diff options
-rw-r--r-- | .SRCINFO | 18 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 4 | ||||
-rw-r--r-- | 0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggere.patch | 79 | ||||
-rw-r--r-- | PKGBUILD | 8 |
4 files changed, 96 insertions, 13 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-ck - pkgver = 5.6.10 + pkgver = 5.6.11 pkgrel = 1 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 @@ -8,22 +8,24 @@ pkgbase = linux-ck makedepends = kmod makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.6.10.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.6.10.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.6.11.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.6.11.tar.sign source = config source = 0000-sphinx-workaround.patch source = enable_additional_cpu_optimizations-20191217.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/20191217.tar.gz source = http://ck.kolivas.org/patches/5.0/5.6/5.6-ck1/patch-5.6-ck1.xz source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch + source = 0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggere.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = 7bdc96827a9db8de79cd13d74a1c5fe8915674f793e592387f2903cb225801b9 + sha256sums = d6dd6cbe99429f088eddb248abce7832e8f8e45eb072cbf0d0f86b5b87221baa sha256sums = SKIP sha256sums = f392c9ecbb5177ea2573aaf22935322940ea2be0366f3fb9c9f861431f4aed21 sha256sums = 8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c sha256sums = 7a4a209de815f4bae49c7c577c0584c77257e3953ac4324d2aa425859ba657f5 sha256sums = a6fe596e75333a5ac8ed4a4d63e4408ef38ebef6303889223e236af3ce576877 - sha256sums = 4d574f029a464d5e9b9f9fd0299f9b4a49ea0b4d6aa6caa2de3ba6b305fd47fe + sha256sums = a91cd1560d0312f00d0c3d31009e1ca3de83aa133adc3ae9740e2996ef4c3c4b + sha256sums = 7e0f02ca30bf51a1862c4cfc4d09641ba76c5fabaf452883aa495c421008f124 pkgname = linux-ck pkgdesc = The Linux-ck kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler @@ -32,11 +34,11 @@ pkgname = linux-ck depends = initramfs optdepends = crda: to set the correct wireless channels of your country optdepends = linux-firmware: firmware images needed for some devices - provides = linux-ck=5.6.10 + provides = linux-ck=5.6.11 pkgname = linux-ck-headers pkgdesc = Headers and scripts for building modules for Linux-ck kernel depends = linux-ck - provides = linux-ck-headers=5.6.10 - provides = linux-headers=5.6.10 + provides = linux-ck-headers=5.6.11 + provides = linux-headers=5.6.11 diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index 933255adbb92..cf219767d2de 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,7 +1,7 @@ -From b38ba076b5049a77bf79f2c8cd224a77dea89bf3 Mon Sep 17 00:00:00 2001 +From e2679f79fbee1061a331bb2afd4e7c050ec21f76 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: [PATCH 1/2] ZEN: Add sysctl and CONFIG to disallow unprivileged +Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER Our default behavior continues to match the vanilla kernel. diff --git a/0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggere.patch b/0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggere.patch new file mode 100644 index 000000000000..a950a72f5260 --- /dev/null +++ b/0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggere.patch @@ -0,0 +1,79 @@ +From da707adaee9ff035c943178160be54a90de00cb3 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Mon, 4 May 2020 12:19:45 -0400 +Subject: [PATCH 2/3] kvm: ioapic: Restrict lazy EOI update to edge-triggered + interrupts + +Commit f458d039db7e ("kvm: ioapic: Lazy update IOAPIC EOI") introduces +the following infinite loop: + +BUG: stack guard page was hit at 000000008f595917 \ +(stack is 00000000bdefe5a4..00000000ae2b06f5) +kernel stack overflow (double-fault): 0000 [#1] SMP NOPTI +RIP: 0010:kvm_set_irq+0x51/0x160 [kvm] +Call Trace: + irqfd_resampler_ack+0x32/0x90 [kvm] + kvm_notify_acked_irq+0x62/0xd0 [kvm] + kvm_ioapic_update_eoi_one.isra.0+0x30/0x120 [kvm] + ioapic_set_irq+0x20e/0x240 [kvm] + kvm_ioapic_set_irq+0x5c/0x80 [kvm] + kvm_set_irq+0xbb/0x160 [kvm] + ? kvm_hv_set_sint+0x20/0x20 [kvm] + irqfd_resampler_ack+0x32/0x90 [kvm] + kvm_notify_acked_irq+0x62/0xd0 [kvm] + kvm_ioapic_update_eoi_one.isra.0+0x30/0x120 [kvm] + ioapic_set_irq+0x20e/0x240 [kvm] + kvm_ioapic_set_irq+0x5c/0x80 [kvm] + kvm_set_irq+0xbb/0x160 [kvm] + ? kvm_hv_set_sint+0x20/0x20 [kvm] +.... + +The re-entrancy happens because the irq state is the OR of +the interrupt state and the resamplefd state. That is, we don't +want to show the state as 0 until we've had a chance to set the +resamplefd. But if the interrupt has _not_ gone low then +ioapic_set_irq is invoked again, causing an infinite loop. + +This can only happen for a level-triggered interrupt, otherwise +irqfd_inject would immediately set the KVM_USERSPACE_IRQ_SOURCE_ID high +and then low. Fortunately, in the case of level-triggered interrupts the VMEXIT already happens because +TMR is set. Thus, fix the bug by restricting the lazy invocation +of the ack notifier to edge-triggered interrupts, the only ones that +need it. + +Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> +Reported-by: borisvk@bstnet.org +Suggested-by: Paolo Bonzini <pbonzini@redhat.com> +Link: https://www.spinics.net/lists/kvm/msg213512.html +Fixes: f458d039db7e ("kvm: ioapic: Lazy update IOAPIC EOI") +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=207489 +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + arch/x86/kvm/ioapic.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c +index 750ff0b29404..d057376bd3d3 100644 +--- a/arch/x86/kvm/ioapic.c ++++ b/arch/x86/kvm/ioapic.c +@@ -225,12 +225,12 @@ static int ioapic_set_irq(struct kvm_ioapic *ioapic, unsigned int irq, + } + + /* +- * AMD SVM AVIC accelerate EOI write and do not trap, +- * in-kernel IOAPIC will not be able to receive the EOI. +- * In this case, we do lazy update of the pending EOI when +- * trying to set IOAPIC irq. ++ * AMD SVM AVIC accelerate EOI write iff the interrupt is edge ++ * triggered, in which case the in-kernel IOAPIC will not be able ++ * to receive the EOI. In this case, we do a lazy update of the ++ * pending EOI when trying to set IOAPIC irq. + */ +- if (kvm_apicv_activated(ioapic->kvm)) ++ if (edge && kvm_apicv_activated(ioapic->kvm)) + ioapic_lazy_update_eoi(ioapic, irq); + + /* +-- +2.26.2 + @@ -61,7 +61,7 @@ _localmodcfg= ### IMPORTANT: Do no edit below this line unless you know what you're doing pkgbase=linux-ck -pkgver=5.6.10 +pkgver=5.6.11 pkgrel=1 _ckpatchversion=1 arch=(x86_64) @@ -80,18 +80,20 @@ source=( "enable_additional_cpu_optimizations-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/$_gcc_more_v.tar.gz" "http://ck.kolivas.org/patches/5.0/5.6/5.6-ck${_ckpatchversion}/$_ckpatch.xz" 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch + 0002-kvm-ioapic-Restrict-lazy-EOI-update-to-edge-triggere.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('7bdc96827a9db8de79cd13d74a1c5fe8915674f793e592387f2903cb225801b9' +sha256sums=('d6dd6cbe99429f088eddb248abce7832e8f8e45eb072cbf0d0f86b5b87221baa' 'SKIP' 'f392c9ecbb5177ea2573aaf22935322940ea2be0366f3fb9c9f861431f4aed21' '8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c' '7a4a209de815f4bae49c7c577c0584c77257e3953ac4324d2aa425859ba657f5' 'a6fe596e75333a5ac8ed4a4d63e4408ef38ebef6303889223e236af3ce576877' - '4d574f029a464d5e9b9f9fd0299f9b4a49ea0b4d6aa6caa2de3ba6b305fd47fe') + 'a91cd1560d0312f00d0c3d31009e1ca3de83aa133adc3ae9740e2996ef4c3c4b' + '7e0f02ca30bf51a1862c4cfc4d09641ba76c5fabaf452883aa495c421008f124') export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase |