5.14.8-1 (clr 5.14.8-1078)
This commit is contained in:
parent
4d8b9e0540
commit
d38aabde65
4 changed files with 25 additions and 372 deletions
26
.SRCINFO
26
.SRCINFO
|
@ -1,6 +1,6 @@
|
|||
pkgbase = linux-clear
|
||||
pkgdesc = Clear Linux
|
||||
pkgver = 5.13.19
|
||||
pkgver = 5.14.8
|
||||
pkgrel = 1
|
||||
url = https://github.com/clearlinux-pkgs/linux
|
||||
arch = x86_64
|
||||
|
@ -12,22 +12,22 @@ pkgbase = linux-clear
|
|||
makedepends = libelf
|
||||
makedepends = xmlto
|
||||
options = !strip
|
||||
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.13.tar.xz
|
||||
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.13.tar.sign
|
||||
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-5.13.19.xz
|
||||
source = clearlinux::git+https://github.com/clearlinux-pkgs/linux.git#tag=5.13.17-1074
|
||||
source = more-uarches-20210818.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/20210818.tar.gz
|
||||
source = pci-enable-overrides-for-missing-acs-capabilities.patch
|
||||
source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
|
||||
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.14.tar.xz
|
||||
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.14.tar.sign
|
||||
source = https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-5.14.8.xz
|
||||
source = clearlinux::git+https://github.com/clearlinux-pkgs/linux.git#tag=5.14.8-1078
|
||||
source = more-uarches-20210914.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/20210914.tar.gz
|
||||
source = 0001-pci-Enable-overrides-for-missing-ACS-capabilities.patch::https://raw.githubusercontent.com/xanmod/linux-patches/e2d48df5def86f498766b22e836a9c2f1bcb3809/linux-5.14.y-xanmod/pci_acso/0001-pci-Enable-overrides-for-missing-ACS-capabilities.patch
|
||||
source = 0001-sysctl-add-sysctl-to-disallow-unprivileged-CLONE_NEW.patch::https://raw.githubusercontent.com/xanmod/linux-patches/e2d48df5def86f498766b22e836a9c2f1bcb3809/linux-5.14.y-xanmod/userns/0001-sysctl-add-sysctl-to-disallow-unprivileged-CLONE_NEW.patch
|
||||
validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
|
||||
validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
|
||||
sha256sums = 3f6baa97f37518439f51df2e4f3d65a822ca5ff016aa8e60d2cc53b95a6c89d9
|
||||
sha256sums = 7e068b5e0d26a62b10e5320b25dce57588cbbc6f781c090442138c9c9c3271b2
|
||||
sha256sums = SKIP
|
||||
sha256sums = 6fadc31348a0c0bbce86b067811d1dadae307bbde5b712c688b3193d73f0fb71
|
||||
sha256sums = 3ad8bc71d6fe35982e75dd60744f775159bc7f2d89fe1458ffe2f6aed03b6bd9
|
||||
sha256sums = SKIP
|
||||
sha256sums = d361171032ec9fce11c53bfbd667d0c3f0cb4004a17329ab195d6dcc5aa88caf
|
||||
sha256sums = 2c98de0814366b041aeee4cbf82b82620c7834bc33752d50f089e8bd7ea5cf5e
|
||||
sha256sums = 34614e92ed29d11f5f6150ee8ed6c5ffe7f8f3d99a2fed6aebe40e513749c3ba
|
||||
sha256sums = b70720e7537a0b6455edaeb198d52151fb3b3c3a91631b8f43d2e71b694da611
|
||||
sha256sums = 1c7aee7bccb1d848887b0cef273518badb09021788b148db1c6168d4c761f1fd
|
||||
sha256sums = ece72251dacc37d239a5bbf170629c155cee634c05febd8d654b110077d29f28
|
||||
|
||||
pkgname = linux-clear
|
||||
pkgdesc = The Clear Linux kernel and modules
|
||||
|
|
|
@ -1,154 +0,0 @@
|
|||
From a0a84528e06b99d83046fd16d2fa132c8d20a46c Mon Sep 17 00:00:00 2001
|
||||
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
|
||||
Date: Mon, 16 Sep 2019 04:53:20 +0200
|
||||
Subject: [PATCH] ZEN: Add sysctl and CONFIG to disallow unprivileged
|
||||
CLONE_NEWUSER
|
||||
|
||||
Our default behavior continues to match the vanilla kernel.
|
||||
---
|
||||
include/linux/user_namespace.h | 4 ++++
|
||||
init/Kconfig | 16 ++++++++++++++++
|
||||
kernel/fork.c | 14 ++++++++++++++
|
||||
kernel/sysctl.c | 12 ++++++++++++
|
||||
kernel/user_namespace.c | 7 +++++++
|
||||
5 files changed, 53 insertions(+)
|
||||
|
||||
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
|
||||
index 1d08dbbcf..180da8f71 100644
|
||||
--- a/include/linux/user_namespace.h
|
||||
+++ b/include/linux/user_namespace.h
|
||||
@@ -112,6 +112,8 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_type type);
|
||||
|
||||
#ifdef CONFIG_USER_NS
|
||||
|
||||
+extern int unprivileged_userns_clone;
|
||||
+
|
||||
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
|
||||
{
|
||||
if (ns)
|
||||
@@ -145,6 +147,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns);
|
||||
struct ns_common *ns_get_owner(struct ns_common *ns);
|
||||
#else
|
||||
|
||||
+#define unprivileged_userns_clone 0
|
||||
+
|
||||
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
|
||||
{
|
||||
return &init_user_ns;
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index a61c92066..6a2920f2e 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1195,6 +1195,22 @@ config USER_NS
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
+config USER_NS_UNPRIVILEGED
|
||||
+ bool "Allow unprivileged users to create namespaces"
|
||||
+ default y
|
||||
+ depends on USER_NS
|
||||
+ help
|
||||
+ When disabled, unprivileged users will not be able to create
|
||||
+ new namespaces. Allowing users to create their own namespaces
|
||||
+ has been part of several recent local privilege escalation
|
||||
+ exploits, so if you need user namespaces but are
|
||||
+ paranoid^Wsecurity-conscious you want to disable this.
|
||||
+
|
||||
+ This setting can be overridden at runtime via the
|
||||
+ kernel.unprivileged_userns_clone sysctl.
|
||||
+
|
||||
+ If unsure, say Y.
|
||||
+
|
||||
config PID_NS
|
||||
bool "PID Namespaces"
|
||||
default y
|
||||
diff --git a/kernel/fork.c b/kernel/fork.c
|
||||
index a070caed5..03baafd70 100644
|
||||
--- a/kernel/fork.c
|
||||
+++ b/kernel/fork.c
|
||||
@@ -98,6 +98,10 @@
|
||||
#include <linux/io_uring.h>
|
||||
#include <linux/bpf.h>
|
||||
|
||||
+#ifdef CONFIG_USER_NS
|
||||
+#include <linux/user_namespace.h>
|
||||
+#endif
|
||||
+
|
||||
#include <asm/pgalloc.h>
|
||||
#include <linux/uaccess.h>
|
||||
#include <asm/mmu_context.h>
|
||||
@@ -1871,6 +1875,10 @@ static __latent_entropy struct task_struct *copy_process(
|
||||
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
|
||||
return ERR_PTR(-EINVAL);
|
||||
|
||||
+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
|
||||
+ if (!capable(CAP_SYS_ADMIN))
|
||||
+ return ERR_PTR(-EPERM);
|
||||
+
|
||||
/*
|
||||
* Thread groups must share signals as well, and detached threads
|
||||
* can only be started up within the thread group.
|
||||
@@ -2973,6 +2981,12 @@ int ksys_unshare(unsigned long unshare_flags)
|
||||
if (unshare_flags & CLONE_NEWNS)
|
||||
unshare_flags |= CLONE_FS;
|
||||
|
||||
+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
|
||||
+ err = -EPERM;
|
||||
+ if (!capable(CAP_SYS_ADMIN))
|
||||
+ goto bad_unshare_out;
|
||||
+ }
|
||||
+
|
||||
err = check_unshare_flags(unshare_flags);
|
||||
if (err)
|
||||
goto bad_unshare_out;
|
||||
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
|
||||
index d4a78e08f..0260dfe2d 100644
|
||||
--- a/kernel/sysctl.c
|
||||
+++ b/kernel/sysctl.c
|
||||
@@ -103,6 +103,9 @@
|
||||
#ifdef CONFIG_LOCKUP_DETECTOR
|
||||
#include <linux/nmi.h>
|
||||
#endif
|
||||
+#ifdef CONFIG_USER_NS
|
||||
+#include <linux/user_namespace.h>
|
||||
+#endif
|
||||
|
||||
#if defined(CONFIG_SYSCTL)
|
||||
|
||||
@@ -1896,6 +1899,15 @@ static struct ctl_table kern_table[] = {
|
||||
.proc_handler = proc_dointvec,
|
||||
},
|
||||
#endif
|
||||
+#ifdef CONFIG_USER_NS
|
||||
+ {
|
||||
+ .procname = "unprivileged_userns_clone",
|
||||
+ .data = &unprivileged_userns_clone,
|
||||
+ .maxlen = sizeof(int),
|
||||
+ .mode = 0644,
|
||||
+ .proc_handler = proc_dointvec,
|
||||
+ },
|
||||
+#endif
|
||||
#ifdef CONFIG_PROC_SYSCTL
|
||||
{
|
||||
.procname = "tainted",
|
||||
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
|
||||
index 8d6286372..5ca391b2b 100644
|
||||
--- a/kernel/user_namespace.c
|
||||
+++ b/kernel/user_namespace.c
|
||||
@@ -21,6 +21,13 @@
|
||||
#include <linux/bsearch.h>
|
||||
#include <linux/sort.h>
|
||||
|
||||
+/* sysctl */
|
||||
+#ifdef CONFIG_USER_NS_UNPRIVILEGED
|
||||
+int unprivileged_userns_clone = 1;
|
||||
+#else
|
||||
+int unprivileged_userns_clone;
|
||||
+#endif
|
||||
+
|
||||
static struct kmem_cache *user_ns_cachep __read_mostly;
|
||||
static DEFINE_MUTEX(userns_state_mutex);
|
||||
|
||||
--
|
||||
2.32.0.93.g670b81a890
|
||||
|
24
PKGBUILD
24
PKGBUILD
|
@ -73,10 +73,10 @@ _use_current=
|
|||
|
||||
### IMPORTANT: Do no edit below this line unless you know what you're doing
|
||||
|
||||
_major=5.13
|
||||
_minor=19
|
||||
_major=5.14
|
||||
_minor=8
|
||||
_srcname=linux-${_major}
|
||||
_clr=${_major}.17-1074
|
||||
_clr=${_major}.8-1078
|
||||
pkgbase=linux-clear
|
||||
pkgver=${_major}.${_minor}
|
||||
pkgrel=1
|
||||
|
@ -86,15 +86,15 @@ url="https://github.com/clearlinux-pkgs/linux"
|
|||
license=('GPL2')
|
||||
makedepends=('bc' 'cpio' 'git' 'kmod' 'libelf' 'xmlto')
|
||||
options=('!strip')
|
||||
_gcc_more_v='20210818'
|
||||
_gcc_more_v='20210914'
|
||||
source=(
|
||||
"https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_major}.tar.xz"
|
||||
"https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_major}.tar.sign"
|
||||
"https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-${pkgver}.xz"
|
||||
"clearlinux::git+https://github.com/clearlinux-pkgs/linux.git#tag=${_clr}"
|
||||
"more-uarches-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_compiler_patch/archive/$_gcc_more_v.tar.gz"
|
||||
'pci-enable-overrides-for-missing-acs-capabilities.patch'
|
||||
'0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch'
|
||||
"0001-pci-Enable-overrides-for-missing-ACS-capabilities.patch::https://raw.githubusercontent.com/xanmod/linux-patches/e2d48df5def86f498766b22e836a9c2f1bcb3809/linux-5.14.y-xanmod/pci_acso/0001-pci-Enable-overrides-for-missing-ACS-capabilities.patch"
|
||||
"0001-sysctl-add-sysctl-to-disallow-unprivileged-CLONE_NEW.patch::https://raw.githubusercontent.com/xanmod/linux-patches/e2d48df5def86f498766b22e836a9c2f1bcb3809/linux-5.14.y-xanmod/userns/0001-sysctl-add-sysctl-to-disallow-unprivileged-CLONE_NEW.patch"
|
||||
)
|
||||
|
||||
export KBUILD_BUILD_HOST=archlinux
|
||||
|
@ -185,7 +185,7 @@ prepare() {
|
|||
# https://github.com/graysky2/kernel_compiler_patch
|
||||
# make sure to apply after olddefconfig to allow the next section
|
||||
echo "Patching to enable GCC optimization for other uarchs..."
