5.14.8-1 (clr 5.14.8-1078)
This commit is contained in:
parent
4d8b9e0540
commit
d38aabde65
4 changed files with 25 additions and 372 deletions
26
.SRCINFO
26
.SRCINFO
|
@ -1,6 +1,6 @@
|
||||||
pkgbase = linux-clear
|
pkgbase = linux-clear
|
||||||
pkgdesc = Clear Linux
|
pkgdesc = Clear Linux
|
||||||
pkgver = 5.13.19
|
pkgver = 5.14.8
|
||||||
pkgrel = 1
|
pkgrel = 1
|
||||||
url = https://github.com/clearlinux-pkgs/linux
|
url = https://github.com/clearlinux-pkgs/linux
|
||||||
arch = x86_64
|
arch = x86_64
|
||||||
|
@ -12,22 +12,22 @@ pkgbase = linux-clear
|
||||||
makedepends = libelf
|
makedepends = libelf
|
||||||
makedepends = xmlto
|
makedepends = xmlto
|
||||||
options = !strip
|
options = !strip
|
||||||
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.13.tar.xz
|
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.14.tar.xz
|
||||||
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.13.tar.sign
|
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.14.tar.sign
|
||||||
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-5.13.19.xz
|
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-5.14.8.xz
|
||||||
source = clearlinux::git+https://github.com/clearlinux-pkgs/linux.git#tag=5.13.17-1074
|
source = clearlinux::git+https://github.com/clearlinux-pkgs/linux.git#tag=5.14.8-1078
|
||||||
source = more-uarches-20210818.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/20210818.tar.gz
|
source = more-uarches-20210914.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/20210914.tar.gz
|
||||||
source = pci-enable-overrides-for-missing-acs-capabilities.patch
|
source = 0001-pci-Enable-overrides-for-missing-ACS-capabilities.patch::https://raw.githubusercontent.com/xanmod/linux-patches/e2d48df5def86f498766b22e836a9c2f1bcb3809/linux-5.14.y-xanmod/pci_acso/0001-pci-Enable-overrides-for-missing-ACS-capabilities.patch
|
||||||
source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
|
source = 0001-sysctl-add-sysctl-to-disallow-unprivileged-CLONE_NEW.patch::https://raw.githubusercontent.com/xanmod/linux-patches/e2d48df5def86f498766b22e836a9c2f1bcb3809/linux-5.14.y-xanmod/userns/0001-sysctl-add-sysctl-to-disallow-unprivileged-CLONE_NEW.patch
|
||||||
validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
|
validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
|
||||||
validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
|
validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
|
||||||
sha256sums = 3f6baa97f37518439f51df2e4f3d65a822ca5ff016aa8e60d2cc53b95a6c89d9
|
sha256sums = 7e068b5e0d26a62b10e5320b25dce57588cbbc6f781c090442138c9c9c3271b2
|
||||||
sha256sums = SKIP
|
sha256sums = SKIP
|
||||||
sha256sums = 6fadc31348a0c0bbce86b067811d1dadae307bbde5b712c688b3193d73f0fb71
|
sha256sums = 3ad8bc71d6fe35982e75dd60744f775159bc7f2d89fe1458ffe2f6aed03b6bd9
|
||||||
sha256sums = SKIP
|
sha256sums = SKIP
|
||||||
sha256sums = d361171032ec9fce11c53bfbd667d0c3f0cb4004a17329ab195d6dcc5aa88caf
|
sha256sums = b70720e7537a0b6455edaeb198d52151fb3b3c3a91631b8f43d2e71b694da611
|
||||||
sha256sums = 2c98de0814366b041aeee4cbf82b82620c7834bc33752d50f089e8bd7ea5cf5e
|
sha256sums = 1c7aee7bccb1d848887b0cef273518badb09021788b148db1c6168d4c761f1fd
|
||||||
sha256sums = 34614e92ed29d11f5f6150ee8ed6c5ffe7f8f3d99a2fed6aebe40e513749c3ba
|
sha256sums = ece72251dacc37d239a5bbf170629c155cee634c05febd8d654b110077d29f28
|
||||||
|
|
||||||
pkgname = linux-clear
|
pkgname = linux-clear
|
||||||
pkgdesc = The Clear Linux kernel and modules
|
pkgdesc = The Clear Linux kernel and modules
|
||||||
|
|
|
@ -1,154 +0,0 @@
|
||||||
From a0a84528e06b99d83046fd16d2fa132c8d20a46c Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
|
|
||||||
Date: Mon, 16 Sep 2019 04:53:20 +0200
|
|
||||||
Subject: [PATCH] ZEN: Add sysctl and CONFIG to disallow unprivileged
|
|
||||||
CLONE_NEWUSER
|
|
||||||
|
|
||||||
Our default behavior continues to match the vanilla kernel.
