[arch-commits] Commit in linux-hardened/trunk (3 files)

Levente Polyak anthraxx at archlinux.org
Sun Feb 18 20:04:15 UTC 2018 

    Date: Sunday, February 18, 2018 @ 20:04:14
  Author: anthraxx
Revision: 296246

upgpkg: linux-hardened 4.15.4.a-1

Added:
  linux-hardened/trunk/x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch
Modified:
  linux-hardened/trunk/PKGBUILD
  linux-hardened/trunk/config.x86_64

------------------------------------------------------------+
 PKGBUILD                                                   |   25 +-
 config.x86_64                                              |  126 ++++-------
 x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch |   59 +++++
 3 files changed, 121 insertions(+), 89 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-02-18 19:09:29 UTC (rev 296245)
+++ PKGBUILD	2018-02-18 20:04:14 UTC (rev 296246)
@@ -5,7 +5,7 @@
 
 pkgbase=linux-hardened
 _srcname=linux-4.15
-_pkgver=4.15.2
+_pkgver=4.15.4
 pkgver=${_pkgver}.a
 pkgrel=1
 url='https://github.com/copperhead/linux-hardened'
@@ -25,19 +25,21 @@
 
         # https://bugs.archlinux.org/task/56711
         drm-i915-edp-Only-use-the-alternate-fixed-mode-if-its-asked-for.patch
+        x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch
 )
 replaces=('linux-grsec')
 sha256sums=('5a26478906d5005f4f809402e981518d2b8844949199f60c4b6e1f986ca2a769'
             'SKIP'
-            '812499c5d0cc5183606dc9388084df162ca2eb5fa374d8f8b00136fd82825847'
+            '5f8344fcc6b15be5f53001bb18df342bf5877563239f03271c236e3a40db89e8'
             'SKIP'
-            'c8a0c7fc3ef0ea4d7fe6f786b9987952e62c6bce7e3b20002358848c2117cfd9'
+            '176355facdd3a0e8b8bfbb92d1a6a321b854391da96f5c142054f37fd6548bb9'
             'SKIP'
-            'a907b24a2e46934c621d9a9cdbc7bd2e9379ebc8cdc6856da436eb0a29542c3a'
+            'd27d4c2d5d9731addcc322d3e33e8d0b5d6a47cb137c8da121c533ed952a6056'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
-            'c08d12c699398ef88b764be1837b9ee11f2efd3188bd1bf4e8f85dfbeee58148')
+            'c08d12c699398ef88b764be1837b9ee11f2efd3188bd1bf4e8f85dfbeee58148'
+            'fec79162a6220b7bf4d663c156303af61405d66427dd49351aa9fb9373c882e5')
 validpgpkeys=(
               'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
               '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@@ -76,8 +78,10 @@
 CONFIG_LOCALVERSION_AUTO=n
 END
 
-  # set extraversion to pkgrel
-  sed -i "/^EXTRAVERSION =/s/=.*/= -${pkgrel}/" Makefile
+  # set extraversion to pkgrel and empty localversion
+  sed -e "/^EXTRAVERSION =/s/=.*/= -${pkgrel}/" \
+      -e "/^EXTRAVERSION =/aLOCALVERSION =" \
+      -i Makefile
 
   # don't run depmod on 'make install'. We'll do this ourselves in packaging
   sed -i '2iexit 0' scripts/depmod.sh
@@ -99,7 +103,8 @@
 
 build() {
   cd ${_srcname}
-  make LOCALVERSION= bzImage modules
+
+  make bzImage modules
 }
 
 _package() {
@@ -113,12 +118,12 @@
   cd ${_srcname}
 
   # get kernel version
-  _kernver="$(make LOCALVERSION= kernelrelease)"
+  _kernver="$(make kernelrelease)"
   _basekernel=${_kernver%%-*}
   _basekernel=${_basekernel%.*}
 
   mkdir -p "${pkgdir}"/{boot,usr/lib/modules}
-  make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}/usr" modules_install
+  make INSTALL_MOD_PATH="${pkgdir}/usr" modules_install
   cp arch/x86/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
 
   # make room for external modules

Modified: config.x86_64
===================================================================
--- config.x86_64	2018-02-18 19:09:29 UTC (rev 296245)
+++ config.x86_64	2018-02-18 20:04:14 UTC (rev 296246)
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.15.1 Kernel Configuration
+# Linux/x86 4.15.4 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -139,11 +139,11 @@
 #
 # RCU Subsystem
 #
-CONFIG_TREE_RCU=y
+CONFIG_PREEMPT_RCU=y
 CONFIG_RCU_EXPERT=y
 CONFIG_SRCU=y
 CONFIG_TREE_SRCU=y
-# CONFIG_TASKS_RCU is not set
+CONFIG_TASKS_RCU=y
 CONFIG_RCU_STALL_COMMON=y
 CONFIG_RCU_NEED_SEGCBLIST=y
 CONFIG_CONTEXT_TRACKING=y
@@ -151,6 +151,8 @@
 CONFIG_RCU_FANOUT=32
 CONFIG_RCU_FANOUT_LEAF=16
 CONFIG_RCU_FAST_NO_HZ=y
+CONFIG_RCU_BOOST=y
+CONFIG_RCU_BOOST_DELAY=500
 CONFIG_RCU_NOCB_CPU=y
 CONFIG_BUILD_BIN2C=y
 CONFIG_IKCONFIG=y
@@ -447,11 +449,7 @@
 CONFIG_PREEMPT_NOTIFIERS=y
 CONFIG_PADATA=y
 CONFIG_ASN1=y
-CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
-CONFIG_INLINE_READ_UNLOCK=y
-CONFIG_INLINE_READ_UNLOCK_IRQ=y
-CONFIG_INLINE_WRITE_UNLOCK=y
-CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_UNINLINE_SPIN_UNLOCK=y
 CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
 CONFIG_MUTEX_SPIN_ON_OWNER=y
 CONFIG_RWSEM_SPIN_ON_OWNER=y
@@ -531,8 +529,9 @@
 CONFIG_SCHED_MC=y
 CONFIG_SCHED_MC_PRIO=y
 # CONFIG_PREEMPT_NONE is not set
-CONFIG_PREEMPT_VOLUNTARY=y
-# CONFIG_PREEMPT is not set
+# CONFIG_PREEMPT_VOLUNTARY is not set
+CONFIG_PREEMPT=y
+CONFIG_PREEMPT_COUNT=y
 CONFIG_X86_LOCAL_APIC=y
 CONFIG_X86_IO_APIC=y
 CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
@@ -552,7 +551,7 @@
 CONFIG_PERF_EVENTS_INTEL_CSTATE=m
 CONFIG_PERF_EVENTS_AMD_POWER=m
 # CONFIG_VM86 is not set
-# CONFIG_X86_VSYSCALL_EMULATION is not set
+CONFIG_X86_VSYSCALL_EMULATION=y
 CONFIG_I8K=m
 CONFIG_MICROCODE=y
 CONFIG_MICROCODE_INTEL=y
@@ -945,7 +944,7 @@
 CONFIG_RAPIDIO_TSI568=m
 CONFIG_RAPIDIO_CPS_GEN2=m
 CONFIG_RAPIDIO_RXS_GEN3=m
-CONFIG_X86_SYSFB=y
+# CONFIG_X86_SYSFB is not set
 
 #
 # Executable file formats / Emulations
@@ -1030,7 +1029,7 @@
 CONFIG_INET_DIAG_DESTROY=y
 CONFIG_TCP_CONG_ADVANCED=y
 CONFIG_TCP_CONG_BIC=m
-CONFIG_TCP_CONG_CUBIC=m
+CONFIG_TCP_CONG_CUBIC=y
 CONFIG_TCP_CONG_WESTWOOD=m
 CONFIG_TCP_CONG_HTCP=m
 CONFIG_TCP_CONG_HSTCP=m
@@ -1044,10 +1043,10 @@
 CONFIG_TCP_CONG_ILLINOIS=m
 CONFIG_TCP_CONG_DCTCP=m
 CONFIG_TCP_CONG_CDG=m
-CONFIG_TCP_CONG_BBR=y
-CONFIG_DEFAULT_BBR=y
+CONFIG_TCP_CONG_BBR=m
+CONFIG_DEFAULT_CUBIC=y
 # CONFIG_DEFAULT_RENO is not set
-CONFIG_DEFAULT_TCP_CONG="bbr"
+CONFIG_DEFAULT_TCP_CONG="cubic"
 CONFIG_TCP_MD5SIG=y
 CONFIG_IPV6=y
 CONFIG_IPV6_ROUTER_PREF=y
@@ -1545,19 +1544,19 @@
 CONFIG_NET_SCH_CHOKE=m
 CONFIG_NET_SCH_QFQ=m
 CONFIG_NET_SCH_CODEL=m
-CONFIG_NET_SCH_FQ_CODEL=m
-CONFIG_NET_SCH_FQ=y
+CONFIG_NET_SCH_FQ_CODEL=y
+CONFIG_NET_SCH_FQ=m
 CONFIG_NET_SCH_HHF=m
 CONFIG_NET_SCH_PIE=m
 CONFIG_NET_SCH_INGRESS=m
 CONFIG_NET_SCH_PLUG=m
 CONFIG_NET_SCH_DEFAULT=y
-CONFIG_DEFAULT_FQ=y
+# CONFIG_DEFAULT_FQ is not set
 # CONFIG_DEFAULT_CODEL is not set
-# CONFIG_DEFAULT_FQ_CODEL is not set
+CONFIG_DEFAULT_FQ_CODEL=y
 # CONFIG_DEFAULT_SFQ is not set
 # CONFIG_DEFAULT_PFIFO_FAST is not set
-CONFIG_DEFAULT_NET_SCH="fq"
+CONFIG_DEFAULT_NET_SCH="fq_codel"
 
 #
 # Classification
@@ -2747,6 +2746,9 @@
 CONFIG_MACB_PCI=m
 CONFIG_NET_VENDOR_BROADCOM=y
 CONFIG_B44=m
+CONFIG_B44_PCI_AUTOSELECT=y
+CONFIG_B44_PCICORE_AUTOSELECT=y
+CONFIG_B44_PCI=y
 CONFIG_BCMGENET=m
 CONFIG_BNX2=m
 CONFIG_CNIC=m
@@ -3176,6 +3178,8 @@
 CONFIG_B43_BUSES_BCMA_AND_SSB=y
 # CONFIG_B43_BUSES_BCMA is not set
 # CONFIG_B43_BUSES_SSB is not set
+CONFIG_B43_PCI_AUTOSELECT=y
+CONFIG_B43_PCICORE_AUTOSELECT=y
 CONFIG_B43_SDIO=y
 CONFIG_B43_BCMA_PIO=y
 CONFIG_B43_PIO=y
@@ -3187,6 +3191,8 @@
 CONFIG_B43_HWRNG=y
 # CONFIG_B43_DEBUG is not set
 CONFIG_B43LEGACY=m
+CONFIG_B43LEGACY_PCI_AUTOSELECT=y
+CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y
 CONFIG_B43LEGACY_LEDS=y
 CONFIG_B43LEGACY_HWRNG=y
 CONFIG_B43LEGACY_DEBUG=y
@@ -4732,6 +4738,9 @@
 CONFIG_SSB=m
 CONFIG_SSB_SPROM=y
 CONFIG_SSB_BLOCKIO=y
+CONFIG_SSB_PCIHOST_POSSIBLE=y
+CONFIG_SSB_PCIHOST=y
+CONFIG_SSB_B43_PCI_BRIDGE=y
 CONFIG_SSB_PCMCIAHOST_POSSIBLE=y
 CONFIG_SSB_PCMCIAHOST=y
 CONFIG_SSB_SDIOHOST_POSSIBLE=y
@@ -4738,6 +4747,8 @@
 CONFIG_SSB_SDIOHOST=y
 # CONFIG_SSB_SILENT is not set
 # CONFIG_SSB_DEBUG is not set
+CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y
+CONFIG_SSB_DRIVER_PCICORE=y
 CONFIG_SSB_DRIVER_GPIO=y
 CONFIG_BCMA_POSSIBLE=y
 CONFIG_BCMA=m
@@ -4989,6 +5000,7 @@
 CONFIG_REGULATOR_WM8994=m
 CONFIG_CEC_CORE=m
 CONFIG_CEC_NOTIFIER=y
+CONFIG_CEC_PIN=y
 CONFIG_RC_CORE=m
 CONFIG_RC_MAP=m
 CONFIG_RC_DECODERS=y
@@ -5340,6 +5352,7 @@
 CONFIG_VIDEO_VIM2M=m
 CONFIG_DVB_PLATFORM_DRIVERS=y
 CONFIG_CEC_PLATFORM_DRIVERS=y
+CONFIG_CEC_GPIO=m
 CONFIG_SDR_PLATFORM_DRIVERS=y
 
 #
@@ -5750,7 +5763,7 @@
 #
 CONFIG_DRM_AMD_DC=y
 CONFIG_DRM_AMD_DC_PRE_VEGA=y
-CONFIG_DRM_AMD_DC_FBC=y
+# CONFIG_DRM_AMD_DC_FBC is not set
 CONFIG_DRM_AMD_DC_DCN1_0=y
 # CONFIG_DEBUG_KERNEL_DC is not set
 
@@ -5899,8 +5912,14 @@
 # CONFIG_FB_HGA is not set
 # CONFIG_FB_OPENCORES is not set
 # CONFIG_FB_S1D13XXX is not set
-# CONFIG_FB_NVIDIA is not set
-# CONFIG_FB_RIVA is not set
+CONFIG_FB_NVIDIA=m
+CONFIG_FB_NVIDIA_I2C=y
+# CONFIG_FB_NVIDIA_DEBUG is not set
+CONFIG_FB_NVIDIA_BACKLIGHT=y
+CONFIG_FB_RIVA=m
+CONFIG_FB_RIVA_I2C=y
+# CONFIG_FB_RIVA_DEBUG is not set
+CONFIG_FB_RIVA_BACKLIGHT=y
 # CONFIG_FB_I740 is not set
 # CONFIG_FB_LE80578 is not set
 # CONFIG_FB_INTEL is not set
@@ -7680,41 +7699,7 @@
 CONFIG_UNISYSSPAR=y
 # CONFIG_UNISYS_VISORBUS is not set
 CONFIG_COMMON_CLK_XLNX_CLKWZRD=m
-CONFIG_FB_TFT=m
-# CONFIG_FB_TFT_AGM1264K_FL is not set
-# CONFIG_FB_TFT_BD663474 is not set
-# CONFIG_FB_TFT_HX8340BN is not set
-# CONFIG_FB_TFT_HX8347D is not set
-# CONFIG_FB_TFT_HX8353D is not set
-# CONFIG_FB_TFT_HX8357D is not set
-# CONFIG_FB_TFT_ILI9163 is not set
-# CONFIG_FB_TFT_ILI9320 is not set
-# CONFIG_FB_TFT_ILI9325 is not set
-# CONFIG_FB_TFT_ILI9340 is not set
-# CONFIG_FB_TFT_ILI9341 is not set
-# CONFIG_FB_TFT_ILI9481 is not set
-# CONFIG_FB_TFT_ILI9486 is not set
-# CONFIG_FB_TFT_PCD8544 is not set
-# CONFIG_FB_TFT_RA8875 is not set
-# CONFIG_FB_TFT_S6D02A1 is not set
-# CONFIG_FB_TFT_S6D1121 is not set
-# CONFIG_FB_TFT_SH1106 is not set
-# CONFIG_FB_TFT_SSD1289 is not set
-# CONFIG_FB_TFT_SSD1305 is not set
-# CONFIG_FB_TFT_SSD1306 is not set
-# CONFIG_FB_TFT_SSD1325 is not set
-# CONFIG_FB_TFT_SSD1331 is not set
-# CONFIG_FB_TFT_SSD1351 is not set
-# CONFIG_FB_TFT_ST7735R is not set
-# CONFIG_FB_TFT_ST7789V is not set
-# CONFIG_FB_TFT_TINYLCD is not set
-# CONFIG_FB_TFT_TLS8204 is not set
-# CONFIG_FB_TFT_UC1611 is not set
-# CONFIG_FB_TFT_UC1701 is not set
-# CONFIG_FB_TFT_UPD161704 is not set
-# CONFIG_FB_TFT_WATTEROTT is not set
-# CONFIG_FB_FLEX is not set
-# CONFIG_FB_TFT_FBTFT_DEVICE is not set
+# CONFIG_FB_TFT is not set
 CONFIG_WILC1000=m
 CONFIG_WILC1000_SDIO=m
 CONFIG_WILC1000_SPI=m
@@ -7729,26 +7714,7 @@
 CONFIG_HDM_I2C=m
 CONFIG_HDM_USB=m
 CONFIG_KS7010=m
-CONFIG_GREYBUS=m
-CONFIG_GREYBUS_ES2=m
-CONFIG_GREYBUS_AUDIO=m
-CONFIG_GREYBUS_BOOTROM=m
-CONFIG_GREYBUS_FIRMWARE=m
-CONFIG_GREYBUS_HID=m
-CONFIG_GREYBUS_LIGHT=m
-CONFIG_GREYBUS_LOG=m
-CONFIG_GREYBUS_LOOPBACK=m
-CONFIG_GREYBUS_POWER=m
-CONFIG_GREYBUS_RAW=m
-CONFIG_GREYBUS_VIBRATOR=m
-CONFIG_GREYBUS_BRIDGED_PHY=m
-CONFIG_GREYBUS_GPIO=m
-CONFIG_GREYBUS_I2C=m
-CONFIG_GREYBUS_PWM=m
-CONFIG_GREYBUS_SDIO=m
-CONFIG_GREYBUS_SPI=m
-CONFIG_GREYBUS_UART=m
-CONFIG_GREYBUS_USB=m
+# CONFIG_GREYBUS is not set
 CONFIG_CRYPTO_DEV_CCREE=m
 
 #
@@ -8996,6 +8962,7 @@
 CONFIG_SCHEDSTATS=y
 CONFIG_SCHED_STACK_END_CHECK=y
 # CONFIG_DEBUG_TIMEKEEPING is not set
+CONFIG_DEBUG_PREEMPT=y
 
 #
 # Lock Debugging (spinlocks, mutexes, etc...)
@@ -9061,6 +9028,7 @@
 CONFIG_FUNCTION_GRAPH_TRACER=y
 # CONFIG_PREEMPTIRQ_EVENTS is not set
 # CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_PREEMPT_TRACER is not set
 CONFIG_SCHED_TRACER=y
 CONFIG_HWLAT_TRACER=y
 CONFIG_FTRACE_SYSCALLS=y

Added: x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch
===================================================================
--- x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch	                        (rev 0)
+++ x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch	2018-02-18 20:04:14 UTC (rev 296246)
@@ -0,0 +1,59 @@
+From 4f277295e54c5b7340e48efea3fc5cc21a2872b7 Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross at suse.com>
+Date: Thu, 1 Feb 2018 13:40:19 +0100
+Subject: [PATCH] x86/xen: init %gs very early to avoid page faults with stack
+ protector
+
+When running as Xen pv guest %gs is initialized some time after
+C code is started. Depending on stack protector usage this might be
+too late, resulting in page faults.
+
+So setup %gs and MSR_GS_BASE in assembly code already.
+
+Cc: stable at vger.kernel.org
+Signed-off-by: Juergen Gross <jgross at suse.com>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky at oracle.com>
+Tested-by: Chris Patterson <cjp256 at gmail.com>
+Signed-off-by: Juergen Gross <jgross at suse.com>
+---
+ arch/x86/xen/xen-head.S | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
+index 497cc55a0c16..96f26e026783 100644
+--- a/arch/x86/xen/xen-head.S
++++ b/arch/x86/xen/xen-head.S
+@@ -9,7 +9,9 @@
+ 
+ #include <asm/boot.h>
+ #include <asm/asm.h>
++#include <asm/msr.h>
+ #include <asm/page_types.h>
++#include <asm/percpu.h>
+ #include <asm/unwind_hints.h>
+ 
+ #include <xen/interface/elfnote.h>
+@@ -35,6 +37,20 @@ ENTRY(startup_xen)
+ 	mov %_ASM_SI, xen_start_info
+ 	mov $init_thread_union+THREAD_SIZE, %_ASM_SP
+ 
++#ifdef CONFIG_X86_64
++	/* Set up %gs.
++	 *
++	 * The base of %gs always points to the bottom of the irqstack
++	 * union.  If the stack protector canary is enabled, it is
++	 * located at %gs:40.  Note that, on SMP, the boot cpu uses
++	 * init data section till per cpu areas are set up.
++	 */
++	movl	$MSR_GS_BASE,%ecx
++	movq	$INIT_PER_CPU_VAR(irq_stack_union),%rax
++	cdq
++	wrmsr
++#endif
++
+ 	jmp xen_start_kernel
+ END(startup_xen)
+ 	__FINIT
+-- 
+2.16.1
+

More information about the arch-commits mailing list