updates the registers but this has no +real effect and all the clock rate calculation end up being wrong. This is +especially annoying for the peripheral (e.g. UARTs, I2C, SPI). + +Signed-off-by: Alexandre Belloni +Tested-by: Gregory CLEMENT +Link: https://lore.kernel.org/r/20210203090320.GA3760268@piout.net' +Signed-off-by: Arnd Bergmann +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/lpc32xx.dtsi | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/arch/arm/boot/dts/lpc32xx.dtsi b/arch/arm/boot/dts/lpc32xx.dtsi +index c5b119ddb70b8..7f2b73cbd2280 100644 +--- a/arch/arm/boot/dts/lpc32xx.dtsi ++++ b/arch/arm/boot/dts/lpc32xx.dtsi +@@ -323,9 +323,6 @@ + + clocks = <&xtal_32k>, <&xtal>; + clock-names = "xtal_32k", "xtal"; +- +- assigned-clocks = <&clk LPC32XX_CLK_HCLK_PLL>; +- assigned-clock-rates = <208000000>; + }; + }; + +-- +2.27.0 + diff --git a/queue-4.14/arm-ensure-the-signal-page-contains-defined-contents.patch b/queue-4.14/arm-ensure-the-signal-page-contains-defined-contents.patch new file mode 100644 index 00000000000..b06d109ccf8 --- /dev/null +++ b/queue-4.14/arm-ensure-the-signal-page-contains-defined-contents.patch @@ -0,0 +1,54 @@ +From 65dec628248ebdbbb1bda06b722e2d8ad5b40b73 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 29 Jan 2021 10:19:07 +0000 +Subject: ARM: ensure the signal page contains defined contents + +From: Russell King + +[ Upstream commit 9c698bff66ab4914bb3d71da7dc6112519bde23e ] + +Ensure that the signal page contains our poison instruction to increase +the protection against ROP attacks and also contains well defined +contents. + +Acked-by: Will Deacon +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/kernel/signal.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c +index 02e6b6dfffa7e..19e4ff507209b 100644 +--- a/arch/arm/kernel/signal.c ++++ b/arch/arm/kernel/signal.c +@@ -667,18 +667,20 @@ struct page *get_signal_page(void) + + addr = page_address(page); + ++ /* Poison the entire page */ ++ memset32(addr, __opcode_to_mem_arm(0xe7fddef1), ++ PAGE_SIZE / sizeof(u32)); ++ + /* Give the signal return code some randomness */ + offset = 0x200 + (get_random_int() & 0x7fc); + signal_return_offset = offset; + +- /* +- * Copy signal return handlers into the vector page, and +- * set sigreturn to be a pointer to these. +- */ ++ /* Copy signal return handlers into the page */ + memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes)); + +- ptr = (unsigned long)addr + offset; +- flush_icache_range(ptr, ptr + sizeof(sigreturn_codes)); ++ /* Flush out all instructions in this page */ ++ ptr = (unsigned long)addr; ++ flush_icache_range(ptr, ptr + PAGE_SIZE); + + return page; + } +-- +2.27.0 + diff --git a/queue-4.14/arm64-dts-rockchip-fix-pcie-dt-properties-on-rk3399.patch b/queue-4.14/arm64-dts-rockchip-fix-pcie-dt-properties-on-rk3399.patch new file mode 100644 index 00000000000..17e55056281 --- /dev/null +++ b/queue-4.14/arm64-dts-rockchip-fix-pcie-dt-properties-on-rk3399.patch @@ -0,0 +1,50 @@ +From 8879874d89275c8117c90a28b4c9b161394d1685 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 15 Aug 2020 13:51:12 +0100 +Subject: arm64: dts: rockchip: Fix PCIe DT properties on rk3399 + +From: Marc Zyngier + +[ Upstream commit 43f20b1c6140896916f4e91aacc166830a7ba849 ] + +It recently became apparent that the lack of a 'device_type = "pci"' +in the PCIe root complex node for rk3399 is a violation of the PCI +binding, as documented in IEEE Std 1275-1994. Changes to the kernel's +parsing of the DT made such violation fatal, as drivers cannot +probe the controller anymore. + +Add the missing property makes the PCIe node compliant. While we +are at it, drop the pointless linux,pci-domain property, which only +makes sense when there are multiple host bridges. + +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20200815125112.462652-3-maz@kernel.org +Signed-off-by: Heiko Stuebner +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +index 82747048381fa..721f4b6b262f1 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +@@ -231,6 +231,7 @@ + reg = <0x0 0xf8000000 0x0 0x2000000>, + <0x0 0xfd000000 0x0 0x1000000>; + reg-names = "axi-base", "apb-base"; ++ device_type = "pci"; + #address-cells = <3>; + #size-cells = <2>; + #interrupt-cells = <1>; +@@ -249,7 +250,6 @@ + <0 0 0 2 &pcie0_intc 1>, + <0 0 0 3 &pcie0_intc 2>, + <0 0 0 4 &pcie0_intc 3>; +- linux,pci-domain = <0>; + max-link-speed = <1>; + msi-map = <0x0 &its 0x0 0x1000>; + phys = <&pcie_phy 0>, <&pcie_phy 1>, +-- +2.27.0 + diff --git a/queue-4.14/cap-fix-conversions-on-getxattr.patch b/queue-4.14/cap-fix-conversions-on-getxattr.patch new file mode 100644 index 00000000000..29b989e7882 --- /dev/null +++ b/queue-4.14/cap-fix-conversions-on-getxattr.patch @@ -0,0 +1,145 @@ +From 112b64583cdec25d2b64f246f883d3501710e438 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 10:22:48 +0100 +Subject: cap: fix conversions on getxattr + +From: Miklos Szeredi + +[ Upstream commit f2b00be488730522d0fb7a8a5de663febdcefe0a ] + +If a capability is stored on disk in v2 format cap_inode_getsecurity() will +currently return in v2 format unconditionally. + +This is wrong: v2 cap should be equivalent to a v3 cap with zero rootid, +and so the same conversions performed on it. + +If the rootid cannot be mapped, v3 is returned unconverted. Fix this so +that both v2 and v3 return -EOVERFLOW if the rootid (or the owner of the fs +user namespace in case of v2) cannot be mapped into the current user +namespace. + +Signed-off-by: Miklos Szeredi +Acked-by: "Eric W. Biederman" +Signed-off-by: Sasha Levin +--- + security/commoncap.c | 67 ++++++++++++++++++++++++++++---------------- + 1 file changed, 43 insertions(+), 24 deletions(-) + +diff --git a/security/commoncap.c b/security/commoncap.c +index ac031fa391908..bf689d61b293c 100644 +--- a/security/commoncap.c ++++ b/security/commoncap.c +@@ -378,10 +378,11 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer, + { + int size, ret; + kuid_t kroot; ++ u32 nsmagic, magic; + uid_t root, mappedroot; + char *tmpbuf = NULL; + struct vfs_cap_data *cap; +- struct vfs_ns_cap_data *nscap; ++ struct vfs_ns_cap_data *nscap = NULL; + struct dentry *dentry; + struct user_namespace *fs_ns; + +@@ -403,46 +404,61 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer, + fs_ns = inode->i_sb->s_user_ns; + cap = (struct vfs_cap_data *) tmpbuf; + if (is_v2header((size_t) ret, cap)) { +- /* If this is sizeof(vfs_cap_data) then we're ok with the +- * on-disk value, so return that. */ +- if (alloc) +- *buffer = tmpbuf; +- else +- kfree(tmpbuf); +- return ret; +- } else if (!is_v3header((size_t) ret, cap)) { +- kfree(tmpbuf); +- return -EINVAL; ++ root = 0; ++ } else if (is_v3header((size_t) ret, cap)) { ++ nscap = (struct vfs_ns_cap_data *) tmpbuf; ++ root = le32_to_cpu(nscap->rootid); ++ } else { ++ size = -EINVAL; ++ goto out_free; + } + +- nscap = (struct vfs_ns_cap_data *) tmpbuf; +- root = le32_to_cpu(nscap->rootid); + kroot = make_kuid(fs_ns, root); + + /* If the root kuid maps to a valid uid in current ns, then return + * this as a nscap. */ + mappedroot = from_kuid(current_user_ns(), kroot); + if (mappedroot != (uid_t)-1 && mappedroot != (uid_t)0) { ++ size = sizeof(struct vfs_ns_cap_data); + if (alloc) { +- *buffer = tmpbuf; ++ if (!nscap) { ++ /* v2 -> v3 conversion */ ++ nscap = kzalloc(size, GFP_ATOMIC); ++ if (!nscap) { ++ size = -ENOMEM; ++ goto out_free; ++ } ++ nsmagic = VFS_CAP_REVISION_3; ++ magic = le32_to_cpu(cap->magic_etc); ++ if (magic & VFS_CAP_FLAGS_EFFECTIVE) ++ nsmagic |= VFS_CAP_FLAGS_EFFECTIVE; ++ memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); ++ nscap->magic_etc = cpu_to_le32(nsmagic); ++ } else { ++ /* use allocated v3 buffer */ ++ tmpbuf = NULL; ++ } + nscap->rootid = cpu_to_le32(mappedroot); +- } else +- kfree(tmpbuf); +- return size; ++ *buffer = nscap; ++ } ++ goto out_free; + } + + if (!rootid_owns_currentns(kroot)) { +- kfree(tmpbuf); +- return -EOPNOTSUPP; ++ size = -EOVERFLOW; ++ goto out_free; + } + + /* This comes from a parent namespace. Return as a v2 capability */ + size = sizeof(struct vfs_cap_data); + if (alloc) { +- *buffer = kmalloc(size, GFP_ATOMIC); +- if (*buffer) { +- struct vfs_cap_data *cap = *buffer; +- __le32 nsmagic, magic; ++ if (nscap) { ++ /* v3 -> v2 conversion */ ++ cap = kzalloc(size, GFP_ATOMIC); ++ if (!cap) { ++ size = -ENOMEM; ++ goto out_free; ++ } + magic = VFS_CAP_REVISION_2; + nsmagic = le32_to_cpu(nscap->magic_etc); + if (nsmagic & VFS_CAP_FLAGS_EFFECTIVE) +@@ -450,9 +466,12 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer, + memcpy(&cap->data, &nscap->data, sizeof(__le32) * 2 * VFS_CAP_U32); + cap->magic_etc = cpu_to_le32(magic); + } else { +- size = -ENOMEM; ++ /* use unconverted v2 */ ++ tmpbuf = NULL; + } ++ *buffer = cap; + } ++out_free: + kfree(tmpbuf); + return size; + } +-- +2.27.0 + diff --git a/queue-4.14/ovl-perform-vfs_getxattr-with-mounter-creds.patch b/queue-4.14/ovl-perform-vfs_getxattr-with-mounter-creds.patch new file mode 100644 index 00000000000..201e5c52836 --- /dev/null +++ b/queue-4.14/ovl-perform-vfs_getxattr-with-mounter-creds.patch @@ -0,0 +1,40 @@ +From b241d0a4ffff7a157ca652906b4b2df81874cbd9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 10:22:48 +0100 +Subject: ovl: perform vfs_getxattr() with mounter creds + +From: Miklos Szeredi + +[ Upstream commit 554677b97257b0b69378bd74e521edb7e94769ff ] + +The vfs_getxattr() in ovl_xattr_set() is used to check whether an xattr +exist on a lower layer file that is to be removed. If the xattr does not +exist, then no need to copy up the file. + +This call of vfs_getxattr() wasn't wrapped in credential override, and this +is probably okay. But for consitency wrap this instance as well. + +Reported-by: "Eric W. Biederman" +Signed-off-by: Miklos Szeredi +Signed-off-by: Sasha Levin +--- + fs/overlayfs/inode.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c +index 30a1c7fc8c75c..ac6efac119fb9 100644 +--- a/fs/overlayfs/inode.c ++++ b/fs/overlayfs/inode.c +@@ -216,7 +216,9 @@ int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name, + goto out; + + if (!value && !upperdentry) { ++ old_cred = ovl_override_creds(dentry->d_sb); + err = vfs_getxattr(realdentry, name, NULL, 0); ++ revert_creds(old_cred); + if (err < 0) + goto out_drop_write; + } +-- +2.27.0 + diff --git a/queue-4.14/ovl-skip-getxattr-of-security-labels.patch b/queue-4.14/ovl-skip-getxattr-of-security-labels.patch new file mode 100644 index 00000000000..e142239756e --- /dev/null +++ b/queue-4.14/ovl-skip-getxattr-of-security-labels.patch @@ -0,0 +1,74 @@ +From f7388096ee6e9d450d0dc0cfff355d185d7c4c57 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 19 Dec 2020 12:16:08 +0200 +Subject: ovl: skip getxattr of security labels + +From: Amir Goldstein + +[ Upstream commit 03fedf93593c82538b18476d8c4f0e8f8435ea70 ] + +When inode has no listxattr op of its own (e.g. squashfs) vfs_listxattr +calls the LSM inode_listsecurity hooks to list the xattrs that LSMs will +intercept in inode_getxattr hooks. + +When selinux LSM is installed but not initialized, it will list the +security.selinux xattr in inode_listsecurity, but will not intercept it +in inode_getxattr. This results in -ENODATA for a getxattr call for an +xattr returned by listxattr. + +This situation was manifested as overlayfs failure to copy up lower +files from squashfs when selinux is built-in but not initialized, +because ovl_copy_xattr() iterates the lower inode xattrs by +vfs_listxattr() and vfs_getxattr(). + +ovl_copy_xattr() skips copy up of security labels that are indentified by +inode_copy_up_xattr LSM hooks, but it does that after vfs_getxattr(). +Since we are not going to copy them, skip vfs_getxattr() of the security +labels. + +Reported-by: Michael Labriola +Tested-by: Michael Labriola +Link: https://lore.kernel.org/linux-unionfs/2nv9d47zt7.fsf@aldarion.sourceruckus.org/ +Signed-off-by: Amir Goldstein +Signed-off-by: Miklos Szeredi +Signed-off-by: Sasha Levin +--- + fs/overlayfs/copy_up.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c +index b97fc1df62128..f3ed80e2966c3 100644 +--- a/fs/overlayfs/copy_up.c ++++ b/fs/overlayfs/copy_up.c +@@ -95,6 +95,14 @@ int ovl_copy_xattr(struct dentry *old, struct dentry *new) + + if (ovl_is_private_xattr(name)) + continue; ++ ++ error = security_inode_copy_up_xattr(name); ++ if (error < 0 && error != -EOPNOTSUPP) ++ break; ++ if (error == 1) { ++ error = 0; ++ continue; /* Discard */ ++ } + retry: + size = vfs_getxattr(old, name, value, value_size); + if (size == -ERANGE) +@@ -118,13 +126,6 @@ retry: + goto retry; + } + +- error = security_inode_copy_up_xattr(name); +- if (error < 0 && error != -EOPNOTSUPP) +- break; +- if (error == 1) { +- error = 0; +- continue; /* Discard */ +- } + error = vfs_setxattr(new, name, value, size, 0); + if (error) + break; +-- +2.27.0 + diff --git a/queue-4.14/platform-x86-hp-wmi-disable-tablet-mode-reporting-by.patch b/queue-4.14/platform-x86-hp-wmi-disable-tablet-mode-reporting-by.patch new file mode 100644 index 00000000000..861ec72567a --- /dev/null +++ b/queue-4.14/platform-x86-hp-wmi-disable-tablet-mode-reporting-by.patch @@ -0,0 +1,102 @@ +From ccdc68caf257f5cf83cef60b02cc1b2ca16a837e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Jan 2021 13:49:41 +0100 +Subject: platform/x86: hp-wmi: Disable tablet-mode reporting by default +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Hans de Goede + +[ Upstream commit 67fbe02a5cebc3c653610f12e3c0424e58450153 ] + +Recently userspace has started making more use of SW_TABLET_MODE +(when an input-dev reports this). + +Specifically recent GNOME3 versions will: + +1. When SW_TABLET_MODE is reported and is reporting 0: +1.1 Disable accelerometer-based screen auto-rotation +1.2 Disable automatically showing the on-screen keyboard when a + text-input field is focussed + +2. When SW_TABLET_MODE is reported and is reporting 1: +2.1 Ignore input-events from the builtin keyboard and touchpad + (this is for 360° hinges style 2-in-1s where the keyboard and + touchpads are accessible on the back of the tablet when folded + into tablet-mode) + +This means that claiming to support SW_TABLET_MODE when it does not +actually work / reports correct values has bad side-effects. + +The check in the hp-wmi code which is used to decide if the input-dev +should claim SW_TABLET_MODE support, only checks if the +HPWMI_HARDWARE_QUERY is supported. It does *not* check if the hardware +actually is capable of reporting SW_TABLET_MODE. + +This leads to the hp-wmi input-dev claiming SW_TABLET_MODE support, +while in reality it will always report 0 as SW_TABLET_MODE value. +This has been seen on a "HP ENVY x360 Convertible 15-cp0xxx" and +this likely is the case on a whole lot of other HP models. + +This problem causes both auto-rotation and on-screen keyboard +support to not work on affected x360 models. + +There is no easy fix for this, but since userspace expects +SW_TABLET_MODE reporting to be reliable when advertised it is +better to not claim/report SW_TABLET_MODE support at all, then +to claim to support it while it does not work. + +To avoid the mentioned problems, add a new enable_tablet_mode_sw +module-parameter which defaults to false. + +Note I've made this an int using the standard -1=auto, 0=off, 1=on +triplett, with the hope that in the future we can come up with a +better way to detect SW_TABLET_MODE support. ATM the default +auto option just does the same as off. + +BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1918255 +Cc: Stefan Brüns +Signed-off-by: Hans de Goede +Acked-by: Mark Gross +Link: https://lore.kernel.org/r/20210120124941.73409-1-hdegoede@redhat.com +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/hp-wmi.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c +index 952544ca0d84d..93fadd4abf14d 100644 +--- a/drivers/platform/x86/hp-wmi.c ++++ b/drivers/platform/x86/hp-wmi.c +@@ -45,6 +45,10 @@ MODULE_LICENSE("GPL"); + MODULE_ALIAS("wmi:95F24279-4D7B-4334-9387-ACCDC67EF61C"); + MODULE_ALIAS("wmi:5FB7F034-2C63-45e9-BE91-3D44E2C707E4"); + ++static int enable_tablet_mode_sw = -1; ++module_param(enable_tablet_mode_sw, int, 0444); ++MODULE_PARM_DESC(enable_tablet_mode_sw, "Enable SW_TABLET_MODE reporting (-1=auto, 0=no, 1=yes)"); ++ + #define HPWMI_EVENT_GUID "95F24279-4D7B-4334-9387-ACCDC67EF61C" + #define HPWMI_BIOS_GUID "5FB7F034-2C63-45e9-BE91-3D44E2C707E4" + +@@ -656,10 +660,12 @@ static int __init hp_wmi_input_setup(void) + } + + /* Tablet mode */ +- val = hp_wmi_hw_state(HPWMI_TABLET_MASK); +- if (!(val < 0)) { +- __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit); +- input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, val); ++ if (enable_tablet_mode_sw > 0) { ++ val = hp_wmi_hw_state(HPWMI_TABLET_MASK); ++ if (val >= 0) { ++ __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit); ++ input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, val); ++ } + } + + err = sparse_keymap_setup(hp_wmi_input_dev, hp_wmi_keymap, NULL); +-- +2.27.0 + diff --git a/queue-4.14/series b/queue-4.14/series index 392cd544904..afd0b31d654 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -18,3 +18,10 @@ tracing-do-not-count-ftrace-events-in-top-level-enable-output.patch tracing-check-length-before-giving-out-the-filter-buffer.patch arm-xen-don-t-probe-xenbus-as-part-of-an-early-initcall.patch mips-bmips-fix-section-mismatch-warning.patch +arm64-dts-rockchip-fix-pcie-dt-properties-on-rk3399.patch +platform-x86-hp-wmi-disable-tablet-mode-reporting-by.patch +ovl-perform-vfs_getxattr-with-mounter-creds.patch +cap-fix-conversions-on-getxattr.patch +ovl-skip-getxattr-of-security-labels.patch +arm-dts-lpc32xx-revert-set-default-clock-rate-of-hcl.patch +arm-ensure-the-signal-page-contains-defined-contents.patch