|
|
||||||
---
|
|
||||||
include/linux/user_namespace.h | 4 ++++
|
|
||||||
init/Kconfig | 16 ++++++++++++++++
|
|
||||||
kernel/fork.c | 14 ++++++++++++++
|
|
||||||
kernel/sysctl.c | 12 ++++++++++++
|
|
||||||
kernel/user_namespace.c | 7 +++++++
|
|
||||||
5 files changed, 53 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
|
|
||||||
index 1d08dbbcf..180da8f71 100644
|
|
||||||
--- a/include/linux/user_namespace.h
|
|
||||||
+++ b/include/linux/user_namespace.h
|
|
||||||
@@ -112,6 +112,8 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_type type);
|
|
||||||
|
|
||||||
#ifdef CONFIG_USER_NS
|
|
||||||
|
|
||||||
+extern int unprivileged_userns_clone;
|
|
||||||
+
|
|
||||||
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
|
|
||||||
{
|
|
||||||
if (ns)
|
|
||||||
@@ -145,6 +147,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns);
|
|
||||||
struct ns_common *ns_get_owner(struct ns_common *ns);
|
|
||||||
#else
|
|
||||||
|
|
||||||
+#define unprivileged_userns_clone 0
|
|
||||||
+
|
|
||||||
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
|
|
||||||
{
|
|
||||||
return &init_user_ns;
|
|
||||||
diff --git a/init/Kconfig b/init/Kconfig
|
|
||||||
index a61c92066..6a2920f2e 100644
|
|
||||||
--- a/init/Kconfig
|
|
||||||
+++ b/init/Kconfig
|
|
||||||
@@ -1195,6 +1195,22 @@ config USER_NS
|
|
||||||
|
|
||||||
If unsure, say N.
|
|
||||||
|
|
||||||
+config USER_NS_UNPRIVILEGED
|
|
||||||
+ bool "Allow unprivileged users to create namespaces"
|
|
||||||
+ default y
|
|
||||||
+ depends on USER_NS
|
|
||||||
+ help
|
|
||||||
+ When disabled, unprivileged users will not be able to create
|
|
||||||
+ new namespaces. Allowing users to create their own namespaces
|
|
||||||
+ has been part of several recent local privilege escalation
|
|
||||||
+ exploits, so if you need user namespaces but are
|
|
||||||
+ paranoid^Wsecurity-conscious you want to disable this.
|
|
||||||
+
|
|
||||||
+ This setting can be overridden at runtime via the
|
|
||||||
+ kernel.unprivileged_userns_clone sysctl.
|
|
||||||
+
|
|
||||||
+ If unsure, say Y.
|
|
||||||
+
|
|
||||||
config PID_NS
|
|
||||||
bool "PID Namespaces"
|
|
||||||
default y
|
|
||||||
diff --git a/kernel/fork.c b/kernel/fork.c
|
|
||||||
index a070caed5..03baafd70 100644
|
|
||||||
--- a/kernel/fork.c
|
|
||||||
+++ b/kernel/fork.c
|
|
||||||
@@ -98,6 +98,10 @@
|
|
||||||
#include <linux/io_uring.h>
|
|
||||||
#include <linux/bpf.h>
|
|
||||||
|
|
||||||
+#ifdef CONFIG_USER_NS
|
|
||||||
+#include <linux/user_namespace.h>
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#include <asm/pgalloc.h>
|
|
||||||
#include <linux/uaccess.h>
|
|
||||||
#include <asm/mmu_context.h>
|
|
||||||
@@ -1871,6 +1875,10 @@ static __latent_entropy struct task_struct *copy_process(
|
|
||||||
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
|
|
||||||
return ERR_PTR(-EINVAL);
|
|
||||||
|
|
||||||
+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
|
|
||||||
+ if (!capable(CAP_SYS_ADMIN))
|
|
||||||
+ return ERR_PTR(-EPERM);
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Thread groups must share signals as well, and detached threads
|
|
||||||
* can only be started up within the thread group.
|
|
||||||
@@ -2973,6 +2981,12 @@ int ksys_unshare(unsigned long unshare_flags)
|
|
||||||
if (unshare_flags & CLONE_NEWNS)
|
|
||||||
unshare_flags |= CLONE_FS;
|
|
||||||
|
|
||||||
+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
|
|
||||||
+ err = -EPERM;
|
|
||||||
+ if (!capable(CAP_SYS_ADMIN))
|
|
||||||
+ goto bad_unshare_out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
err = check_unshare_flags(unshare_flags);
|
|
||||||
if (err)
|
|
||||||
goto bad_unshare_out;
|
|
||||||
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
|
|
||||||
index d4a78e08f..0260dfe2d 100644
|
|
||||||
--- a/kernel/sysctl.c
|
|
||||||
+++ b/kernel/sysctl.c
|
|
||||||
@@ -103,6 +103,9 @@
|
|
||||||
#ifdef CONFIG_LOCKUP_DETECTOR
|
|
||||||
#include <linux/nmi.h>
|
|
||||||
#endif
|
|
||||||
+#ifdef CONFIG_USER_NS
|
|
||||||
+#include <linux/user_namespace.h>
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#if defined(CONFIG_SYSCTL)
|
|
||||||
|
|
||||||
@@ -1896,6 +1899,15 @@ static struct ctl_table kern_table[] = {
|
|
||||||
.proc_handler = proc_dointvec,
|
|
||||||
},
|
|
||||||
#endif
|
|
||||||
+#ifdef CONFIG_USER_NS
|
|
||||||
+ {
|
|
||||||
+ .procname = "unprivileged_userns_clone",
|
|
||||||
+ .data = &unprivileged_userns_clone,
|
|
||||||
+ .maxlen = sizeof(int),
|
|
||||||
+ .mode = 0644,
|
|
||||||
+ .proc_handler = proc_dointvec,
|
|
||||||
+ },
|
|
||||||
+#endif
|
|
||||||
#ifdef CONFIG_PROC_SYSCTL
|
|
||||||
{
|
|
||||||
.procname = "tainted",
|
|
||||||
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
|
|
||||||
index 8d6286372..5ca391b2b 100644
|
|
||||||
--- a/kernel/user_namespace.c
|
|
||||||
+++ b/kernel/user_namespace.c
|
|
||||||
@@ -21,6 +21,13 @@
|
|
||||||
#include <linux/bsearch.h>
|
|
||||||
#include <linux/sort.h>
|
|
||||||
|
|
||||||
+/* sysctl */
|
|
||||||
+#ifdef CONFIG_USER_NS_UNPRIVILEGED
|
|
||||||
+int unprivileged_userns_clone = 1;
|
|
||||||
+#else
|
|
||||||
+int unprivileged_userns_clone;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
static struct kmem_cache *user_ns_cachep __read_mostly;
|
|
||||||
static DEFINE_MUTEX(userns_state_mutex);
|
|
||||||
|
|
||||||
--
|
|
||||||
2.32.0.93.g670b81a890
|
|
||||||
|
|
24
PKGBUILD
24
PKGBUILD
|
@ -73,10 +73,10 @@ _use_current=
|
||||||
|
|
||||||
### IMPORTANT: Do no edit below this line unless you know what you're doing
|
### IMPORTANT: Do no edit below this line unless you know what you're doing
|
||||||
|
|
||||||
_major=5.13
|
_major=5.14
|
||||||
_minor=19
|
_minor=8
|
||||||
_srcname=linux-${_major}
|
_srcname=linux-${_major}
|
||||||
_clr=${_major}.17-1074
|
_clr=${_major}.8-1078
|
||||||
pkgbase=linux-clear
|
pkgbase=linux-clear
|
||||||
pkgver=${_major}.${_minor}
|
pkgver=${_major}.${_minor}
|
||||||
pkgrel=1
|
pkgrel=1
|
||||||
|
@ -86,15 +86,15 @@ url="https://github.com/clearlinux-pkgs/linux"
|
||||||
license=('GPL2')
|
license=('GPL2')
|
||||||
makedepends=('bc' 'cpio' 'git' 'kmod' 'libelf' 'xmlto')
|
makedepends=('bc' 'cpio' 'git' 'kmod' 'libelf' 'xmlto')
|
||||||
options=('!strip')
|
options=('!strip')
|
||||||
_gcc_more_v='20210818'
|
_gcc_more_v='20210914'
|
||||||
source=(
|
source=(
|
||||||
"https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_major}.tar.xz"
|
"https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_major}.tar.xz"
|
||||||
"https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_major}.tar.sign"
|
"https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_major}.tar.sign"
|
||||||
"https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-${pkgver}.xz"
|
"https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-${pkgver}.xz"
|
||||||
"clearlinux::git+https://github.com/clearlinux-pkgs/linux.git#tag=${_clr}"
|
"clearlinux::git+https://github.com/clearlinux-pkgs/linux.git#tag=${_clr}"
|
||||||
"more-uarches-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/$_gcc_more_v.tar.gz"
|
"more-uarches-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/$_gcc_more_v.tar.gz"
|
||||||
'pci-enable-overrides-for-missing-acs-capabilities.patch'
|
"0001-pci-Enable-overrides-for-missing-ACS-capabilities.patch::https://raw.githubusercontent.com/xanmod/linux-patches/e2d48df5def86f498766b22e836a9c2f1bcb3809/linux-5.14.y-xanmod/pci_acso/0001-pci-Enable-overrides-for-missing-ACS-capabilities.patch"
|
||||||
'0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch'
|
"0001-sysctl-add-sysctl-to-disallow-unprivileged-CLONE_NEW.patch::https://raw.githubusercontent.com/xanmod/linux-patches/e2d48df5def86f498766b22e836a9c2f1bcb3809/linux-5.14.y-xanmod/userns/0001-sysctl-add-sysctl-to-disallow-unprivileged-CLONE_NEW.patch"
|
||||||
)
|
)
|
||||||
|
|
||||||
export KBUILD_BUILD_HOST=archlinux
|
export KBUILD_BUILD_HOST=archlinux
|
||||||
|
@ -185,7 +185,7 @@ prepare() {
|
||||||
# https://github.com/graysky2/kernel_compiler_patch
|
# https://github.com/graysky2/kernel_compiler_patch
|
||||||
# make sure to apply after olddefconfig to allow the next section
|
# make sure to apply after olddefconfig to allow the next section
|
||||||
echo "Patching to enable GCC optimization for other uarchs..."
|
echo "Patching to enable GCC optimization for other uarchs..."
|
||||||
patch -Np1 -i "$srcdir/kernel_compiler_patch-$_gcc_more_v/more-uarches-for-kernel-5.8+.patch"
|
patch -Np1 -i "$srcdir/kernel_compiler_patch-$_gcc_more_v/more-uarches-for-kernel-5.8-5.14.patch"
|
||||||
|
|
||||||
if [ -n "$_subarch" ]; then
|
if [ -n "$_subarch" ]; then
|
||||||
# user wants a subarch so apply choice defined above interactively via 'yes'
|
# user wants a subarch so apply choice defined above interactively via 'yes'
|
||||||
|
@ -351,13 +351,13 @@ for _p in "${pkgname[@]}"; do
|
||||||
}"
|
}"
|
||||||
done
|
done
|
||||||
|
|
||||||
sha256sums=('3f6baa97f37518439f51df2e4f3d65a822ca5ff016aa8e60d2cc53b95a6c89d9'
|
sha256sums=('7e068b5e0d26a62b10e5320b25dce57588cbbc6f781c090442138c9c9c3271b2'
|
||||||
'SKIP'
|
'SKIP'
|
||||||
'6fadc31348a0c0bbce86b067811d1dadae307bbde5b712c688b3193d73f0fb71'
|
'3ad8bc71d6fe35982e75dd60744f775159bc7f2d89fe1458ffe2f6aed03b6bd9'
|
||||||
'SKIP'
|
'SKIP'
|
||||||
'd361171032ec9fce11c53bfbd667d0c3f0cb4004a17329ab195d6dcc5aa88caf'
|
'b70720e7537a0b6455edaeb198d52151fb3b3c3a91631b8f43d2e71b694da611'
|
||||||
'2c98de0814366b041aeee4cbf82b82620c7834bc33752d50f089e8bd7ea5cf5e'
|
'1c7aee7bccb1d848887b0cef273518badb09021788b148db1c6168d4c761f1fd'
|
||||||
'34614e92ed29d11f5f6150ee8ed6c5ffe7f8f3d99a2fed6aebe40e513749c3ba')
|
'ece72251dacc37d239a5bbf170629c155cee634c05febd8d654b110077d29f28')
|
||||||
|
|
||||||
validpgpkeys=(
|
validpgpkeys=(
|
||||||
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
|
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
|
||||||
|
|
|
@ -1,193 +0,0 @@
|
||||||
From f56f33917f418568141184eb2503ec65309a8255 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Mark Weiman <mark.weiman@markzz.com>
|
|
||||||
Date: Thu, 13 Dec 2018 13:15:16 -0500
|
|
||||||
Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.18)
|
|
||||||
|
|
||||||
This an updated version of Alex Williamson's patch from:
|
|
||||||
https://lkml.org/lkml/2013/5/30/513
|
|
||||||
|
|
||||||
Original commit message follows:
|
|
||||||
---
|
|
||||||
PCIe ACS (Access Control Services) is the PCIe 2.0+ feature that
|
|
||||||
allows us to control whether transactions are allowed to be redirected
|
|
||||||
in various subnodes of a PCIe topology. For instance, if two
|
|
||||||
endpoints are below a root port or downsteam switch port, the
|
|
||||||
downstream port may optionally redirect transactions between the
|
|
||||||
devices, bypassing upstream devices. The same can happen internally
|
|
||||||
on multifunction devices. The transaction may never be visible to the
|
|
||||||
upstream devices.
|
|
||||||
|
|
||||||
One upstream device that we particularly care about is the IOMMU. If
|
|
||||||
a redirection occurs in the topology below the IOMMU, then the IOMMU
|
|
||||||
cannot provide isolation between devices. This is why the PCIe spec
|
|
||||||
encourages topologies to include ACS support. Without it, we have to
|
|
||||||
assume peer-to-peer DMA within a hierarchy can bypass IOMMU isolation.
|
|
||||||
|
|
||||||
Unfortunately, far too many topologies do not support ACS to make this
|
|
||||||
a steadfast requirement. Even the latest chipsets from Intel are only
|
|
||||||
sporadically supporting ACS. We have trouble getting interconnect
|
|
||||||
vendors to include the PCIe spec required PCIe capability, let alone
|
|
||||||
suggested features.
|
|
||||||
|
|
||||||
Therefore, we need to add some flexibility. The pcie_acs_override=
|
|
||||||
boot option lets users opt-in specific devices or sets of devices to
|
|
||||||
assume ACS support. The "downstream" option assumes full ACS support
|
|
||||||
on root ports and downstream switch ports. The "multifunction"
|
|
||||||
option assumes the subset of ACS features available on multifunction
|
|
||||||
endpoints and upstream switch ports are supported. The "id:nnnn:nnnn"
|
|
||||||
option enables ACS support on devices matching the provided vendor
|
|
||||||
and device IDs, allowing more strategic ACS overrides. These options
|
|
||||||
may be combined in any order. A maximum of 16 id specific overrides
|
|
||||||
are available. It's suggested to use the most limited set of options
|
|
||||||
necessary to avoid completely disabling ACS across the topology.
|
|
||||||
Note to hardware vendors, we have facilities to permanently quirk
|
|
||||||
specific devices which enforce isolation but not provide an ACS
|
|
||||||
capability. Please contact me to have your devices added and save
|
|
||||||
your customers the hassle of this boot option.
|
|
||||||
---
|
|
||||||
.../admin-guide/kernel-parameters.txt | 8 ++
|
|
||||||
drivers/pci/quirks.c | 102 ++++++++++++++++++
|
|
||||||
2 files changed, 110 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
index 0c404cda531a..0d45f0014f4a 100644
|
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
@@ -3408,6 +3408,14 @@
|
|
||||||
nomsi [MSI] If the PCI_MSI kernel config parameter is
|
|
||||||
enabled, this kernel boot option can be used to
|
|
||||||
disable the use of MSI interrupts system-wide.
|
|
||||||
+ pci_acs_override [PCIE] Override missing PCIe ACS support for:
|
|
||||||
+ downstream
|
|
||||||
+ All downstream ports - full ACS capabilities
|
|
||||||
+ multifunction
|
|
||||||
+ Add multifunction devices - multifunction ACS subset
|
|
||||||
+ id:nnnn:nnnn
|
|
||||||
+ Specific device - full ACS capabilities
|
|
||||||
+ Specified as vid:did (vendor/device ID) in hex
|
|
||||||
noioapicquirk [APIC] Disable all boot interrupt quirks.
|
|
||||||
Safety option to keep boot IRQs enabled. This
|
|
||||||
should never be necessary.
|
|
||||||
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
|
|
||||||
index c0673a717239..695d99b390f7 100644
|
|
||||||
--- a/drivers/pci/quirks.c
|
|
||||||
+++ b/drivers/pci/quirks.c
|
|
||||||
@@ -192,6 +192,106 @@ static int __init pci_apply_final_quirks(void)
|
|
||||||
}
|
|
||||||
fs_initcall_sync(pci_apply_final_quirks);
|
|
||||||
|
|
||||||
+static bool acs_on_downstream;
|
|
||||||
+static bool acs_on_multifunction;
|
|
||||||
+
|
|
||||||
+#define NUM_ACS_IDS 16
|
|
||||||
+struct acs_on_id {
|
|
||||||
+ unsigned short vendor;
|
|
||||||
+ unsigned short device;
|
|
||||||
+};
|
|
||||||
+static struct acs_on_id acs_on_ids[NUM_ACS_IDS];
|
|
||||||
+static u8 max_acs_id;
|
|
||||||
+
|
|
||||||
+static __init int pcie_acs_override_setup(char *p)
|
|
||||||
+{
|
|
||||||
+ if (!p)
|
|
||||||
+ return -EINVAL;
|
|
||||||
+
|
|
||||||
+ while (*p) {
|
|
||||||
+ if (!strncmp(p, "downstream", 10))
|
|
||||||
+ acs_on_downstream = true;
|
|
||||||
+ if (!strncmp(p, "multifunction", 13))
|
|
||||||
