diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index ec60bc9..07ea2e7 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,8 +1,8 @@ -From d817891efd179bdb0b5d30fa8aafaeb2a96af76c Mon Sep 17 00:00:00 2001 -Message-Id: +From 44c5097b2711429f0d49d138681f67157982e729 Mon Sep 17 00:00:00 2001 +Message-Id: <44c5097b2711429f0d49d138681f67157982e729.1518653356.git.jan.steffens@gmail.com> From: Serge Hallyn Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn diff --git a/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch index 2214123..0ad802f 100644 --- a/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch +++ b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -1,10 +1,10 @@ -From f256ec7564d904b5c245c34a7cb091e6912b22c3 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: -References: +From 7596bfa5ccb3e3a72443871a4c6d0c4f230c1cb5 Mon Sep 17 00:00:00 2001 +Message-Id: <7596bfa5ccb3e3a72443871a4c6d0c4f230c1cb5.1518653356.git.jan.steffens@gmail.com> +In-Reply-To: <44c5097b2711429f0d49d138681f67157982e729.1518653356.git.jan.steffens@gmail.com> +References: <44c5097b2711429f0d49d138681f67157982e729.1518653356.git.jan.steffens@gmail.com> From: Jim Bride Date: Mon, 6 Nov 2017 13:38:57 -0800 -Subject: [PATCH 2/3] drm/i915/edp: Only use the alternate fixed mode if it's +Subject: [PATCH 2/4] drm/i915/edp: Only use the alternate fixed mode if it's asked for In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for diff --git a/0003-ssb-Do-not-disable-PCI-host-on-non-Mips.patch b/0003-ssb-Do-not-disable-PCI-host-on-non-Mips.patch index f1102e0..ecea40c 100644 --- a/0003-ssb-Do-not-disable-PCI-host-on-non-Mips.patch +++ b/0003-ssb-Do-not-disable-PCI-host-on-non-Mips.patch @@ -1,10 +1,10 @@ -From 1a0e4c170e4622947c0d1d530d63a3241a99b93c Mon Sep 17 00:00:00 2001 -Message-Id: <1a0e4c170e4622947c0d1d530d63a3241a99b93c.1518115547.git.jan.steffens@gmail.com> -In-Reply-To: -References: +From 509ca946c21ff2ae50c6404d191c87573a53a621 Mon Sep 17 00:00:00 2001 +Message-Id: <509ca946c21ff2ae50c6404d191c87573a53a621.1518653356.git.jan.steffens@gmail.com> +In-Reply-To: <44c5097b2711429f0d49d138681f67157982e729.1518653356.git.jan.steffens@gmail.com> +References: <44c5097b2711429f0d49d138681f67157982e729.1518653356.git.jan.steffens@gmail.com> From: Sven Joachim Date: Fri, 26 Jan 2018 10:38:01 +0100 -Subject: [PATCH 3/3] ssb: Do not disable PCI host on non-Mips +Subject: [PATCH 3/4] ssb: Do not disable PCI host on non-Mips After upgrading an old laptop to 4.15-rc9, I found that the eth0 and wlan0 interfaces had disappeared. It turns out that the b43 and b44 diff --git a/0004-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch b/0004-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch new file mode 100644 index 0000000..6884623 --- /dev/null +++ b/0004-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch @@ -0,0 +1,80 @@ +From 782e9c805d19610d5821d1f75a3854ac587e2dac Mon Sep 17 00:00:00 2001 +Message-Id: <782e9c805d19610d5821d1f75a3854ac587e2dac.1518653356.git.jan.steffens@gmail.com> +In-Reply-To: <44c5097b2711429f0d49d138681f67157982e729.1518653356.git.jan.steffens@gmail.com> +References: <44c5097b2711429f0d49d138681f67157982e729.1518653356.git.jan.steffens@gmail.com> +From: Juergen Gross +Date: Thu, 1 Feb 2018 13:40:19 +0100 +Subject: [PATCH 4/4] x86/xen: init %gs very early to avoid page faults with + stack protector + +When running as Xen pv guest %gs is initialized some time after +C code is started. Depending on stack protector usage this might be +too late, resulting in page faults. + +So setup %gs and MSR_GS_BASE in assembly code already. + +Cc: stable@vger.kernel.org +Signed-off-by: Juergen Gross +Reviewed-by: Boris Ostrovsky +Tested-by: Chris Patterson +Signed-off-by: Juergen Gross +--- + arch/x86/xen/xen-head.S | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S +index 497cc55a0c16..96f26e026783 100644 +--- a/arch/x86/xen/xen-head.S ++++ b/arch/x86/xen/xen-head.S +@@ -9,32 +9,48 @@ + + #include + #include ++#include + #include ++#include + #include + + #include + #include + #include + #include + #include + + #ifdef CONFIG_XEN_PV + __INIT + ENTRY(startup_xen) + UNWIND_HINT_EMPTY + cld + + /* Clear .bss */ + xor %eax,%eax + mov $__bss_start, %_ASM_DI + mov $__bss_stop, %_ASM_CX + sub %_ASM_DI, %_ASM_CX + shr $__ASM_SEL(2, 3), %_ASM_CX + rep __ASM_SIZE(stos) + + mov %_ASM_SI, xen_start_info + mov $init_thread_union+THREAD_SIZE, %_ASM_SP + ++#ifdef CONFIG_X86_64 ++ /* Set up %gs. ++ * ++ * The base of %gs always points to the bottom of the irqstack ++ * union. If the stack protector canary is enabled, it is ++ * located at %gs:40. Note that, on SMP, the boot cpu uses ++ * init data section till per cpu areas are set up. ++ */ ++ movl $MSR_GS_BASE,%ecx ++ movq $INIT_PER_CPU_VAR(irq_stack_union),%rax ++ cdq ++ wrmsr ++#endif ++ + jmp xen_start_kernel + END(startup_xen) + __FINIT +-- +2.16.1 + diff --git a/PKGBUILD b/PKGBUILD index 3173d96..08cd630 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -5,7 +5,7 @@ pkgbase=linux # Build stock -ARCH kernel #pkgbase=linux-custom # Build kernel with a different name _srcname=linux-4.15 pkgver=4.15.3 -pkgrel=1 +pkgrel=2 arch=('x86_64') url="https://www.kernel.org/" license=('GPL2') @@ -21,6 +21,7 @@ source=( 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch 0003-ssb-Do-not-disable-PCI-host-on-non-Mips.patch + 0004-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -34,9 +35,10 @@ sha256sums=('5a26478906d5005f4f809402e981518d2b8844949199f60c4b6e1f986ca2a769' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - 'b20e25656c9423591afd0325fe26320f50bc3421ff204acbfe5dd88ffb3866fe' - '68575230693b374eb68e6100e719c71a196db57fe0ac79ddae02fe72b404e09e' - 'b21406c060cf601f879528cfa1b83f524c44d8ecd99689c331a7c6326653d0be') + '95bda0b206b917ee907375bb0015b8f04f668bfea74706ce614442326a6be442' + '2a9adeea2d45513ee3ef0af9fb91c254f14500195e801581b55abcf4ff228eb0' + '990653b33a736b3941f03d8ca49795109f16507afa34b57dbce3c8e2d2fb26ca' + '13bc8392b26d1ce0182060fba0f37f74dd7cdc6fff2fdea3240fc4e755621277') _kernelname=${pkgbase#linux} : ${_kernelname:=-ARCH} @@ -59,6 +61,9 @@ prepare() { # https://bugs.archlinux.org/task/57327 patch -Np1 -i ../0003-ssb-Do-not-disable-PCI-host-on-non-Mips.patch + # https://bugs.archlinux.org/task/57500 + patch -Np1 -i ../0004-x86-xen-init-gs-very-early-to-avoid-page-faults-with.patch + cat ../config - >.config <