diff options
-rw-r--r-- | .SRCINFO | 24 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 12 | ||||
-rw-r--r-- | 0002-gcc-plugins-drop-support-for-GCC-4.7.patch | 4 | ||||
-rw-r--r-- | 0003-gcc-common.h-Update-for-GCC-10.patch | 4 | ||||
-rw-r--r-- | 0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch | 32 | ||||
-rw-r--r-- | 0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch | 131 | ||||
-rw-r--r-- | PKGBUILD | 14 |
7 files changed, 25 insertions, 196 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-ck - pkgver = 5.6.13 + pkgver = 5.6.14 pkgrel = 1 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 @@ -8,8 +8,8 @@ pkgbase = linux-ck makedepends = kmod makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.6.13.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.6.13.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.6.14.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.6.14.tar.sign source = config source = 0000-sphinx-workaround.patch source = enable_additional_cpu_optimizations-20191217.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/20191217.tar.gz @@ -17,21 +17,17 @@ pkgbase = linux-ck source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch source = 0002-gcc-plugins-drop-support-for-GCC-4.7.patch source = 0003-gcc-common.h-Update-for-GCC-10.patch - source = 0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch - source = 0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = f125d79c8f6974213638787adcad6b575bbd35a05851802fd83f622ec18ff987 + sha256sums = 33763f3541711e39fa743da45ff9512d54ade61406173f3d267ba4484cec7ea3 sha256sums = SKIP sha256sums = f392c9ecbb5177ea2573aaf22935322940ea2be0366f3fb9c9f861431f4aed21 sha256sums = 8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c sha256sums = 7a4a209de815f4bae49c7c577c0584c77257e3953ac4324d2aa425859ba657f5 sha256sums = a6fe596e75333a5ac8ed4a4d63e4408ef38ebef6303889223e236af3ce576877 - sha256sums = d1dbc1c83d58436358af56b1534d13fa1dc405a95905f71aff4edbe56747e3da - sha256sums = 77ab60c3a4e122158b69ca87a15baddbae3912bf2b3f467deb1b82a0989be569 - sha256sums = d6638a7da040c545079541e0a062528d7daabf5683f1fa7e67d30f27893144d0 - sha256sums = b58adb407e1b0be6bd3ca035da07ca223a952fadc5e16a90f01e010ce6bec8ca - sha256sums = 081476f699d41b4994c8ee67c12330e6271ed5c04d16b045a43a64dbf5ba752d + sha256sums = 3b5de5bf70a63a6549f986d071f3d9572b19707548cd205a3b8ecdb7dcba3f1c + sha256sums = f09a0781c6ee5e67602c2a045d52d766dd7085b6f7f939b7a42149cfd0cfcb1b + sha256sums = 47e91b0b2a21cbe9663ddeb1b9e7bbea7716e5b8cb7984b0c3593839c515a102 pkgname = linux-ck pkgdesc = The Linux-ck kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler @@ -40,11 +36,11 @@ pkgname = linux-ck depends = initramfs optdepends = crda: to set the correct wireless channels of your country optdepends = linux-firmware: firmware images needed for some devices - provides = linux-ck=5.6.13 + provides = linux-ck=5.6.14 pkgname = linux-ck-headers pkgdesc = Headers and scripts for building modules for Linux-ck kernel depends = linux-ck - provides = linux-ck-headers=5.6.13 - provides = linux-headers=5.6.13 + provides = linux-ck-headers=5.6.14 + provides = linux-headers=5.6.14 diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index 9d894224f5e0..1ba337e64322 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,7 +1,7 @@ -From 2efb3d95a5e8a14c097d570a61751f36d0be5215 Mon Sep 17 00:00:00 2001 +From 29d4e22912c69936a503f521b8eff1b3d5dfd427 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: [PATCH 1/6] ZEN: Add sysctl and CONFIG to disallow unprivileged +Subject: [PATCH 1/4] ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER Our default behavior continues to match the vanilla kernel. @@ -13,10 +13,10 @@ Our default behavior continues to match the vanilla kernel. 4 files changed, 50 insertions(+) diff --git a/init/Kconfig b/init/Kconfig -index 4f717bfdbfe2..bdc75cbd3d2d 100644 +index ef59c5c36cdb..aaad1e4a5772 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1110,6 +1110,22 @@ config USER_NS +@@ -1094,6 +1094,22 @@ config USER_NS If unsure, say N. @@ -40,7 +40,7 @@ index 4f717bfdbfe2..bdc75cbd3d2d 100644 bool "PID Namespaces" default y diff --git a/kernel/fork.c b/kernel/fork.c -index d90af13431c7..b4798ff6eb15 100644 +index c9ba2b7bfef9..599349b67aca 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -106,6 +106,11 @@ @@ -66,7 +66,7 @@ index d90af13431c7..b4798ff6eb15 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2933,6 +2942,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2934,6 +2943,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; diff --git a/0002-gcc-plugins-drop-support-for-GCC-4.7.patch b/0002-gcc-plugins-drop-support-for-GCC-4.7.patch index 5f4cfb59de20..d5bb6906d37f 100644 --- a/0002-gcc-plugins-drop-support-for-GCC-4.7.patch +++ b/0002-gcc-plugins-drop-support-for-GCC-4.7.patch @@ -1,7 +1,7 @@ -From 5dd873b339bffa037dafd0188375fc13564bbe93 Mon Sep 17 00:00:00 2001 +From 79b8cfb31b0ee720d99143666235e6df093807d7 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada <masahiroy@kernel.org> Date: Sun, 29 Mar 2020 20:08:32 +0900 -Subject: [PATCH 2/6] gcc-plugins: drop support for GCC <= 4.7 +Subject: [PATCH 2/4] gcc-plugins: drop support for GCC <= 4.7 Nobody was opposed to raising minimum GCC version to 4.8 [1] So, we will drop GCC <= 4.7 support sooner or later. diff --git a/0003-gcc-common.h-Update-for-GCC-10.patch b/0003-gcc-common.h-Update-for-GCC-10.patch index be8afe71d521..f5fe63583476 100644 --- a/0003-gcc-common.h-Update-for-GCC-10.patch +++ b/0003-gcc-common.h-Update-for-GCC-10.patch @@ -1,8 +1,8 @@ -From fbe2e575df0f88daa156069cf66c3db0ebc64e7a Mon Sep 17 00:00:00 2001 +From 1d492722d03873bcd863da75718ccdbec7660ae9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= <frederic.pierret@qubes-os.org> Date: Tue, 7 Apr 2020 13:32:59 +0200 -Subject: [PATCH 3/6] gcc-common.h: Update for GCC 10 +Subject: [PATCH 3/4] gcc-common.h: Update for GCC 10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch b/0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch deleted file mode 100644 index 6b5c0f28a397..000000000000 --- a/0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch +++ /dev/null @@ -1,32 +0,0 @@ -From e33336e058bdd4e109c9131bb13584ccb1b5e15d Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich <slyfox@gentoo.org> -Date: Tue, 17 Mar 2020 00:07:18 +0000 -Subject: [PATCH 4/6] Makefile: disallow data races on gcc-10 as well - -gcc-10 will rename --param=allow-store-data-races=0 -to -fno-allow-store-data-races. - -The flag change happened at https://gcc.gnu.org/PR92046. - -Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> -Acked-by: Jiri Kosina <jkosina@suse.cz> -Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> ---- - Makefile | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile b/Makefile -index d252219666fd..abca59ecbe2b 100644 ---- a/Makefile -+++ b/Makefile -@@ -714,6 +714,7 @@ endif - - # Tell gcc to never replace conditional load with a non-conditional one - KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) -+KBUILD_CFLAGS += $(call cc-option,-fno-allow-store-data-races) - - include scripts/Makefile.kcov - include scripts/Makefile.gcc-plugins --- -2.26.2 - diff --git a/0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch b/0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch deleted file mode 100644 index ee7b469fb8da..000000000000 --- a/0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 53e90d763b7fe8bec6a0c86b6813131cd8e25026 Mon Sep 17 00:00:00 2001 -From: Borislav Petkov <bp@suse.de> -Date: Wed, 22 Apr 2020 18:11:30 +0200 -Subject: [PATCH 5/6] x86: Fix early boot crash on gcc-10, next try -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... or the odyssey of trying to disable the stack protector for the -function which generates the stack canary value. - -The whole story started with Sergei reporting a boot crash with a kernel -built with gcc-10: - - Kernel panic — not syncing: stack-protector: Kernel stack is corrupted in: start_secondary - CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-rc5—00235—gfffb08b37df9 #139 - Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./H77M—D3H, BIOS F12 11/14/2013 - Call Trace: - dump_stack - panic - ? start_secondary - __stack_chk_fail - start_secondary - secondary_startup_64 - -—-[ end Kernel panic — not syncing: stack—protector: Kernel stack is corrupted in: start_secondary - -This happens because gcc-10 tail-call optimizes the last function call -in start_secondary() - cpu_startup_entry() - and thus emits a stack -canary check which fails because the canary value changes after the -boot_init_stack_canary() call. - -To fix that, the initial attempt was to mark the one function which -generates the stack canary with: - - __attribute__((optimize("-fno-stack-protector"))) ... start_secondary(void *unused) - -however, using the optimize attribute doesn't work cumulatively -as the attribute does not add to but rather replaces previously -supplied optimization options - roughly all -fxxx options. - -The key one among them being -fno-omit-frame-pointer and thus leading to -not present frame pointer - frame pointer which the kernel needs. - -The next attempt to prevent compilers from tail-call optimizing -the