Date: Sunday, February 18, 2018 @ 20:04:14 Author: anthraxx Revision: 296246
upgpkg: linux-hardened 4.15.4.a-1 Added: linux-hardened/trunk/x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch Modified: linux-hardened/trunk/PKGBUILD linux-hardened/trunk/config.x86_64 ------------------------------------------------------------+ PKGBUILD | 25 +- config.x86_64 | 126 ++++------- x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch | 59 +++++ 3 files changed, 121 insertions(+), 89 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-02-18 19:09:29 UTC (rev 296245) +++ PKGBUILD 2018-02-18 20:04:14 UTC (rev 296246) @@ -5,7 +5,7 @@ pkgbase=linux-hardened _srcname=linux-4.15 -_pkgver=4.15.2 +_pkgver=4.15.4 pkgver=${_pkgver}.a pkgrel=1 url='https://github.com/copperhead/linux-hardened' @@ -25,19 +25,21 @@ # https://bugs.archlinux.org/task/56711 drm-i915-edp-Only-use-the-alternate-fixed-mode-if-its-asked-for.patch + x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch ) replaces=('linux-grsec') sha256sums=('5a26478906d5005f4f809402e981518d2b8844949199f60c4b6e1f986ca2a769' 'SKIP' - '812499c5d0cc5183606dc9388084df162ca2eb5fa374d8f8b00136fd82825847' + '5f8344fcc6b15be5f53001bb18df342bf5877563239f03271c236e3a40db89e8' 'SKIP' - 'c8a0c7fc3ef0ea4d7fe6f786b9987952e62c6bce7e3b20002358848c2117cfd9' + '176355facdd3a0e8b8bfbb92d1a6a321b854391da96f5c142054f37fd6548bb9' 'SKIP' - 'a907b24a2e46934c621d9a9cdbc7bd2e9379ebc8cdc6856da436eb0a29542c3a' + 'd27d4c2d5d9731addcc322d3e33e8d0b5d6a47cb137c8da121c533ed952a6056' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - 'c08d12c699398ef88b764be1837b9ee11f2efd3188bd1bf4e8f85dfbeee58148') + 'c08d12c699398ef88b764be1837b9ee11f2efd3188bd1bf4e8f85dfbeee58148' + 'fec79162a6220b7bf4d663c156303af61405d66427dd49351aa9fb9373c882e5') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman @@ -76,8 +78,10 @@ CONFIG_LOCALVERSION_AUTO=n END - # set extraversion to pkgrel - sed -i "/^EXTRAVERSION =/s/=.*/= -${pkgrel}/" Makefile + # set extraversion to pkgrel and empty localversion + sed -e "/^EXTRAVERSION =/s/=.*/= -${pkgrel}/" \ + -e "/^EXTRAVERSION =/aLOCALVERSION =" \ + -i Makefile # don't run depmod on 'make install'. We'll do this ourselves in packaging sed -i '2iexit 0' scripts/depmod.sh @@ -99,7 +103,8 @@ build() { cd ${_srcname} - make LOCALVERSION= bzImage modules + + make bzImage modules } _package() { @@ -113,12 +118,12 @@ cd ${_srcname} # get kernel version - _kernver="$(make LOCALVERSION= kernelrelease)" + _kernver="$(make kernelrelease)" _basekernel=${_kernver%%-*} _basekernel=${_basekernel%.*} mkdir -p "${pkgdir}"/{boot,usr/lib/modules} - make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}/usr" modules_install + make INSTALL_MOD_PATH="${pkgdir}/usr" modules_install cp arch/x86/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" # make room for external modules Modified: config.x86_64 =================================================================== --- config.x86_64 2018-02-18 19:09:29 UTC (rev 296245) +++ config.x86_64 2018-02-18 20:04:14 UTC (rev 296246) @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.15.1 Kernel Configuration +# Linux/x86 4.15.4 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -139,11 +139,11 @@ # # RCU Subsystem # -CONFIG_TREE_RCU=y +CONFIG_PREEMPT_RCU=y CONFIG_RCU_EXPERT=y CONFIG_SRCU=y CONFIG_TREE_SRCU=y -# CONFIG_TASKS_RCU is not set +CONFIG_TASKS_RCU=y CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y CONFIG_CONTEXT_TRACKING=y @@ -151,6 +151,8 @@ CONFIG_RCU_FANOUT=32 CONFIG_RCU_FANOUT_LEAF=16 CONFIG_RCU_FAST_NO_HZ=y +CONFIG_RCU_BOOST=y +CONFIG_RCU_BOOST_DELAY=500 CONFIG_RCU_NOCB_CPU=y CONFIG_BUILD_BIN2C=y CONFIG_IKCONFIG=y @@ -447,11 +449,7 @@ CONFIG_PREEMPT_NOTIFIERS=y CONFIG_PADATA=y CONFIG_ASN1=y -CONFIG_INLINE_SPIN_UNLOCK_IRQ=y -CONFIG_INLINE_READ_UNLOCK=y -CONFIG_INLINE_READ_UNLOCK_IRQ=y -CONFIG_INLINE_WRITE_UNLOCK=y -CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_UNINLINE_SPIN_UNLOCK=y CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_RWSEM_SPIN_ON_OWNER=y @@ -531,8 +529,9 @@ CONFIG_SCHED_MC=y CONFIG_SCHED_MC_PRIO=y # CONFIG_PREEMPT_NONE is not set -CONFIG_PREEMPT_VOLUNTARY=y -# CONFIG_PREEMPT is not set +# CONFIG_PREEMPT_VOLUNTARY is not set +CONFIG_PREEMPT=y +CONFIG_PREEMPT_COUNT=y CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y @@ -552,7 +551,7 @@ CONFIG_PERF_EVENTS_INTEL_CSTATE=m CONFIG_PERF_EVENTS_AMD_POWER=m # CONFIG_VM86 is not set -# CONFIG_X86_VSYSCALL_EMULATION is not set +CONFIG_X86_VSYSCALL_EMULATION=y CONFIG_I8K=m CONFIG_MICROCODE=y CONFIG_MICROCODE_INTEL=y @@ -945,7 +944,7 @@ CONFIG_RAPIDIO_TSI568=m CONFIG_RAPIDIO_CPS_GEN2=m CONFIG_RAPIDIO_RXS_GEN3=m -CONFIG_X86_SYSFB=y +# CONFIG_X86_SYSFB is not set # # Executable file formats / Emulations @@ -1030,7 +1029,7 @@ CONFIG_INET_DIAG_DESTROY=y CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m -CONFIG_TCP_CONG_CUBIC=m +CONFIG_TCP_CONG_CUBIC=y CONFIG_TCP_CONG_WESTWOOD=m CONFIG_TCP_CONG_HTCP=m CONFIG_TCP_CONG_HSTCP=m @@ -1044,10 +1043,10 @@ CONFIG_TCP_CONG_ILLINOIS=m CONFIG_TCP_CONG_DCTCP=m CONFIG_TCP_CONG_CDG=m -CONFIG_TCP_CONG_BBR=y -CONFIG_DEFAULT_BBR=y +CONFIG_TCP_CONG_BBR=m +CONFIG_DEFAULT_CUBIC=y # CONFIG_DEFAULT_RENO is not set -CONFIG_DEFAULT_TCP_CONG="bbr" +CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_TCP_MD5SIG=y CONFIG_IPV6=y CONFIG_IPV6_ROUTER_PREF=y @@ -1545,19 +1544,19 @@ CONFIG_NET_SCH_CHOKE=m CONFIG_NET_SCH_QFQ=m CONFIG_NET_SCH_CODEL=m -CONFIG_NET_SCH_FQ_CODEL=m -CONFIG_NET_SCH_FQ=y +CONFIG_NET_SCH_FQ_CODEL=y +CONFIG_NET_SCH_FQ=m CONFIG_NET_SCH_HHF=m CONFIG_NET_SCH_PIE=m CONFIG_NET_SCH_INGRESS=m CONFIG_NET_SCH_PLUG=m CONFIG_NET_SCH_DEFAULT=y -CONFIG_DEFAULT_FQ=y +# CONFIG_DEFAULT_FQ is not set # CONFIG_DEFAULT_CODEL is not set -# CONFIG_DEFAULT_FQ_CODEL is not set +CONFIG_DEFAULT_FQ_CODEL=y # CONFIG_DEFAULT_SFQ is not set # CONFIG_DEFAULT_PFIFO_FAST is not set -CONFIG_DEFAULT_NET_SCH="fq" +CONFIG_DEFAULT_NET_SCH="fq_codel" # # Classification @@ -2747,6 +2746,9 @@ CONFIG_MACB_PCI=m CONFIG_NET_VENDOR_BROADCOM=y CONFIG_B44=m +CONFIG_B44_PCI_AUTOSELECT=y +CONFIG_B44_PCICORE_AUTOSELECT=y +CONFIG_B44_PCI=y CONFIG_BCMGENET=m CONFIG_BNX2=m CONFIG_CNIC=m @@ -3176,6 +3178,8 @@ CONFIG_B43_BUSES_BCMA_AND_SSB=y # CONFIG_B43_BUSES_BCMA is not set # CONFIG_B43_BUSES_SSB is not set +CONFIG_B43_PCI_AUTOSELECT=y +CONFIG_B43_PCICORE_AUTOSELECT=y CONFIG_B43_SDIO=y CONFIG_B43_BCMA_PIO=y CONFIG_B43_PIO=y @@ -3187,6 +3191,8 @@ CONFIG_B43_HWRNG=y # CONFIG_B43_DEBUG is not set CONFIG_B43LEGACY=m +CONFIG_B43LEGACY_PCI_AUTOSELECT=y +CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y CONFIG_B43LEGACY_LEDS=y CONFIG_B43LEGACY_HWRNG=y CONFIG_B43LEGACY_DEBUG=y @@ -4732,6 +4738,9 @@ CONFIG_SSB=m CONFIG_SSB_SPROM=y CONFIG_SSB_BLOCKIO=y +CONFIG_SSB_PCIHOST_POSSIBLE=y +CONFIG_SSB_PCIHOST=y +CONFIG_SSB_B43_PCI_BRIDGE=y CONFIG_SSB_PCMCIAHOST_POSSIBLE=y CONFIG_SSB_PCMCIAHOST=y CONFIG_SSB_SDIOHOST_POSSIBLE=y @@ -4738,6 +4747,8 @@ CONFIG_SSB_SDIOHOST=y # CONFIG_SSB_SILENT is not set # CONFIG_SSB_DEBUG is not set +CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y +CONFIG_SSB_DRIVER_PCICORE=y CONFIG_SSB_DRIVER_GPIO=y CONFIG_BCMA_POSSIBLE=y CONFIG_BCMA=m @@ -4989,6 +5000,7 @@ CONFIG_REGULATOR_WM8994=m CONFIG_CEC_CORE=m CONFIG_CEC_NOTIFIER=y +CONFIG_CEC_PIN=y CONFIG_RC_CORE=m CONFIG_RC_MAP=m CONFIG_RC_DECODERS=y @@ -5340,6 +5352,7 @@ CONFIG_VIDEO_VIM2M=m CONFIG_DVB_PLATFORM_DRIVERS=y CONFIG_CEC_PLATFORM_DRIVERS=y +CONFIG_CEC_GPIO=m CONFIG_SDR_PLATFORM_DRIVERS=y # @@ -5750,7 +5763,7 @@ # CONFIG_DRM_AMD_DC=y CONFIG_DRM_AMD_DC_PRE_VEGA=y -CONFIG_DRM_AMD_DC_FBC=y +# CONFIG_DRM_AMD_DC_FBC is not set CONFIG_DRM_AMD_DC_DCN1_0=y # CONFIG_DEBUG_KERNEL_DC is not set @@ -5899,8 +5912,14 @@ # CONFIG_FB_HGA is not set # CONFIG_FB_OPENCORES is not set # CONFIG_FB_S1D13XXX is not set -# CONFIG_FB_NVIDIA is not set -# CONFIG_FB_RIVA is not set +CONFIG_FB_NVIDIA=m +CONFIG_FB_NVIDIA_I2C=y +# CONFIG_FB_NVIDIA_DEBUG is not set +CONFIG_FB_NVIDIA_BACKLIGHT=y +CONFIG_FB_RIVA=m +CONFIG_FB_RIVA_I2C=y +# CONFIG_FB_RIVA_DEBUG is not set +CONFIG_FB_RIVA_BACKLIGHT=y # CONFIG_FB_I740 is not set # CONFIG_FB_LE80578 is not set # CONFIG_FB_INTEL is not set @@ -7680,41 +7699,7 @@ CONFIG_UNISYSSPAR=y # CONFIG_UNISYS_VISORBUS is not set CONFIG_COMMON_CLK_XLNX_CLKWZRD=m -CONFIG_FB_TFT=m -# CONFIG_FB_TFT_AGM1264K_FL is not set -# CONFIG_FB_TFT_BD663474 is not set -# CONFIG_FB_TFT_HX8340BN is not set -# CONFIG_FB_TFT_HX8347D is not set -# CONFIG_FB_TFT_HX8353D is not set -# CONFIG_FB_TFT_HX8357D is not set -# CONFIG_FB_TFT_ILI9163 is not set -# CONFIG_FB_TFT_ILI9320 is not set -# CONFIG_FB_TFT_ILI9325 is not set -# CONFIG_FB_TFT_ILI9340 is not set -# CONFIG_FB_TFT_ILI9341 is not set -# CONFIG_FB_TFT_ILI9481 is not set -# CONFIG_FB_TFT_ILI9486 is not set -# CONFIG_FB_TFT_PCD8544 is not set -# CONFIG_FB_TFT_RA8875 is not set -# CONFIG_FB_TFT_S6D02A1 is not set -# CONFIG_FB_TFT_S6D1121 is not set -# CONFIG_FB_TFT_SH1106 is not set -# CONFIG_FB_TFT_SSD1289 is not set -# CONFIG_FB_TFT_SSD1305 is not set -# CONFIG_FB_TFT_SSD1306 is not set -# CONFIG_FB_TFT_SSD1325 is not set -# CONFIG_FB_TFT_SSD1331 is not set -# CONFIG_FB_TFT_SSD1351 is not set -# CONFIG_FB_TFT_ST7735R is not set -# CONFIG_FB_TFT_ST7789V is not set -# CONFIG_FB_TFT_TINYLCD is not set -# CONFIG_FB_TFT_TLS8204 is not set -# CONFIG_FB_TFT_UC1611 is not set -# CONFIG_FB_TFT_UC1701 is not set -# CONFIG_FB_TFT_UPD161704 is not set -# CONFIG_FB_TFT_WATTEROTT is not set -# CONFIG_FB_FLEX is not set -# CONFIG_FB_TFT_FBTFT_DEVICE is not set +# CONFIG_FB_TFT is not set CONFIG_WILC1000=m CONFIG_WILC1000_SDIO=m CONFIG_WILC1000_SPI=m @@ -7729,26 +7714,7 @@ CONFIG_HDM_I2C=m CONFIG_HDM_USB=m CONFIG_KS7010=m -CONFIG_GREYBUS=m -CONFIG_GREYBUS_ES2=m -CONFIG_GREYBUS_AUDIO=m -CONFIG_GREYBUS_BOOTROM=m -CONFIG_GREYBUS_FIRMWARE=m -CONFIG_GREYBUS_HID=m -CONFIG_GREYBUS_LIGHT=m -CONFIG_GREYBUS_LOG=m -CONFIG_GREYBUS_LOOPBACK=m -CONFIG_GREYBUS_POWER=m -CONFIG_GREYBUS_RAW=m -CONFIG_GREYBUS_VIBRATOR=m -CONFIG_GREYBUS_BRIDGED_PHY=m -CONFIG_GREYBUS_GPIO=m -CONFIG_GREYBUS_I2C=m -CONFIG_GREYBUS_PWM=m -CONFIG_GREYBUS_SDIO=m -CONFIG_GREYBUS_SPI=m -CONFIG_GREYBUS_UART=m -CONFIG_GREYBUS_USB=m +# CONFIG_GREYBUS is not set CONFIG_CRYPTO_DEV_CCREE=m # @@ -8996,6 +8962,7 @@ CONFIG_SCHEDSTATS=y CONFIG_SCHED_STACK_END_CHECK=y # CONFIG_DEBUG_TIMEKEEPING is not set +CONFIG_DEBUG_PREEMPT=y # # Lock Debugging (spinlocks, mutexes, etc...) @@ -9061,6 +9028,7 @@ CONFIG_FUNCTION_GRAPH_TRACER=y # CONFIG_PREEMPTIRQ_EVENTS is not set # CONFIG_IRQSOFF_TRACER is not set +# CONFIG_PREEMPT_TRACER is not set CONFIG_SCHED_TRACER=y CONFIG_HWLAT_TRACER=y CONFIG_FTRACE_SYSCALLS=y Added: x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch =================================================================== --- x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch (rev 0) +++ x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch 2018-02-18 20:04:14 UTC (rev 296246) @@ -0,0 +1,59 @@ +From 4f277295e54c5b7340e48efea3fc5cc21a2872b7 Mon Sep 17 00:00:00 2001 +From: Juergen Gross <jgr...@suse.com> +Date: Thu, 1 Feb 2018 13:40:19 +0100 +Subject: [PATCH] x86/xen: init %gs very early to avoid page faults with stack + protector + +When running as Xen pv guest %gs is initialized some time after +C code is started. Depending on stack protector usage this might be +too late, resulting in page faults. + +So setup %gs and MSR_GS_BASE in assembly code already. + +Cc: sta...@vger.kernel.org +Signed-off-by: Juergen Gross <jgr...@suse.com> +Reviewed-by: Boris Ostrovsky <boris.ostrov...@oracle.com> +Tested-by: Chris Patterson <cjp...@gmail.com> +Signed-off-by: Juergen Gross <jgr...@suse.com> +--- + arch/x86/xen/xen-head.S | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S +index 497cc55a0c16..96f26e026783 100644 +--- a/arch/x86/xen/xen-head.S ++++ b/arch/x86/xen/xen-head.S +@@ -9,7 +9,9 @@ + + #include <asm/boot.h> + #include <asm/asm.h> ++#include <asm/msr.h> + #include <asm/page_types.h> ++#include <asm/percpu.h> + #include <asm/unwind_hints.h> + + #include <xen/interface/elfnote.h> +@@ -35,6 +37,20 @@ ENTRY(startup_xen) + mov %_ASM_SI, xen_start_info + mov $init_thread_union+THREAD_SIZE, %_ASM_SP + ++#ifdef CONFIG_X86_64 ++ /* Set up %gs. ++ * ++ * The base of %gs always points to the bottom of the irqstack ++ * union. If the stack protector canary is enabled, it is ++ * located at %gs:40. Note that, on SMP, the boot cpu uses ++ * init data section till per cpu areas are set up. ++ */ ++ movl $MSR_GS_BASE,%ecx ++ movq $INIT_PER_CPU_VAR(irq_stack_union),%rax ++ cdq ++ wrmsr ++#endif ++ + jmp xen_start_kernel + END(startup_xen) + __FINIT +-- +2.16.1 +