Update additional Debian patches for v5.11

pkg/debian/kernel/0001-Export-symbols-needed-by-Android-drivers.patch

@@ -0,0 +1,129 @@
+From 50229d157d311b63268eaccbfec669da0dbb516c Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Mon, 7 Sep 2020 02:51:53 +0100
+Subject: [PATCH 1/2] Export symbols needed by Android drivers
+
+We want to enable use of the Android ashmem and binder drivers to
+support Anbox, but they should not be built-in as that would waste
+resources and increase security attack surface on systems that don't
+need them.
+
+Export the currently un-exported symbols they depend on.
+---
+ fs/file.c           | 1 +
+ kernel/fork.c       | 1 +
+ kernel/sched/core.c | 1 +
+ kernel/task_work.c  | 1 +
+ mm/memory.c         | 1 +
+ mm/shmem.c          | 1 +
+ security/security.c | 4 ++++
+ 7 files changed, 10 insertions(+)
+
+diff --git a/fs/file.c b/fs/file.c
+index dab120b71e44..ed2ec6ecc466 100644
+--- a/fs/file.c
++++ b/fs/file.c
+@@ -761,6 +761,7 @@ int close_fd_get_file(unsigned int fd, struct file **res)
+ 	*res = NULL;
+ 	return -ENOENT;
+ }
++EXPORT_SYMBOL(__close_fd_get_file);
+ 
+ void do_close_on_exec(struct files_struct *files)
+ {
+diff --git a/kernel/fork.c b/kernel/fork.c
+index d66cd1014211..ff215b3fdb15 100644
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -1120,6 +1120,7 @@ void mmput_async(struct mm_struct *mm)
+ 		schedule_work(&mm->async_put_work);
+ 	}
+ }
++EXPORT_SYMBOL_GPL(mmput_async);
+ #endif
+ 
+ /**
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c
+index ff74fca39ed2..943239122b29 100644
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -5575,6 +5575,7 @@ int can_nice(const struct task_struct *p, const int nice)
+ 	return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
+ 		capable(CAP_SYS_NICE));
+ }
++EXPORT_SYMBOL_GPL(can_nice);
+ 
+ #ifdef __ARCH_WANT_SYS_NICE
+ 
+diff --git a/kernel/task_work.c b/kernel/task_work.c
+index 9cde961875c0..5c8dea45d4f8 100644
+--- a/kernel/task_work.c
++++ b/kernel/task_work.c
+@@ -57,6 +57,7 @@ int task_work_add(struct task_struct *task, struct callback_head *work,
+ 
+ 	return 0;
+ }
++EXPORT_SYMBOL(task_work_add);
+ 
+ /**
+  * task_work_cancel - cancel a pending work added by task_work_add()
+diff --git a/mm/memory.c b/mm/memory.c
+index feff48e1465a..9e9b0fd92e38 100644
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -1542,6 +1542,7 @@ void zap_page_range(struct vm_area_struct *vma, unsigned long start,
+ 	mmu_notifier_invalidate_range_end(&range);
+ 	tlb_finish_mmu(&tlb, start, range.end);
+ }
++EXPORT_SYMBOL_GPL(zap_page_range);
+ 
+ /**
+  * zap_page_range_single - remove user pages in a given range
+diff --git a/mm/shmem.c b/mm/shmem.c
+index 7c6b6d8f6c39..83151e1345e6 100644
+--- a/mm/shmem.c
++++ b/mm/shmem.c
+@@ -4287,6 +4287,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
+ 
+ 	return 0;
+ }
++EXPORT_SYMBOL_GPL(shmem_zero_setup);
+ 
+ /**
+  * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags.
+diff --git a/security/security.c b/security/security.c
+index 7b09cfbae94f..5eaec62c51f2 100644
+--- a/security/security.c
++++ b/security/security.c
+@@ -727,24 +727,28 @@ int security_binder_set_context_mgr(struct task_struct *mgr)
+ {
+ 	return call_int_hook(binder_set_context_mgr, 0, mgr);
+ }
++EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
+ 
+ int security_binder_transaction(struct task_struct *from,
+ 				struct task_struct *to)
+ {
+ 	return call_int_hook(binder_transaction, 0, from, to);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transaction);
+ 
+ int security_binder_transfer_binder(struct task_struct *from,
+ 				    struct task_struct *to)
+ {
+ 	return call_int_hook(binder_transfer_binder, 0, from, to);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
+ 
+ int security_binder_transfer_file(struct task_struct *from,
+ 				  struct task_struct *to, struct file *file)
+ {
+ 	return call_int_hook(binder_transfer_file, 0, from, to, file);
+ }
++EXPORT_SYMBOL_GPL(security_binder_transfer_file);
+ 
+ int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
+ {
+-- 
+2.30.1
+

pkg/debian/kernel/android-enable-building-ashmem-and-binder-as-modules.patch → pkg/debian/kernel/0002-android-Enable-building-ashmem-and-binder-as-modules.patch

