diff options
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 2 | ||||
-rw-r--r-- | 0002-netfilter-nf_tables-unbind-non-anonymous-set-if-rule.patch | 2 | ||||
-rw-r--r-- | 0003-mm-disable-CONFIG_PER_VMA_LOCK-by-default-until-its-.patch | 38 | ||||
-rw-r--r-- | PKGBUILD | 10 | ||||
-rw-r--r-- | config | 5 |
6 files changed, 54 insertions, 13 deletions
@@ -1,6 +1,6 @@ pkgbase = linux-ck pkgver = 6.4.1 - pkgrel = 1 + pkgrel = 2 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 license = GPL2 @@ -22,15 +22,17 @@ pkgbase = linux-ck source = ck-hrtimer-2870d6ac146aa658af60bb18a9c7503efe5992d4.tar.gz::https://github.com/graysky2/linux-patches/archive/2870d6ac146aa658af60bb18a9c7503efe5992d4.tar.gz source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch source = 0002-netfilter-nf_tables-unbind-non-anonymous-set-if-rule.patch + source = 0003-mm-disable-CONFIG_PER_VMA_LOCK-by-default-until-its-.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E sha256sums = 0d9daa9f1c176fb13b9447f6e3d80e82b49043f0d344c247bbf09b4e625beef3 sha256sums = SKIP - sha256sums = a12c9ba3eba02341a65cf61e3d500f848b7b29b2016803b423867f894f36b7de + sha256sums = 23c9cd83010036f8c5f0a4f0a627bb93118c4dcfb4dcbc5bfd2177088d4a51ea sha256sums = f1d586e111932890ad5e0df15d092fb9b3f87bae4ea17812aae9b0ec98fe2db0 sha256sums = ed0b8773d66079198edd1ecdbe0564d6ad33c641e82d85375e50a2d9e0275144 - sha256sums = da53fbc5d5d1084fcf10d88adb0bc8dafd636d2c8f01eb8910f6a190afde4435 - sha256sums = 3330c6b3bc3d365f567d8dac4f663a332b29590ff9ab62e7fed751f022099a1d + sha256sums = d32903944a4dec99dc81c8e53b125639c72755eb7df299e864d1cbee2c6610fa + sha256sums = 8b46076d107c34ac4aa66dc35b1de9553877e19129bde511c4a14d18bbda091d + sha256sums = 36a7a3b002e25c7f01f1ca09c29e010e7ee78887c61354201d67c35345050873 pkgname = linux-ck pkgdesc = The Linux kernel and modules with ck's hrtimer patches diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index c84f30a717ae..8a6f35681c33 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,7 +1,7 @@ From 5440ebf8dc7c5fd1f97579abbc1840c631141f0a Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged +Subject: [PATCH 1/4] ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER Our default behavior continues to match the vanilla kernel. diff --git a/0002-netfilter-nf_tables-unbind-non-anonymous-set-if-rule.patch b/0002-netfilter-nf_tables-unbind-non-anonymous-set-if-rule.patch index 6310899806c5..6d554d30ad24 100644 --- a/0002-netfilter-nf_tables-unbind-non-anonymous-set-if-rule.patch +++ b/0002-netfilter-nf_tables-unbind-non-anonymous-set-if-rule.patch @@ -1,7 +1,7 @@ From 50c597f3cc8dc4de0f0b6153a0ff1bd0b2dc6f56 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo@netfilter.org> Date: Mon, 26 Jun 2023 00:42:18 +0200 -Subject: [PATCH 2/3] netfilter: nf_tables: unbind non-anonymous set if rule +Subject: [PATCH 2/4] netfilter: nf_tables: unbind non-anonymous set if rule construction fails Otherwise a dangling reference to a rule object that is gone remains diff --git a/0003-mm-disable-CONFIG_PER_VMA_LOCK-by-default-until-its-.patch b/0003-mm-disable-CONFIG_PER_VMA_LOCK-by-default-until-its-.patch new file mode 100644 index 000000000000..994bf3c4267f --- /dev/null +++ b/0003-mm-disable-CONFIG_PER_VMA_LOCK-by-default-until-its-.patch @@ -0,0 +1,38 @@ +From a6571d06002b30ca7f51af7681128179b122977c Mon Sep 17 00:00:00 2001 +From: Suren Baghdasaryan <surenb@google.com> +Date: Mon, 3 Jul 2023 11:21:50 -0700 +Subject: [PATCH 3/4] mm: disable CONFIG_PER_VMA_LOCK by default until its + fixed + +A memory corruption was reported in [1] with bisection pointing to the +patch [2] enabling per-VMA locks for x86. +Disable per-VMA locks config to prevent this issue while the problem is +being investigated. This is expected to be a temporary measure. + +[1] https://bugzilla.kernel.org/show_bug.cgi?id=217624 +[2] https://lore.kernel.org/all/20230227173632.3292573-30-surenb@google.com + +Reported-by: Jiri Slaby <jirislaby@kernel.org> +Reported-by: Jacob Young <jacobly.alt@gmail.com> +Fixes: 0bff0aaea03e ("x86/mm: try VMA lock-based page fault handling first") +Signed-off-by: Suren Baghdasaryan <surenb@google.com> +--- + mm/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mm/Kconfig b/mm/Kconfig +index e3454087fd31..d91a544678ee 100644 +--- a/mm/Kconfig ++++ b/mm/Kconfig +@@ -1198,7 +1198,7 @@ config ARCH_SUPPORTS_PER_VMA_LOCK + def_bool n + + config PER_VMA_LOCK +- def_bool y ++ bool "Enable per-vma locking during page fault handling." + depends on ARCH_SUPPORTS_PER_VMA_LOCK && MMU && SMP + help + Allow per-vma locking during page fault handling. +-- +2.41.0 + @@ -72,7 +72,7 @@ _subarch= ### IMPORTANT: Do no edit below this line unless you know what you're doing pkgbase=linux-ck pkgver=6.4.1 -pkgrel=1 +pkgrel=2 arch=(x86_64) url="https://wiki.archlinux.org/index.php/Linux-ck" license=(GPL2) @@ -104,6 +104,7 @@ source=( "ck-hrtimer-$_commit.tar.gz::https://github.com/graysky2/linux-patches/archive/$_commit.tar.gz" 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch 0002-netfilter-nf_tables-unbind-non-anonymous-set-if-rule.patch + 0003-mm-disable-CONFIG_PER_VMA_LOCK-by-default-until-its-.patch ) validpgpkeys=( ABAF11C65A2970B130ABE3C479BE3E4300411886 # Linus Torvalds @@ -111,11 +112,12 @@ validpgpkeys=( ) sha256sums=('0d9daa9f1c176fb13b9447f6e3d80e82b49043f0d344c247bbf09b4e625beef3' 'SKIP' - 'a12c9ba3eba02341a65cf61e3d500f848b7b29b2016803b423867f894f36b7de' + '23c9cd83010036f8c5f0a4f0a627bb93118c4dcfb4dcbc5bfd2177088d4a51ea' 'f1d586e111932890ad5e0df15d092fb9b3f87bae4ea17812aae9b0ec98fe2db0' 'ed0b8773d66079198edd1ecdbe0564d6ad33c641e82d85375e50a2d9e0275144' - 'da53fbc5d5d1084fcf10d88adb0bc8dafd636d2c8f01eb8910f6a190afde4435' - '3330c6b3bc3d365f567d8dac4f663a332b29590ff9ab62e7fed751f022099a1d') + 'd32903944a4dec99dc81c8e53b125639c72755eb7df299e864d1cbee2c6610fa' + '8b46076d107c34ac4aa66dc35b1de9553877e19129bde511c4a14d18bbda091d' + '36a7a3b002e25c7f01f1ca09c29e010e7ee78887c61354201d67c35345050873') _make() { test -s version make KERNELRELEASE="$(<version)" "$@" @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.4.1-arch1 Kernel Configuration +# Linux/x86 6.4.1-arch2 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.1 20230429" CONFIG_CC_IS_GCC=y @@ -1163,7 +1163,7 @@ CONFIG_LRU_GEN=y CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y -CONFIG_PER_VMA_LOCK=y +# CONFIG_PER_VMA_LOCK is not set CONFIG_LOCK_MM_AND_FIND_VMA=y # @@ -11165,7 +11165,6 @@ CONFIG_PTDUMP_CORE=y # CONFIG_PTDUMP_DEBUGFS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set -# CONFIG_PER_VMA_LOCK_STATS is not set # CONFIG_DEBUG_OBJECTS is not set CONFIG_SHRINKER_DEBUG=y # CONFIG_DEBUG_STACK_USAGE is not set |