last function call cpu_startup_entry(), shy of carving out -start_secondary() into a separate compilation unit and building it with --fno-stack-protector, is this one. - -The current solution is short and sweet, and reportedly, is supported by -both compilers so let's see how far we'll get this time. - -Reported-by: Sergei Trofimovich <slyfox@gentoo.org> -Signed-off-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> -Reviewed-by: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20200314164451.346497-1-slyfox@gentoo.org ---- - arch/x86/include/asm/stackprotector.h | 7 ++++++- - arch/x86/kernel/smpboot.c | 8 ++++++++ - arch/x86/xen/smp_pv.c | 1 + - include/linux/compiler.h | 6 ++++++ - 4 files changed, 21 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h -index 91e29b6a86a5..9804a7957f4e 100644 ---- a/arch/x86/include/asm/stackprotector.h -+++ b/arch/x86/include/asm/stackprotector.h -@@ -55,8 +55,13 @@ - /* - * Initialize the stackprotector canary value. - * -- * NOTE: this must only be called from functions that never return, -+ * NOTE: this must only be called from functions that never return - * and it must always be inlined. -+ * -+ * In addition, it should be called from a compilation unit for which -+ * stack protector is disabled. Alternatively, the caller should not end -+ * with a function call which gets tail-call optimized as that would -+ * lead to checking a modified canary value. - */ - static __always_inline void boot_init_stack_canary(void) - { -diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 69881b2d446c..9674321ce3a3 100644 ---- a/arch/x86/kernel/smpboot.c -+++ b/arch/x86/kernel/smpboot.c -@@ -262,6 +262,14 @@ static void notrace start_secondary(void *unused) - - wmb(); - cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); -+ -+ /* -+ * Prevent tail call to cpu_startup_entry() because the stack protector -+ * guard has been changed a couple of function calls up, in -+ * boot_init_stack_canary() and must not be checked before tail calling -+ * another function. -+ */ -+ prevent_tail_call_optimization(); - } - - /** -diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c -index 802ee5bba66c..0cebe5db691d 100644 ---- a/arch/x86/xen/smp_pv.c -+++ b/arch/x86/xen/smp_pv.c -@@ -92,6 +92,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void) - cpu_bringup(); - boot_init_stack_canary(); - cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); -+ prevent_tail_call_optimization(); - } - - void xen_smp_intr_free_pv(unsigned int cpu) -diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 034b0a644efc..732754d96039 100644 ---- a/include/linux/compiler.h -+++ b/include/linux/compiler.h -@@ -356,4 +356,10 @@ static inline void *offset_to_ptr(const int *off) - /* &a[0] degrades to a pointer: a different type from an array */ - #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) - -+/* -+ * This is needed in functions which generate the stack canary, see -+ * arch/x86/kernel/smpboot.c::start_secondary() for an example. -+ */ -+#define prevent_tail_call_optimization() asm("") -+ - #endif /* __LINUX_COMPILER_H */ --- -2.26.2 - @@ -61,7 +61,7 @@ _localmodcfg= ### IMPORTANT: Do no edit below this line unless you know what you're doing pkgbase=linux-ck -pkgver=5.6.13 +pkgver=5.6.14 pkgrel=1 _ckpatchversion=1 arch=(x86_64) @@ -82,24 +82,20 @@ source=( 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch 0002-gcc-plugins-drop-support-for-GCC-4.7.patch 0003-gcc-common.h-Update-for-GCC-10.patch - 0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch - 0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('f125d79c8f6974213638787adcad6b575bbd35a05851802fd83f622ec18ff987' +sha256sums=('33763f3541711e39fa743da45ff9512d54ade61406173f3d267ba4484cec7ea3' 'SKIP' 'f392c9ecbb5177ea2573aaf22935322940ea2be0366f3fb9c9f861431f4aed21' '8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c' '7a4a209de815f4bae49c7c577c0584c77257e3953ac4324d2aa425859ba657f5' 'a6fe596e75333a5ac8ed4a4d63e4408ef38ebef6303889223e236af3ce576877' - 'd1dbc1c83d58436358af56b1534d13fa1dc405a95905f71aff4edbe56747e3da' - '77ab60c3a4e122158b69ca87a15baddbae3912bf2b3f467deb1b82a0989be569' - 'd6638a7da040c545079541e0a062528d7daabf5683f1fa7e67d30f27893144d0' - 'b58adb407e1b0be6bd3ca035da07ca223a952fadc5e16a90f01e010ce6bec8ca' - '081476f699d41b4994c8ee67c12330e6271ed5c04d16b045a43a64dbf5ba752d') + '3b5de5bf70a63a6549f986d071f3d9572b19707548cd205a3b8ecdb7dcba3f1c' + 'f09a0781c6ee5e67602c2a045d52d766dd7085b6f7f939b7a42149cfd0cfcb1b' + '47e91b0b2a21cbe9663ddeb1b9e7bbea7716e5b8cb7984b0c3593839c515a102') export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase |