diff options
author | graysky | 2021-06-16 19:19:38 -0400 |
---|---|---|
committer | graysky | 2021-06-16 19:19:38 -0400 |
commit | fd3f4dc3c4e6b0f261feee42ad12089cb335e071 (patch) | |
tree | a083b8c6f315d13c9dead2350684f0dc55b948d9 | |
parent | e4a2f8e9871ec063723175322dabce947801e09e (diff) | |
download | aur-fd3f4dc3c4e6b0f261feee42ad12089cb335e071.tar.gz |
Update to 5.12.11-1
-rw-r--r-- | .SRCINFO | 24 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 6 | ||||
-rw-r--r-- | 0002-x86-setup-Consolidate-early-memory-reservations.patch | 188 | ||||
-rw-r--r-- | 0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch | 67 | ||||
-rw-r--r-- | 0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch | 87 | ||||
-rw-r--r-- | 0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch | 170 | ||||
-rw-r--r-- | 0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch | 114 | ||||
-rw-r--r-- | 0007-x86-crash-remove-crash_reserve_low_1M.patch | 58 | ||||
-rw-r--r-- | PKGBUILD | 20 | ||||
-rw-r--r-- | config | 5 |
10 files changed, 723 insertions, 16 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-ck - pkgver = 5.12.10 + pkgver = 5.12.11 pkgrel = 1 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 @@ -12,20 +12,32 @@ pkgbase = linux-ck makedepends = tar makedepends = xz options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.12.10.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.12.10.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.12.11.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.12.11.tar.sign source = config source = more-uarches-20210610.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/20210610.tar.gz source = http://ck.kolivas.org/patches/5.0/5.12/5.12-ck1/patch-5.12-ck1.xz source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch + source = 0002-x86-setup-Consolidate-early-memory-reservations.patch + source = 0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch + source = 0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch + source = 0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch + source = 0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch + source = 0007-x86-crash-remove-crash_reserve_low_1M.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - b2sums = b40ef5a11ca435299899e8131fa72af147455cd8ebee4c0e187572b1f628e66d2b6fbb318308bc911a598d8303d1ab3622d52966deaa5c48d59dcd65f4f58687 + b2sums = b5955fc1dc1ae416ef90c44d871f109d6a9130e5fc8b60f73cf98e14f4ce48b0030c79053d88c335c43ac6ab6f5786f9f054577f76c30f5505ed2d70e62d9aa0 b2sums = SKIP - b2sums = 18d9f071699c9e9bb4c7d340f4d688554b818a4f7fdcefeee24b8b39fc9328737c6967cfd7e884b518e0c87cfb64ac7a10368ac82436d73f96f0881b5c201099 + b2sums = 9d38db65163a640071539e20a2ac4d8352e07cee26cfb997e6d0e9951bcbe2184c3be4f41a6a4073080e73b743dd86690a056cf6aa1aa607c967e37fa470a8cf b2sums = 30d1df754608bb423cbc99c2097ad521baa091b9a3b39df4bd5c2d50c57eec54d8fa0e4a4a04b847c3d1b87ba682cadc8db45fabeefdc9ad7caaf8e77b96e41a b2sums = c9f729ba1efe6f04e7b2c57d3999bc9675b577596dccb2f227e5b6e444285e1fdd270bf67c0fcf9f5808a4c3a4b1c7a5c13a76f754ad9b9447243ccbaf2ce6a3 - b2sums = e1eccb5b6b728e3852ade55dae7a53b8b6bd5f0fb2a330b99e85bfa64abaa430cb714d301ed169df14a1f302a75d952992f0d8fa6ab02fa6716165bdf23b63aa + b2sums = dda152592dec643bce44754bf5d2d43a5897cc57f8dc258b87857055a45abf903d619aba1de389228cb086a17fedea5458f8fe2c0993fa20213bb7c5bca331c8 + b2sums = 13330cf57b5c6b928ea73bd30479010688cf8d2003107b041a7fdad33c1ac225c8c905bef235cd762d6ea76be754b5db6be769526bacf7333298f72d6afff535 + b2sums = 381e0f177faa3090d1abf4d11a97db535712840870265dea167d7692dee7733a226d09c103d01705d5c0809fa66c7a23efea9da2473da672644b06e31db77083 + b2sums = cd9da0dee048fc52a3032343f122c2055081eeedfc8a3e5227218f0f63fc7618e8fe744c8caa7e3a2ca844f4aaf7314b57a306d0d3b1849e97b24687b8c5a501 + b2sums = 1810832172e1b006a5471d8e317573343884feed9abc9e7380a32d83c958b0e6aa68adf9a647c9b7b714783997591f5d80e754c6e7357279661eee998f22864c + b2sums = 4e7cb958f95d99bba9810e675d4f1b0b3c171f78e9fe96ff9d265f792f4ceb1367f2f4d238f36b5ca1c395e14abdabbf0f8ce2dc07c4fe567d822a8b629dfa05 + b2sums = 2251f8bf84e141b4661f84cc2ce7b21783ac0a349b2651477dfcbc5383b796b2e588d85ee411398b15c820cb3672256be8ed281c8bccfad252c9dd5b0e1e0cd5 pkgname = linux-ck pkgdesc = The Linux-ck kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index 79dab97ee81a..73e35ef52bf5 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,7 +1,7 @@ -From f8f830397db175f686669b8b36755a6e5d5c3f03 Mon Sep 17 00:00:00 2001 +From fa17daad7209d62169553ce6336ef29ba4748049 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: [PATCH 1/2] ZEN: Add sysctl and CONFIG to disallow unprivileged +Subject: [PATCH 1/8] ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER Our default behavior continues to match the vanilla kernel. @@ -150,5 +150,5 @@ index 9a4b980d695b..4388ca13ea3f 100644 static DEFINE_MUTEX(userns_state_mutex); -- -2.31.1 +2.32.0 diff --git a/0002-x86-setup-Consolidate-early-memory-reservations.patch b/0002-x86-setup-Consolidate-early-memory-reservations.patch new file mode 100644 index 000000000000..20c380797611 --- /dev/null +++ b/0002-x86-setup-Consolidate-early-memory-reservations.patch @@ -0,0 +1,188 @@ +From 56e6bb0fe2b790adda81851794409faa533e521c Mon Sep 17 00:00:00 2001 +From: Mike Rapoport <rppt@linux.ibm.com> +Date: Tue, 2 Mar 2021 12:04:05 +0200 +Subject: [PATCH 2/8] x86/setup: Consolidate early memory reservations + +The early reservations of memory areas used by the firmware, bootloader, +kernel text and data are spread over setup_arch(). Moreover, some of them +happen *after* memblock allocations, e.g trim_platform_memory_ranges() and +trim_low_memory_range() are called after reserve_real_mode() that allocates +memory. + +There was no corruption of these memory regions because memblock always +allocates memory either from the end of memory (in top-down mode) or above +the kernel image (in bottom-up mode). However, the bottom up mode is going +to be updated to span the entire memory [1] to avoid limitations caused by +KASLR. + +Consolidate early memory reservations in a dedicated function to improve +robustness against future changes. Having the early reservations in one +place also makes it clearer what memory must be reserved before memblock +allocations are allowed. + +Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> +Signed-off-by: Borislav Petkov <bp@suse.de> +Reviewed-by: Baoquan He <bhe@redhat.com> +Acked-by: Borislav Petkov <bp@suse.de> +Acked-by: David Hildenbrand <david@redhat.com> +Link: [1] https://lore.kernel.org/lkml/20201217201214.3414100-2-guro@fb.com +Link: https://lkml.kernel.org/r/20210302100406.22059-2-rppt@kernel.org +--- + arch/x86/kernel/setup.c | 92 ++++++++++++++++++++--------------------- + 1 file changed, 44 insertions(+), 48 deletions(-) + +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index e79f21d13a0d..420d881da2bd 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -646,18 +646,6 @@ static void __init trim_snb_memory(void) + } + } + +-/* +- * Here we put platform-specific memory range workarounds, i.e. +- * memory known to be corrupt or otherwise in need to be reserved on +- * specific platforms. +- * +- * If this gets used more widely it could use a real dispatch mechanism. +- */ +-static void __init trim_platform_memory_ranges(void) +-{ +- trim_snb_memory(); +-} +- + static void __init trim_bios_range(void) + { + /* +@@ -730,7 +718,38 @@ static void __init trim_low_memory_range(void) + { + memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE)); + } +- ++ ++static void __init early_reserve_memory(void) ++{ ++ /* ++ * Reserve the memory occupied by the kernel between _text and ++ * __end_of_kernel_reserve symbols. Any kernel sections after the ++ * __end_of_kernel_reserve symbol must be explicitly reserved with a ++ * separate memblock_reserve() or they will be discarded. ++ */ ++ memblock_reserve(__pa_symbol(_text), ++ (unsigned long)__end_of_kernel_reserve - (unsigned long)_text); ++ ++ /* ++ * Make sure page 0 is always reserved because on systems with ++ * L1TF its contents can be leaked to user processes. ++ */ ++ memblock_reserve(0, PAGE_SIZE); ++ ++ early_reserve_initrd(); ++ ++ if (efi_enabled(EFI_BOOT)) ++ efi_memblock_x86_reserve_range(); ++ ++ memblock_x86_reserve_range_setup_data(); ++ ++ reserve_ibft_region(); ++ reserve_bios_regions(); ++ ++ trim_snb_memory(); ++ trim_low_memory_range(); ++} ++ + /* + * Dump out kernel offset information on panic. + */ +@@ -765,29 +784,6 @@ dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p) + + void __init setup_arch(char **cmdline_p) + { +- /* +- * Reserve the memory occupied by the kernel between _text and +- * __end_of_kernel_reserve symbols. Any kernel sections after the +- * __end_of_kernel_reserve symbol must be explicitly reserved with a +- * separate memblock_reserve() or they will be discarded. +- */ +- memblock_reserve(__pa_symbol(_text), +- (unsigned long)__end_of_kernel_reserve - (unsigned long)_text); +- +- /* +- * Make sure page 0 is always reserved because on systems with +- * L1TF its contents can be leaked to user processes. +- */ +- memblock_reserve(0, PAGE_SIZE); +- +- early_reserve_initrd(); +- +- /* +- * At this point everything still needed from the boot loader +- * or BIOS or kernel text should be early reserved or marked not +- * RAM in e820. All other memory is free game. +- */ +- + #ifdef CONFIG_X86_32 + memcpy(&boot_cpu_data, &new_cpu_data, sizeof(new_cpu_data)); + +@@ -911,8 +907,18 @@ void __init setup_arch(char **cmdline_p) + + parse_early_param(); + +- if (efi_enabled(EFI_BOOT)) +- efi_memblock_x86_reserve_range(); ++ /* ++ * Do some memory reservations *before* memory is added to ++ * memblock, so memblock allocations won't overwrite it. ++ * Do it after early param, so we could get (unlikely) panic from ++ * serial. ++ * ++ * After this point everything still needed from the boot loader or ++ * firmware or kernel text should be early reserved or marked not ++ * RAM in e820. All other memory is free game. ++ */ ++ early_reserve_memory(); ++ + #ifdef CONFIG_MEMORY_HOTPLUG + /* + * Memory used by the kernel cannot be hot-removed because Linux +@@ -939,9 +945,6 @@ void __init setup_arch(char **cmdline_p) + + x86_report_nx(); + +- /* after early param, so could get panic from serial */ +- memblock_x86_reserve_range_setup_data(); +- + if (acpi_mps_check()) { + #ifdef CONFIG_X86_LOCAL_APIC + disable_apic = 1; +@@ -1033,8 +1036,6 @@ void __init setup_arch(char **cmdline_p) + */ + find_smp_config(); + +- reserve_ibft_region(); +- + early_alloc_pgt_buf(); + + /* +@@ -1055,8 +1056,6 @@ void __init setup_arch(char **cmdline_p) + */ + sev_setup_arch(); + +- reserve_bios_regions(); +- + efi_fake_memmap(); + efi_find_mirror(); + efi_esrt_init(); +@@ -1082,9 +1081,6 @@ void __init setup_arch(char **cmdline_p) + + reserve_real_mode(); + +- trim_platform_memory_ranges(); +- trim_low_memory_range(); +- + init_mem_mapping(); + + idt_setup_early_pf(); +-- +2.32.0 + diff --git a/0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch b/0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch new file mode 100644 index 000000000000..eca80260ba10 --- /dev/null +++ b/0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch @@ -0,0 +1,67 @@ +From e63cb4a867fe803dc90376af8b268ba1549ec36e Mon Sep 17 00:00:00 2001 +From: Mike Rapoport <rppt@linux.ibm.com> +Date: Tue, 2 Mar 2021 12:04:06 +0200 +Subject: [PATCH 3/8] x86/setup: Merge several reservations of start of memory + +Currently, the first several pages are reserved both to avoid leaking +their contents on systems with L1TF and to avoid corrupting BIOS memory. + +Merge the two memory reservations. + +Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> +Signed-off-by: Borislav Petkov <bp@suse.de> +Reviewed-by: David Hildenbrand <david@redhat.com> +Acked-by: Borislav Petkov <bp@suse.de> +Link: https://lkml.kernel.org/r/20210302100406.22059-3-rppt@kernel.org +--- + arch/x86/kernel/setup.c | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) + +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index 420d881da2bd..282d572e49af 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -714,11 +714,6 @@ static int __init parse_reservelow(char *p) + + early_param("reservelow", parse_reservelow); + +-static void __init trim_low_memory_range(void) +-{ +- memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE)); +-} +- + static void __init early_reserve_memory(void) + { + /* +@@ -731,10 +726,17 @@ static void __init early_reserve_memory(void) + (unsigned long)__end_of_kernel_reserve - (unsigned long)_text); + + /* +- * Make sure page 0 is always reserved because on systems with +- * L1TF its contents can be leaked to user processes. ++ * The first 4Kb of memory is a BIOS owned area, but generally it is ++ * not listed as such in the E820 table. ++ * ++ * Reserve the first memory page and typically some additional ++ * memory (64KiB by default) since some BIOSes are known to corrupt ++ * low memory. See the Kconfig help text for X86_RESERVE_LOW. ++ * ++ * In addition, make sure page 0 is always reserved because on ++ * systems with L1TF its contents can be leaked to user processes. + */ +- memblock_reserve(0, PAGE_SIZE); ++ memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE)); + + early_reserve_initrd(); + +@@ -747,7 +749,6 @@ static void __init early_reserve_memory(void) + reserve_bios_regions(); + + trim_snb_memory(); +- trim_low_memory_range(); + } + + /* +-- +2.32.0 + diff --git a/0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch b/0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch new file mode 100644 index 000000000000..8a8e4d194cc6 --- /dev/null +++ b/0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch @@ -0,0 +1,87 @@ +From c4b5e4bc8317ccb0a822429d87288d9f90453a04 Mon Sep 17 00:00:00 2001 +From: Mike Rapoport <rppt@linux.ibm.com> +Date: Tue, 13 Apr 2021 21:08:39 +0300 +Subject: [PATCH 4/8] x86/setup: Move trim_snb_memory() later in setup_arch() + to fix boot hangs + +Commit + + a799c2bd29d1 ("x86/setup: Consolidate early memory reservations") + +moved reservation of the memory inaccessible by Sandy Bride integrated +graphics very early, and, as a result, on systems with such devices +the first 1M was reserved by trim_snb_memory() which prevented the +allocation of the real mode trampoline and made the boot hang very +early. + +Since the purpose of trim_snb_memory() is to prevent problematic pages +ever reaching the graphics device, it is safe to reserve these pages +after memblock allocations are possible. + +Move trim_snb_memory() later in boot so that it will be called after +reserve_real_mode() and make comments describing trim_snb_memory() +operation more elaborate. + + [ bp: Massage a bit. ] + +Fixes: a799c2bd29d1 ("x86/setup: Consolidate early memory reservations") +Reported-by: Randy Dunlap <rdunlap@infradead.org> +Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> +Signed-off-by: Borislav Petkov <bp@suse.de> +Tested-by: Randy Dunlap <rdunlap@infradead.org> +Tested-by: Hugh Dickins <hughd@google.com> +Link: https://lkml.kernel.org/r/f67d3e03-af90-f790-baf4-8d412fe055af@infradead.org +--- + arch/x86/kernel/setup.c | 20 +++++++++++++++----- + 1 file changed, 15 insertions(+), 5 deletions(-) + +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index 282d572e49af..7d466f51be1f 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -634,11 +634,16 @@ static void __init trim_snb_memory(void) + printk(KERN_DEBUG "reserving inaccessible SNB gfx pages\n"); + + /* +- * Reserve all memory below the 1 MB mark that has not +- * already been reserved. ++ * SandyBridge integrated graphics devices have a bug that prevents ++ * them from accessing certain memory ranges, namely anything below ++ * 1M and in the pages listed in bad_pages[] above. ++ * ++ * To avoid these pages being ever accessed by SNB gfx devices ++ * reserve all memory below the 1 MB mark and bad_pages that have ++ * not already been reserved at boot time. + */ + memblock_reserve(0, 1<<20); +- ++ + for (i = 0; i < ARRAY_SIZE(bad_pages); i++) { + if (memblock_reserve(bad_pages[i], PAGE_SIZE)) + printk(KERN_WARNING "failed to reserve 0x%08lx\n", +@@ -747,8 +752,6 @@ static void __init early_reserve_memory(void) + + reserve_ibft_region(); + reserve_bios_regions(); +- +- trim_snb_memory(); + } + + /* +@@ -1082,6 +1085,13 @@ void __init setup_arch(char **cmdline_p) + + reserve_real_mode(); + ++ /* ++ * Reserving memory causing GPU hangs on Sandy Bridge integrated ++ * graphics devices should be done after we allocated memory under ++ * 1M for the real mode trampoline. ++ */ ++ trim_snb_memory(); ++ + init_mem_mapping(); + + idt_setup_early_pf(); +-- +2.32.0 + diff --git a/0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch b/0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch new file mode 100644 index 000000000000..169ba22ae2de --- /dev/null +++ b/0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch @@ -0,0 +1,170 @@ +From 3ffe8ae29143ee20e01b0bc4a63774182b59daf9 Mon Sep 17 00:00:00 2001 +From: Mike Rapoport <rppt@linux.ibm.com> +Date: Tue, 1 Jun 2021 10:53:52 +0300 +Subject: [PATCH 5/8] x86/setup: always reserve the first 1M of RAM + +There are BIOSes that are known to corrupt the memory under 1M, or more +precisely under 640K because the memory above 640K is anyway reserved for +the EGA/VGA frame buffer and BIOS. + +To prevent usage of the memory that will be potentially clobbered by the +kernel, the beginning of the memory is always reserved. The exact size of +the reserved area is determined by CONFIG_X86_RESERVE_LOW build time and +reservelow command line option. The reserved range may be from 4K to 640K +with the default of 64K. There are also configurations that reserve the +entire 1M range, like machines with SandyBridge graphic devices or systems +that enable crash kernel. + +In addition to the potentially clobbered memory, EBDA of unknown size may +be as low as 128K and the memory above that EBDA start is also reserved +early. + +It would have been possible to reserve the entire range under 1M unless for +the real mode trampoline that must reside in that area. + +To accommodate placement of the real mode trampoline and keep the memory +safe from being clobbered by BIOS reserve the first 64K of RAM before +memory allocations are possible and then, after the real mode trampoline is +allocated, reserve the entire range from 0 to 1M. + +Update trim_snb_memory() and reserve_real_mode() to avoid redundant +reservations of the same memory range. + +Also make sure the memory under 1M is not getting freed by +efi_free_boot_services(). + +Fixes: a799c2bd29d1 ("x86/setup: Consolidate early memory reservations") +Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> +--- + arch/x86/kernel/setup.c | 35 ++++++++++++++++++++-------------- + arch/x86/platform/efi/quirks.c | 12 ++++++++++++ + arch/x86/realmode/init.c | 14 ++++++++------ + 3 files changed, 41 insertions(+), 20 deletions(-) + +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index 7d466f51be1f..d7cfb927864f 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -638,11 +638,11 @@ static void __init trim_snb_memory(void) + * them from accessing certain memory ranges, namely anything below + * 1M and in the pages listed in bad_pages[] above. + * +- * To avoid these pages being ever accessed by SNB gfx devices +- * reserve all memory below the 1 MB mark and bad_pages that have +- * not already been reserved at boot time. ++ * To avoid these pages being ever accessed by SNB gfx devices reserve ++ * bad_pages that have not already been reserved at boot time. ++ * All memory below the 1 MB mark is anyway reserved later during ++ * setup_arch(), so there is no need to reserve it here. + */ +- memblock_reserve(0, 1<<20); + + for (i = 0; i < ARRAY_SIZE(bad_pages); i++) { + if (memblock_reserve(bad_pages[i], PAGE_SIZE)) +@@ -734,14 +734,14 @@ static void __init early_reserve_memory(void) + * The first 4Kb of memory is a BIOS owned area, but generally it is + * not listed as such in the E820 table. + * +- * Reserve the first memory page and typically some additional +- * memory (64KiB by default) since some BIOSes are known to corrupt +- * low memory. See the Kconfig help text for X86_RESERVE_LOW. ++ * Reserve the first 64K of memory since some BIOSes are known to ++ * corrupt low memory. After the real mode trampoline is allocated the ++ * rest of the memory below 640k is reserved. + * + * In addition, make sure page 0 is always reserved because on + * systems with L1TF its contents can be leaked to user processes. + */ +- memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE)); ++ memblock_reserve(0, SZ_64K); + + early_reserve_initrd(); + +@@ -752,6 +752,7 @@ static void __init early_reserve_memory(void) + + reserve_ibft_region(); + reserve_bios_regions(); ++ trim_snb_memory(); + } + + /* +@@ -1083,14 +1084,20 @@ void __init setup_arch(char **cmdline_p) + (max_pfn_mapped<<PAGE_SHIFT) - 1); + #endif + +- reserve_real_mode(); +- + /* +- * Reserving memory causing GPU hangs on Sandy Bridge integrated +- * graphics devices should be done after we allocated memory under +- * 1M for the real mode trampoline. ++ * Find free memory for the real mode trampoline and place it ++ * there. ++ * If there is not enough free memory under 1M, on EFI-enabled ++ * systems there will be additional attempt to reclaim the memory ++ * for the real mode trampoline at efi_free_boot_services(). ++ * ++ * Unconditionally reserve the entire first 1M of RAM because ++ * BIOSes are know to corrupt low memory and several ++ * hundred kilobytes are not worth complex detection what memory gets ++ * clobbered. Moreover, on machines with SandyBridge graphics or in ++ * setups that use crashkernel the entire 1M is anyway reserved. + */ +- trim_snb_memory(); ++ reserve_real_mode(); + + init_mem_mapping(); + +diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c +index 67d93a243c35..27561b56a821 100644 +--- a/arch/x86/platform/efi/quirks.c ++++ b/arch/x86/platform/efi/quirks.c +@@ -450,6 +450,18 @@ void __init efi_free_boot_services(void) + size -= rm_size; + } + ++ /* ++ * Don't free memory under 1M for two reasons: ++ * - BIOS might clobber it ++ * - Crash kernel needs it to be reserved ++ */ ++ if (start + size < SZ_1M) ++ continue; ++ if (start < SZ_1M) { ++ size -= (SZ_1M - start); ++ start = SZ_1M; ++ } ++ + memblock_free_late(start, size); + } + +diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c +index 22fda7d99159..ea42630d4e2e 100644 +--- a/arch/x86/realmode/init.c ++++ b/arch/x86/realmode/init.c +@@ -29,14 +29,16 @@ void __init reserve_real_mode(void) + + /* Has to be under 1M so we can execute real-mode AP code. */ + mem = memblock_find_in_range(0, 1<<20, size, PAGE_SIZE); +- if (!mem) { ++ if (!mem) + pr_info("No sub-1M memory is available for the trampoline\n"); +- return; +- } ++ else ++ set_real_mode_mem(mem); + +- memblock_reserve(mem, size); +- set_real_mode_mem(mem); +- crash_reserve_low_1M(); ++ /* ++ * Unconditionally reserve the entire fisrt 1M, see comment in ++ * setup_arch() ++ */ ++ memblock_reserve(0, SZ_1M); + } + + static void sme_sev_setup_real_mode(struct trampoline_header *th) +-- +2.32.0 + diff --git a/0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch b/0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch new file mode 100644 index 000000000000..a49d92c2252b --- /dev/null +++ b/0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch @@ -0,0 +1,114 @@ +From 2e68d15d0a146e9b13bfbaba5f260c82b8c3d049 Mon Sep 17 00:00:00 2001 +From: Mike Rapoport <rppt@linux.ibm.com> +Date: Tue, 1 Jun 2021 10:53:53 +0300 +Subject: [PATCH 6/8] x86/setup: remove CONFIG_X86_RESERVE_LOW and reservelow + options + +The CONFIG_X86_RESERVE_LOW build time and reservelow command line option +allowed to control the amount of memory under 1M that would be reserved at +boot to avoid using memory that can be potentially clobbered by BIOS. + +Since the entire range under 1M is always reserved there is no need for +these options and they can be removed. + +Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> +--- + .../admin-guide/kernel-parameters.txt | 5 ---- + arch/x86/Kconfig | 29 ------------------- + arch/x86/kernel/setup.c | 24 --------------- + 3 files changed, 58 deletions(-) + +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 835f810f2f26..479cc44cc4e2 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -4623,11 +4623,6 @@ + Reserves a hole at the top of the kernel virtual + address space. + +- reservelow= [X86] +- Format: nn[K] +- Set the amount of memory to reserve for BIOS at +- the bottom of the address space. +- + reset_devices [KNL] Force drivers to reset the underlying device + during initialization. + +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 861b1b794697..fc91be3b1bd1 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1688,35 +1688,6 @@ config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK + Set whether the default state of memory_corruption_check is + on or off. + +-config X86_RESERVE_LOW +- int "Amount of low memory, in kilobytes, to reserve for the BIOS" +- default 64 +- range 4 640 +- help +- Specify the amount of low memory to reserve for the BIOS. +- +- The first page contains BIOS data structures that the kernel +- must not use, so that page must always be reserved. +- +- By default we reserve the first 64K of physical RAM, as a +- number of BIOSes are known to corrupt that memory range +- during events such as suspend/resume or monitor cable +- insertion, so it must not be used by the kernel. +- +- You can set this to 4 if you are absolutely sure that you +- trust the BIOS to get all its memory reservations and usages +- right. If you know your BIOS have problems beyond the +- default 64K area, you can set this to 640 to avoid using the +- entire low memory range. +- +- If you have doubts about the BIOS (e.g. suspend/resume does +- not work or there's kernel crashes after certain hardware +- hotplug events) then you might want to enable +- X86_CHECK_BIOS_CORRUPTION=y to allow the kernel to check +- typical corruption patterns. +- +- Leave this to the default value of 64 if you are unsure. +- + config MATH_EMULATION + bool + depends on MODIFY_LDT_SYSCALL +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index d7cfb927864f..fbda4bbf75c1 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -695,30 +695,6 @@ static void __init e820_add_kernel_range(void) + e820__range_add(start, size, E820_TYPE_RAM); + } + +-static unsigned reserve_low = CONFIG_X86_RESERVE_LOW << 10; +- +-static int __init parse_reservelow(char *p) +-{ +- unsigned long long size; +- +- if (!p) +- return -EINVAL; +- +- size = memparse(p, &p); +- +- if (size < 4096) +- size = 4096; +- +- if (size > 640*1024) +- size = 640*1024; +- +- reserve_low = size; +- +- return 0; +-} +- +-early_param("reservelow", parse_reservelow); +- + static void __init early_reserve_memory(void) + { + /* +-- +2.32.0 + diff --git a/0007-x86-crash-remove-crash_reserve_low_1M.patch b/0007-x86-crash-remove-crash_reserve_low_1M.patch new file mode 100644 index 000000000000..903e5fa0969a --- /dev/null +++ b/0007-x86-crash-remove-crash_reserve_low_1M.patch @@ -0,0 +1,58 @@ +From bb4c1200fdfd6c17fff64e159e625c3678342b87 Mon Sep 17 00:00:00 2001 +From: Mike Rapoport <rppt@linux.ibm.com> +Date: Tue, 1 Jun 2021 10:53:54 +0300 +Subject: [PATCH 7/8] x86/crash: remove crash_reserve_low_1M() + +The entire memory range under 1M is unconditionally reserved at +setup_arch(), so there is no need for crash_reserve_low_1M() anymore. + +Remove this function. + +Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> +--- + arch/x86/include/asm/crash.h | 6 ------ + arch/x86/kernel/crash.c | 13 ------------- + 2 files changed, 19 deletions(-) + +diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h +index f58de66091e5..8b6bd63530dc 100644 +--- a/arch/x86/include/asm/crash.h ++++ b/arch/x86/include/asm/crash.h +@@ -9,10 +9,4 @@ int crash_setup_memmap_entries(struct kimage *image, + struct boot_params *params); + void crash_smp_send_stop(void); + +-#ifdef CONFIG_KEXEC_CORE +-void __init crash_reserve_low_1M(void); +-#else +-static inline void __init crash_reserve_low_1M(void) { } +-#endif +- + #endif /* _ASM_X86_CRASH_H */ +diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c +index b1deacbeb266..e0b8d9662da5 100644 +--- a/arch/x86/kernel/crash.c ++++ b/arch/x86/kernel/crash.c +@@ -70,19 +70,6 @@ static inline void cpu_crash_vmclear_loaded_vmcss(void) + rcu_read_unlock(); + } + +-/* +- * When the crashkernel option is specified, only use the low +- * 1M for the real mode trampoline. +- */ +-void __init crash_reserve_low_1M(void) +-{ +- if (cmdline_find_option(boot_command_line, "crashkernel", NULL, 0) < 0) +- return; +- +- memblock_reserve(0, 1<<20); +- pr_info("Reserving the low 1M of memory for crashkernel\n"); +-} +- + #if defined(CONFIG_SMP) && defined(CONFIG_X86_LOCAL_APIC) + + static void kdump_nmi_callback(int cpu, struct pt_regs *regs) +-- +2.32.0 + @@ -67,7 +67,7 @@ _subarch= ### IMPORTANT: Do no edit below this line unless you know what you're doing pkgbase=linux-ck -pkgver=5.12.10 +pkgver=5.12.11 pkgrel=1 _ckpatchversion=1 arch=(x86_64) @@ -85,17 +85,29 @@ source=( "more-uarches-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/$_gcc_more_v.tar.gz" "http://ck.kolivas.org/patches/5.0/5.12/5.12-ck${_ckpatchversion}/$_ckpatch.xz" 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch + 0002-x86-setup-Consolidate-early-memory-reservations.patch + 0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch + 0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch + 0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch + 0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch + 0007-x86-crash-remove-crash_reserve_low_1M.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -b2sums=('b40ef5a11ca435299899e8131fa72af147455cd8ebee4c0e187572b1f628e66d2b6fbb318308bc911a598d8303d1ab3622d52966deaa5c48d59dcd65f4f58687' +b2sums=('b5955fc1dc1ae416ef90c44d871f109d6a9130e5fc8b60f73cf98e14f4ce48b0030c79053d88c335c43ac6ab6f5786f9f054577f76c30f5505ed2d70e62d9aa0' 'SKIP' - '18d9f071699c9e9bb4c7d340f4d688554b818a4f7fdcefeee24b8b39fc9328737c6967cfd7e884b518e0c87cfb64ac7a10368ac82436d73f96f0881b5c201099' + '9d38db65163a640071539e20a2ac4d8352e07cee26cfb997e6d0e9951bcbe2184c3be4f41a6a4073080e73b743dd86690a056cf6aa1aa607c967e37fa470a8cf' '30d1df754608bb423cbc99c2097ad521baa091b9a3b39df4bd5c2d50c57eec54d8fa0e4a4a04b847c3d1b87ba682cadc8db45fabeefdc9ad7caaf8e77b96e41a' 'c9f729ba1efe6f04e7b2c57d3999bc9675b577596dccb2f227e5b6e444285e1fdd270bf67c0fcf9f5808a4c3a4b1c7a5c13a76f754ad9b9447243ccbaf2ce6a3' - 'e1eccb5b6b728e3852ade55dae7a53b8b6bd5f0fb2a330b99e85bfa64abaa430cb714d301ed169df14a1f302a75d952992f0d8fa6ab02fa6716165bdf23b63aa') + 'dda152592dec643bce44754bf5d2d43a5897cc57f8dc258b87857055a45abf903d619aba1de389228cb086a17fedea5458f8fe2c0993fa20213bb7c5bca331c8' + '13330cf57b5c6b928ea73bd30479010688cf8d2003107b041a7fdad33c1ac225c8c905bef235cd762d6ea76be754b5db6be769526bacf7333298f72d6afff535' + '381e0f177faa3090d1abf4d11a97db535712840870265dea167d7692dee7733a226d09c103d01705d5c0809fa66c7a23efea9da2473da672644b06e31db77083' + 'cd9da0dee048fc52a3032343f122c2055081eeedfc8a3e5227218f0f63fc7618e8fe744c8caa7e3a2ca844f4aaf7314b57a306d0d3b1849e97b24687b8c5a501' + '1810832172e1b006a5471d8e317573343884feed9abc9e7380a32d83c958b0e6aa68adf9a647c9b7b714783997591f5d80e754c6e7357279661eee998f22864c' + '4e7cb958f95d99bba9810e675d4f1b0b3c171f78e9fe96ff9d265f792f4ceb1367f2f4d238f36b5ca1c395e14abdabbf0f8ce2dc07c4fe567d822a8b629dfa05' + '2251f8bf84e141b4661f84cc2ce7b21783ac0a349b2651477dfcbc5383b796b2e588d85ee411398b15c820cb3672256be8ed281c8bccfad252c9dd5b0e1e0cd5') export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.12.8-arch1 Kernel Configuration +# Linux/x86 5.12.11-arch1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0" CONFIG_CC_IS_GCC=y @@ -451,7 +451,6 @@ CONFIG_X86_PMEM_LEGACY_DEVICE=y CONFIG_X86_PMEM_LEGACY=m CONFIG_X86_CHECK_BIOS_CORRUPTION=y CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y -CONFIG_X86_RESERVE_LOW=64 CONFIG_MTRR=y CONFIG_MTRR_SANITIZER=y CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=1 @@ -9689,7 +9688,7 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="lockdown,yama,bpf" +CONFIG_LSM="lockdown,yama" # # Kernel hardening options |