@@ -1,7 +1,7 @@
+From e2a9a34af4fd99de652638bfc0365aba284b95f8 Mon Sep 17 00:00:00 2001
 From: Ben Hutchings <ben@decadent.org.uk>
 Date: Fri, 22 Jun 2018 17:27:00 +0100
-Subject: android: Enable building ashmem and binder as modules
-Bug-Debian: https://bugs.debian.org/901492
+Subject: [PATCH 2/2] android: Enable building ashmem and binder as modules
 
 We want to enable use of the Android ashmem and binder drivers to
 support Anbox, but they should not be built-in as that would waste
@@ -21,10 +21,10 @@ need them.
  drivers/staging/android/ashmem.c | 3 +++
  6 files changed, 12 insertions(+), 7 deletions(-)
 
-Index: debian-kernel/drivers/android/Kconfig
-===================================================================
---- debian-kernel.orig/drivers/android/Kconfig
-+++ debian-kernel/drivers/android/Kconfig
+diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig
+index 53b22e26266c..f3c50236e8d1 100644
+--- a/drivers/android/Kconfig
++++ b/drivers/android/Kconfig
 @@ -9,7 +9,7 @@ config ANDROID
  if ANDROID
  
@@ -34,10 +34,10 @@ Index: debian-kernel/drivers/android/Kconfig
  	depends on MMU
  	default n
  	help
-Index: debian-kernel/drivers/android/Makefile
-===================================================================
---- debian-kernel.orig/drivers/android/Makefile
-+++ debian-kernel/drivers/android/Makefile
+diff --git a/drivers/android/Makefile b/drivers/android/Makefile
+index c9d3d0c99c25..55411d9a9c2a 100644
+--- a/drivers/android/Makefile
++++ b/drivers/android/Makefile
 @@ -1,6 +1,7 @@
  # SPDX-License-Identifier: GPL-2.0-only
  ccflags-y += -I$(src)			# needed for trace events
@@ -49,10 +49,10 @@ Index: debian-kernel/drivers/android/Makefile
 +binder_linux-y := binder.o binder_alloc.o
 +binder_linux-$(CONFIG_ANDROID_BINDERFS)	+= binderfs.o
 +binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
-Index: debian-kernel/drivers/android/binder_alloc.c
-===================================================================
---- debian-kernel.orig/drivers/android/binder_alloc.c
-+++ debian-kernel/drivers/android/binder_alloc.c
+diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
+index 7caf74ad2405..9202a44bd55d 100644
+--- a/drivers/android/binder_alloc.c
++++ b/drivers/android/binder_alloc.c
 @@ -38,7 +38,7 @@ enum {
  };
  static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR;
@@ -62,10 +62,10 @@ Index: debian-kernel/drivers/android/binder_alloc.c
  		   uint, 0644);
  
  #define binder_alloc_debug(mask, x...) \
-Index: debian-kernel/drivers/staging/android/Kconfig
-===================================================================
---- debian-kernel.orig/drivers/staging/android/Kconfig
-+++ debian-kernel/drivers/staging/android/Kconfig
+diff --git a/drivers/staging/android/Kconfig b/drivers/staging/android/Kconfig
+index 70498adb1575..5c35653ed36d 100644
+--- a/drivers/staging/android/Kconfig
++++ b/drivers/staging/android/Kconfig
 @@ -4,7 +4,7 @@ menu "Android"
  if ANDROID
  
@@ -75,21 +75,21 @@ Index: debian-kernel/drivers/staging/android/Kconfig
  	depends on SHMEM
  	help
  	  The ashmem subsystem is a new shared memory allocator, similar to
-Index: debian-kernel/drivers/staging/android/Makefile
-===================================================================
---- debian-kernel.orig/drivers/staging/android/Makefile
-+++ debian-kernel/drivers/staging/android/Makefile
-@@ -3,4 +3,5 @@ ccflags-y += -I$(src)			# needed for tra
- 
- obj-y					+= ion/
+diff --git a/drivers/staging/android/Makefile b/drivers/staging/android/Makefile
+index e9a55a5e6529..60cb8eacc793 100644
+--- a/drivers/staging/android/Makefile
++++ b/drivers/staging/android/Makefile
+@@ -1,4 +1,5 @@
+ # SPDX-License-Identifier: GPL-2.0
+ ccflags-y += -I$(src)			# needed for trace events
  
 -obj-$(CONFIG_ASHMEM)			+= ashmem.o
 +obj-$(CONFIG_ASHMEM)			+= ashmem_linux.o
 +ashmem_linux-y				+= ashmem.o
-Index: debian-kernel/drivers/staging/android/ashmem.c
-===================================================================
---- debian-kernel.orig/drivers/staging/android/ashmem.c
-+++ debian-kernel/drivers/staging/android/ashmem.c
+diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
+index 4789d36ddfd3..f86efd3da373 100644
+--- a/drivers/staging/android/ashmem.c
++++ b/drivers/staging/android/ashmem.c
 @@ -24,6 +24,7 @@
  #include <linux/bitops.h>
  #include <linux/mutex.h>
@@ -98,9 +98,12 @@ Index: debian-kernel/drivers/staging/android/ashmem.c
  #include "ashmem.h"
  
  #define ASHMEM_NAME_PREFIX "dev/ashmem/"
-@@ -953,3 +954,5 @@ out:
+@@ -965,3 +966,5 @@ static int __init ashmem_init(void)
  	return ret;
  }
  device_initcall(ashmem_init);
 +
 +MODULE_LICENSE("GPL v2");
+-- 
+2.30.1
+

pkg/debian/kernel/export-symbols-needed-by-android-drivers.patch

@@ -1,193 +0,0 @@
-From: Ben Hutchings <ben@decadent.org.uk>
-Date: Tue, 26 Jun 2018 16:59:01 +0100
-Subject: Export symbols needed by Android drivers
-Bug-Debian: https://bugs.debian.org/901492
-
-We want to enable use of the Android ashmem and binder drivers to
-support Anbox, but they should not be built-in as that would waste
-resources and increase security attack surface on systems that don't
-need them.
-
-Export the currently un-exported symbols they depend on.
-
----
- fs/file.c           | 5 +++++
- kernel/fork.c       | 1 +
- kernel/sched/core.c | 1 +
- kernel/signal.c     | 1 +
- kernel/task_work.c  | 1 +
- mm/memory.c         | 1 +
- mm/shmem.c          | 1 +
- mm/vmalloc.c        | 2 ++
- security/security.c | 4 ++++
- 9 files changed, 17 insertions(+)
-
-Index: debian-kernel/fs/file.c
-===================================================================
---- debian-kernel.orig/fs/file.c
-+++ debian-kernel/fs/file.c
-@@ -409,6 +409,7 @@ struct files_struct *get_files_struct(st
- 
- 	return files;
- }
-+EXPORT_SYMBOL_GPL(get_files_struct);
- 
- void put_files_struct(struct files_struct *files)
- {
-@@ -421,6 +422,7 @@ void put_files_struct(struct files_struc
- 		kmem_cache_free(files_cachep, files);
- 	}
- }
-+EXPORT_SYMBOL_GPL(put_files_struct);
- 
- void reset_files_struct(struct files_struct *files)
- {
-@@ -534,6 +536,7 @@ out:
- 	spin_unlock(&files->file_lock);
- 	return error;
- }
-+EXPORT_SYMBOL_GPL(__alloc_fd);
- 
- static int alloc_fd(unsigned start, unsigned flags)
- {
-@@ -612,6 +615,7 @@ void __fd_install(struct files_struct *f
- 	rcu_assign_pointer(fdt->fd[fd], file);
- 	rcu_read_unlock_sched();
- }
-+EXPORT_SYMBOL_GPL(__fd_install);
- 
- void fd_install(unsigned int fd, struct file *file)
- {
-@@ -676,6 +680,7 @@ out_unlock:
- 	*res = NULL;
- 	return -ENOENT;
- }
-+EXPORT_SYMBOL(__close_fd_get_file);
- 
- void do_close_on_exec(struct files_struct *files)
- {
-Index: debian-kernel/kernel/fork.c
-===================================================================
---- debian-kernel.orig/kernel/fork.c
-+++ debian-kernel/kernel/fork.c
-@@ -1131,6 +1131,7 @@ void mmput_async(struct mm_struct *mm)
- 		schedule_work(&mm->async_put_work);
- 	}
- }
-+EXPORT_SYMBOL_GPL(mmput_async);
- #endif
- 
- /**
-Index: debian-kernel/kernel/sched/core.c
-===================================================================
---- debian-kernel.orig/kernel/sched/core.c
-+++ debian-kernel/kernel/sched/core.c
-@@ -4667,6 +4667,7 @@ int can_nice(const struct task_struct *p
