diff options
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 102 | ||||
-rw-r--r-- | PKGBUILD | 10 | ||||
-rw-r--r-- | fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch | 75 |
4 files changed, 8 insertions, 185 deletions
@@ -18,13 +18,13 @@ pkgbase = linux-rt-bfq source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.19/bfq-sq-mq/4.19-bfq-sq-mq-v9r1-2K181212-rc1.patch source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.19/0100-Check-presence-on-tree-of-every-entity-after-every-a.patch source = https://raw.githubusercontent.com/graysky2/kernel_gcc_patch/master/enable_additional_cpu_optimizations_for_gcc_v8.1+_kernel_v4.13+.patch - source = fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch + source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.19/arch-patches/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.19/aur-patches/fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch source = config source = 60-linux.hook source = 90-linux.hook source = 99-linux.hook source = linux.preset - source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E validpgpkeys = 64254695FFF0AA4466CC19E67B96E8162A8CF5D1 @@ -37,13 +37,13 @@ pkgbase = linux-rt-bfq sha512sums = a014e72cadd0ceb52f10ceee6902a1732450c6b670f33cec643a9b3684d92d3ad311e5b9b0ac71b3ee65b52a4d4538fff1ed5e003f3e3979e0faa2679b5edb59 sha512sums = 0f96fa9ad784709973b32eea82075ceb3e9dc2482df6441a4607612806f069254e63508b1b562279622394e4a1fbebef1b87af8401c0b1210d5d0de9954245c8 sha512sums = e62aa377a0acc4f63f394e27a0fb7316583ff1a6a6afdfcc97593ddffd7d2bc224cfd70b552cb3fb9513cf6b8db4c2fd913d21ec2380db8cd642e37d4d67370c + sha512sums = 560920b4ebf8d7b753f058a41da62d20fde1e4b42a42e73be11461d3fe25b59bc36250a66d9c1c6e3c499426b237427af5ba7586daa7c549d2cf7bb7087932a1 sha512sums = 86f717f596c613db3bc40624fd956ed379b8a2a20d1d99e076ae9061251fe9afba39cf536623eccd970258e124b8c2c05643e3d539f37bd910e02dc5dd498749 sha512sums = 9931e831d3f1a2136ed1afdea4b35ef544e0efda3848cf28689cbc61e106454fe75e04a2fd95dc02b8d2f95c63532ae259735d030ee659c62d345c75a10a4450 sha512sums = 7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a sha512sums = 2718b58dbbb15063bacb2bde6489e5b3c59afac4c0e0435b97fe720d42c711b6bcba926f67a8687878bd51373c9cf3adb1915a11666d79ccb220bf36e0788ab7 sha512sums = 8742e2eed421e2f29850e18616f435536c12036ff793f5682a3a8c980cf5dbfc88d17fd9539c87de15d9e4663dc3190f964f18a4722940465437927b6052abbf sha512sums = 2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf - sha512sums = 560920b4ebf8d7b753f058a41da62d20fde1e4b42a42e73be11461d3fe25b59bc36250a66d9c1c6e3c499426b237427af5ba7586daa7c549d2cf7bb7087932a1 pkgname = linux-rt-bfq pkgdesc = The Linux-rt-bfq kernel and modules with the RT patch and the BFQ-MQ scheduler. diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch deleted file mode 100644 index 2c9dba3c59a4..000000000000 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ /dev/null @@ -1,102 +0,0 @@ -From a1535c25955d82556da3bf06db7735b4267369e8 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn <serge.hallyn@canonical.com> -Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by - default - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> -[bwh: Remove unneeded binary sysctl bits] -Signed-off-by: Daniel Micay <danielmicay@gmail.com> ---- - kernel/fork.c | 15 +++++++++++++++ - kernel/sysctl.c | 12 ++++++++++++ - kernel/user_namespace.c | 3 +++ - 3 files changed, 30 insertions(+) - -diff --git a/kernel/fork.c b/kernel/fork.c -index f0b58479534f..8b2d927125c5 100644 ---- a/kernel/fork.c -+++ b/kernel/fork.c -@@ -103,6 +103,11 @@ - - #define CREATE_TRACE_POINTS - #include <trace/events/task.h> -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#else -+#define unprivileged_userns_clone 0 -+#endif - - /* - * Minimum number of threads to boot the kernel -@@ -1649,6 +1654,10 @@ static __latent_entropy struct task_struct *copy_process( - if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) - return ERR_PTR(-EINVAL); - -+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) -+ if (!capable(CAP_SYS_ADMIN)) -+ return ERR_PTR(-EPERM); -+ - /* - * Thread groups must share signals as well, and detached threads - * can only be started up within the thread group. -@@ -2467,6 +2476,12 @@ int ksys_unshare(unsigned long unshare_flags) - if (unshare_flags & CLONE_NEWNS) - unshare_flags |= CLONE_FS; - -+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { -+ err = -EPERM; -+ if (!capable(CAP_SYS_ADMIN)) -+ goto bad_unshare_out; -+ } -+ - err = check_unshare_flags(unshare_flags); - if (err) - goto bad_unshare_out; -diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index cc02050fd0c4..ce2ad2b92897 100644 ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -105,6 +105,9 @@ extern int core_uses_pid; - extern char core_pattern[]; - extern unsigned int core_pipe_limit; - #endif -+#ifdef CONFIG_USER_NS -+extern int unprivileged_userns_clone; -+#endif - extern int pid_max; - extern int pid_max_min, pid_max_max; - extern int percpu_pagelist_fraction; -@@ -514,6 +517,15 @@ static struct ctl_table kern_table[] = { - .proc_handler = proc_dointvec, - }, - #endif -+#ifdef CONFIG_USER_NS -+ { -+ .procname = "unprivileged_userns_clone", -+ .data = &unprivileged_userns_clone, -+ .maxlen = sizeof(int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec, -+ }, -+#endif - #ifdef CONFIG_PROC_SYSCTL - { - .procname = "tainted", -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 923414a246e9..6b9dbc257e34 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -26,6 +26,9 @@ - #include <linux/bsearch.h> - #include <linux/sort.h> - -+/* sysctl */ -+int unprivileged_userns_clone; -+ - static struct kmem_cache *user_ns_cachep __read_mostly; - static DEFINE_MUTEX(userns_state_mutex); - --- -2.20.0.rc2.7.g965798d1f2 - @@ -80,7 +80,8 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" "${_lucjanpath}/${_bfq_sq_mq_path}/${_bfq_sq_mq_patch}" "${_lucjanpath}/0100-Check-presence-on-tree-of-every-entity-after-every-a.patch" "${_gcc_path}/${_gcc_patch}" - 'fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch' + "${_lucjanpath}/arch-patches/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch" + "${_lucjanpath}/aur-patches/fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch" # the main kernel config files 'config' # pacman hook for depmod @@ -90,8 +91,7 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" # pacman hook for remove initramfs '99-linux.hook' # standard config files for mkinitcpio ramdisk - 'linux.preset' - '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch') + 'linux.preset') _kernelname=${pkgbase#linux} : ${_kernelname:=-rt-bfq} @@ -394,13 +394,13 @@ sha512sums=('c863dbfcba413a1d9ee396c20d40ede6c5f07f168f74ef604c261b11797226dced1 'a014e72cadd0ceb52f10ceee6902a1732450c6b670f33cec643a9b3684d92d3ad311e5b9b0ac71b3ee65b52a4d4538fff1ed5e003f3e3979e0faa2679b5edb59' '0f96fa9ad784709973b32eea82075ceb3e9dc2482df6441a4607612806f069254e63508b1b562279622394e4a1fbebef1b87af8401c0b1210d5d0de9954245c8' 