+ acs_on_multifunction = true;
|
|
||||||
+ if (!strncmp(p, "id:", 3)) {
|
|
||||||
+ char opt[5];
|
|
||||||
+ int ret;
|
|
||||||
+ long val;
|
|
||||||
+
|
|
||||||
+ if (max_acs_id >= NUM_ACS_IDS - 1) {
|
|
||||||
+ pr_warn("Out of PCIe ACS override slots (%d)\n",
|
|
||||||
+ NUM_ACS_IDS);
|
|
||||||
+ goto next;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ p += 3;
|
|
||||||
+ snprintf(opt, 5, "%s", p);
|
|
||||||
+ ret = kstrtol(opt, 16, &val);
|
|
||||||
+ if (ret) {
|
|
||||||
+ pr_warn("PCIe ACS ID parse error %d\n", ret);
|
|
||||||
+ goto next;
|
|
||||||
+ }
|
|
||||||
+ acs_on_ids[max_acs_id].vendor = val;
|
|
||||||
+ p += strcspn(p, ":");
|
|
||||||
+ if (*p != ':') {
|
|
||||||
+ pr_warn("PCIe ACS invalid ID\n");
|
|
||||||
+ goto next;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ p++;
|
|
||||||
+ snprintf(opt, 5, "%s", p);
|
|
||||||
+ ret = kstrtol(opt, 16, &val);
|
|
||||||
+ if (ret) {
|
|
||||||
+ pr_warn("PCIe ACS ID parse error %d\n", ret);
|
|
||||||
+ goto next;
|
|
||||||
+ }
|
|
||||||
+ acs_on_ids[max_acs_id].device = val;
|
|
||||||
+ max_acs_id++;
|
|
||||||
+ }
|
|
||||||
+next:
|
|
||||||
+ p += strcspn(p, ",");
|
|
||||||
+ if (*p == ',')
|
|
||||||
+ p++;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (acs_on_downstream || acs_on_multifunction || max_acs_id)
|
|
||||||
+ pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n");
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+early_param("pcie_acs_override", pcie_acs_override_setup);
|
|
||||||
+
|
|
||||||
+static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags)
|
|
||||||
+{
|
|
||||||
+ int i;
|
|
||||||
+
|
|
||||||
+ /* Never override ACS for legacy devices or devices with ACS caps */
|
|
||||||
+ if (!pci_is_pcie(dev) ||
|
|
||||||
+ pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS))
|
|
||||||
+ return -ENOTTY;
|
|
||||||
+
|
|
||||||
+ for (i = 0; i < max_acs_id; i++)
|
|
||||||
+ if (acs_on_ids[i].vendor == dev->vendor &&
|
|
||||||
+ acs_on_ids[i].device == dev->device)
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
+switch (pci_pcie_type(dev)) {
|
|
||||||
+ case PCI_EXP_TYPE_DOWNSTREAM:
|
|
||||||
+ case PCI_EXP_TYPE_ROOT_PORT:
|
|
||||||
+ if (acs_on_downstream)
|
|
||||||
+ return 1;
|
|
||||||
+ break;
|
|
||||||
+ case PCI_EXP_TYPE_ENDPOINT:
|
|
||||||
+ case PCI_EXP_TYPE_UPSTREAM:
|
|
||||||
+ case PCI_EXP_TYPE_LEG_END:
|
|
||||||
+ case PCI_EXP_TYPE_RC_END:
|
|
||||||
+ if (acs_on_multifunction && dev->multifunction)
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return -ENOTTY;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Decoding should be disabled for a PCI device during BAR sizing to avoid
|
|
||||||
* conflict. But doing so may cause problems on host bridge and perhaps other
|
|
||||||
@@ -4674,6 +4674,8 @@ static const struct pci_dev_acs_enabled {
|
|
||||||
{ PCI_VENDOR_ID_ZHAOXIN, 0x9083, pci_quirk_mf_endpoint_acs },
|
|
||||||
/* Zhaoxin Root/Downstream Ports */
|
|
||||||
{ PCI_VENDOR_ID_ZHAOXIN, PCI_ANY_ID, pci_quirk_zhaoxin_pcie_ports_acs },
|
|
||||||
+ /* allow acs for any */
|
|
||||||
+ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
|
|
||||||
{ 0 }
|
|
||||||
};
|
|
||||||
|
|
||||||
--
|
|
||||||
2.20.0
|
|
||||||
|
|
Reference in a new issue