- 	return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
- 		capable(CAP_SYS_NICE));
- }
-+EXPORT_SYMBOL_GPL(can_nice);
- 
- #ifdef __ARCH_WANT_SYS_NICE
- 
-Index: debian-kernel/kernel/signal.c
-===================================================================
---- debian-kernel.orig/kernel/signal.c
-+++ debian-kernel/kernel/signal.c
-@@ -1396,6 +1396,7 @@ struct sighand_struct *__lock_task_sigha
- 
- 	return sighand;
- }
-+EXPORT_SYMBOL_GPL(__lock_task_sighand);
- 
- /*
-  * send signal info to all the members of a group
-Index: debian-kernel/kernel/task_work.c
-===================================================================
---- debian-kernel.orig/kernel/task_work.c
-+++ debian-kernel/kernel/task_work.c
-@@ -52,6 +52,7 @@ task_work_add(struct task_struct *task,
- 
- 	return 0;
- }
-+EXPORT_SYMBOL(task_work_add);
- 
- /**
-  * task_work_cancel - cancel a pending work added by task_work_add()
-Index: debian-kernel/mm/memory.c
-===================================================================
---- debian-kernel.orig/mm/memory.c
-+++ debian-kernel/mm/memory.c
-@@ -1367,6 +1367,7 @@ void zap_page_range(struct vm_area_struc
- 	mmu_notifier_invalidate_range_end(&range);
- 	tlb_finish_mmu(&tlb, start, range.end);
- }
-+EXPORT_SYMBOL_GPL(zap_page_range);
- 
- /**
-  * zap_page_range_single - remove user pages in a given range
-Index: debian-kernel/mm/shmem.c
-===================================================================
---- debian-kernel.orig/mm/shmem.c
-+++ debian-kernel/mm/shmem.c
-@@ -4158,6 +4158,7 @@ int shmem_zero_setup(struct vm_area_stru
- 
- 	return 0;
- }
-+EXPORT_SYMBOL_GPL(shmem_zero_setup);
- 
- /**
-  * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags.
-Index: debian-kernel/mm/vmalloc.c
-===================================================================
---- debian-kernel.orig/mm/vmalloc.c
-+++ debian-kernel/mm/vmalloc.c
-@@ -1278,6 +1278,7 @@ overflow:
- 	kmem_cache_free(vmap_area_cachep, va);
- 	return ERR_PTR(-EBUSY);
- }
-+EXPORT_SYMBOL_GPL(map_kernel_range_noflush);
- 
- int register_vmap_purge_notifier(struct notifier_block *nb)
- {
-@@ -2147,6 +2148,7 @@ struct vm_struct *get_vm_area(unsigned l
- 				  NUMA_NO_NODE, GFP_KERNEL,
- 				  __builtin_return_address(0));
- }
-+EXPORT_SYMBOL_GPL(get_vm_area);
- 
- struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags,
- 				const void *caller)
-Index: debian-kernel/security/security.c
-===================================================================
---- debian-kernel.orig/security/security.c
-+++ debian-kernel/security/security.c
-@@ -725,24 +725,28 @@ int security_binder_set_context_mgr(stru
- {
- 	return call_int_hook(binder_set_context_mgr, 0, mgr);
- }
-+EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
- 
- int security_binder_transaction(struct task_struct *from,
- 				struct task_struct *to)
- {
- 	return call_int_hook(binder_transaction, 0, from, to);
- }
-+EXPORT_SYMBOL_GPL(security_binder_transaction);
- 
- int security_binder_transfer_binder(struct task_struct *from,
- 				    struct task_struct *to)
- {
- 	return call_int_hook(binder_transfer_binder, 0, from, to);
- }
-+EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
- 
- int security_binder_transfer_file(struct task_struct *from,
- 				  struct task_struct *to, struct file *file)
- {
- 	return call_int_hook(binder_transfer_file, 0, from, to, file);
- }
-+EXPORT_SYMBOL_GPL(security_binder_transfer_file);
- 
- int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
- {