'e62aa377a0acc4f63f394e27a0fb7316583ff1a6a6afdfcc97593ddffd7d2bc224cfd70b552cb3fb9513cf6b8db4c2fd913d21ec2380db8cd642e37d4d67370c' + '560920b4ebf8d7b753f058a41da62d20fde1e4b42a42e73be11461d3fe25b59bc36250a66d9c1c6e3c499426b237427af5ba7586daa7c549d2cf7bb7087932a1' '86f717f596c613db3bc40624fd956ed379b8a2a20d1d99e076ae9061251fe9afba39cf536623eccd970258e124b8c2c05643e3d539f37bd910e02dc5dd498749' '9931e831d3f1a2136ed1afdea4b35ef544e0efda3848cf28689cbc61e106454fe75e04a2fd95dc02b8d2f95c63532ae259735d030ee659c62d345c75a10a4450' '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a' '2718b58dbbb15063bacb2bde6489e5b3c59afac4c0e0435b97fe720d42c711b6bcba926f67a8687878bd51373c9cf3adb1915a11666d79ccb220bf36e0788ab7' '8742e2eed421e2f29850e18616f435536c12036ff793f5682a3a8c980cf5dbfc88d17fd9539c87de15d9e4663dc3190f964f18a4722940465437927b6052abbf' - '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf' - '560920b4ebf8d7b753f058a41da62d20fde1e4b42a42e73be11461d3fe25b59bc36250a66d9c1c6e3c499426b237427af5ba7586daa7c549d2cf7bb7087932a1') + '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds diff --git a/fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch b/fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch deleted file mode 100644 index 7e9e9c825def..000000000000 --- a/fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch +++ /dev/null @@ -1,75 +0,0 @@ -From: Joakim Hernberg <jhernberg@alchemy.lu> -Date: Sat, 19 Mar 2016 13:03:55 +0100 -Subject: [PATCH] Fix a race in the PRT wait for completion simple wait code - for NVIDIA on the rt patch - --Note refactored again 160319. - --NOTE: this patch is a rebase of John Blackwood's patch. On his kernel, he must be using --an older simple wait patch - as his applies to kernel/sched/core.c, while the simple wait --completion code lives in kernel/sched/completion.c ... I have ported this to test with --nvidia, as i would like to see if it fixes the semaphore issues i have seen. - --I've kept the original patch comment in tact; - -I'm not 100% sure that the patch below will fix your problem, but we -saw something that sounds pretty familiar to your issue involving the -nvidia driver and the preempt-rt patch. The nvidia driver uses the -completion support to create their own driver's notion of an internally -used semaphore. - -Fix a race in the PRT wait for completion simple wait code. - -A wait_for_completion() waiter task can be awoken by a task calling -complete(), but fail to consume the 'done' completion resource if it -looses a race with another task calling wait_for_completion() just as -it is waking up. - -In this case, the awoken task will call schedule_timeout() again -without being in the simple wait queue. - -So if the awoken task is unable to claim the 'done' completion resource, -check to see if it needs to be re-inserted into the wait list before -waiting again in schedule_timeout(). - -Fix-by: John Blackwood <john.blackwood@ccur.com> - ---- - kernel/sched/completion.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/kernel/sched/completion.c b/kernel/sched/completion.c -index b62cf64..c01bbd8 100644 ---- a/kernel/sched/completion.c -+++ b/kernel/sched/completion.c -@@ -61,11 +61,19 @@ static inline long __sched - do_wait_for_common(struct completion *x, - long (*action)(long), long timeout, int state) - { -+ int again = 0; -+ - if (!x->done) { - DECLARE_SWAITQUEUE(wait); - - __prepare_to_swait(&x->wait, &wait); - do { -+ /* Check to see if we lost race for 'done' and are -+ * no longer in the wait list. -+ */ -+ if (unlikely(again) && list_empty(&wait.task_list)) -+ __prepare_to_swait(&x->wait, &wait); -+ - if (signal_pending_state(state, current)) { - timeout = -ERESTARTSYS; - break; -@@ -74,6 +82,7 @@ do_wait_for_common(struct completion *x, - raw_spin_unlock_irq(&x->wait.lock); - timeout = action(timeout); - raw_spin_lock_irq(&x->wait.lock); -+ again = 1; - } while (!x->done && timeout); - __finish_swait(&x->wait, &wait); - if (!x->done) --- -2.7.2 - |