|
||||
patch -Np1 -i "$srcdir/kernel_compiler_patch-$_gcc_more_v/more-uarches-for-kernel-5.8+.patch"
|
||||
patch -Np1 -i "$srcdir/kernel_compiler_patch-$_gcc_more_v/more-uarches-for-kernel-5.8-5.14.patch"
|
||||
|
||||
if [ -n "$_subarch" ]; then
|
||||
# user wants a subarch so apply choice defined above interactively via 'yes'
|
||||
|
@ -351,13 +351,13 @@ for _p in "${pkgname[@]}"; do
|
|||
}"
|
||||
done
|
||||
|
||||
sha256sums=('3f6baa97f37518439f51df2e4f3d65a822ca5ff016aa8e60d2cc53b95a6c89d9'
|
||||
sha256sums=('7e068b5e0d26a62b10e5320b25dce57588cbbc6f781c090442138c9c9c3271b2'
|
||||
'SKIP'
|
||||
'6fadc31348a0c0bbce86b067811d1dadae307bbde5b712c688b3193d73f0fb71'
|
||||
'3ad8bc71d6fe35982e75dd60744f775159bc7f2d89fe1458ffe2f6aed03b6bd9'
|
||||
'SKIP'
|
||||
'd361171032ec9fce11c53bfbd667d0c3f0cb4004a17329ab195d6dcc5aa88caf'
|
||||
'2c98de0814366b041aeee4cbf82b82620c7834bc33752d50f089e8bd7ea5cf5e'
|
||||
'34614e92ed29d11f5f6150ee8ed6c5ffe7f8f3d99a2fed6aebe40e513749c3ba')
|
||||
'b70720e7537a0b6455edaeb198d52151fb3b3c3a91631b8f43d2e71b694da611'
|
||||
'1c7aee7bccb1d848887b0cef273518badb09021788b148db1c6168d4c761f1fd'
|
||||
'ece72251dacc37d239a5bbf170629c155cee634c05febd8d654b110077d29f28')
|
||||
|
||||
validpgpkeys=(
|
||||
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
|
||||
|
|
|
@ -1,193 +0,0 @@
|
|||
From f56f33917f418568141184eb2503ec65309a8255 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Weiman <mark.weiman@markzz.com>
|
||||
Date: Thu, 13 Dec 2018 13:15:16 -0500
|
||||
Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.18)
|
||||
|
||||
This an updated version of Alex Williamson's patch from:
|
||||
https://lkml.org/lkml/2013/5/30/513
|
||||
|
||||
Original commit message follows:
|
||||
---
|
||||
PCIe ACS (Access Control Services) is the PCIe 2.0+ feature that
|
||||
allows us to control whether transactions are allowed to be redirected
|
||||
in various subnodes of a PCIe topology. For instance, if two
|
||||
endpoints are below a root port or downsteam switch port, the
|
||||
downstream port may optionally redirect transactions between the
|
||||
devices, bypassing upstream devices. The same can happen internally
|
||||
on multifunction devices. The transaction may never be visible to the
|
||||
upstream devices.
|
||||
|
||||
One upstream device that we particularly care about is the IOMMU. If
|
||||
a redirection occurs in the topology below the IOMMU, then the IOMMU
|
||||
cannot provide isolation between devices. This is why the PCIe spec
|
||||
encourages topologies to include ACS support. Without it, we have to
|
||||
assume peer-to-peer DMA within a hierarchy can bypass IOMMU isolation.
|
||||
|
||||
Unfortunately, far too many topologies do not support ACS to make this
|
||||
a steadfast requirement. Even the latest chipsets from Intel are only
|
||||
sporadically supporting ACS. We have trouble getting interconnect
|
||||
vendors to include the PCIe spec required PCIe capability, let alone
|
||||
suggested features.
|
||||
|
||||
Therefore, we need to add some flexibility. The pcie_acs_override=
|
||||
boot option lets users opt-in specific devices or sets of devices to
|
||||
assume ACS support. The "downstream" option assumes full ACS support
|
||||
on root ports and downstream switch ports. The "multifunction"
|
||||
option assumes the subset of ACS features available on multifunction
|
||||
endpoints and upstream switch ports are supported. The "id:nnnn:nnnn"
|
||||
option enables ACS support on devices matching the provided vendor
|
||||
and device IDs, allowing more strategic ACS overrides. These options
|
||||
may be combined in any order. A maximum of 16 id specific overrides
|
||||
are available. It's suggested to use the most limited set of options
|
||||
necessary to avoid completely disabling ACS across the topology.
|
||||
Note to hardware vendors, we have facilities to permanently quirk
|
||||
specific devices which enforce isolation but not provide an ACS
|
||||
capability. Please contact me to have your devices added and save
|
||||
your customers the hassle of this boot option.
|
||||
---
|
||||
.../admin-guide/kernel-parameters.txt | 8 ++
|
||||
drivers/pci/quirks.c | 102 ++++++++++++++++++
|
||||
2 files changed, 110 insertions(+)
|
||||
|
||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
||||
index 0c404cda531a..0d45f0014f4a 100644
|
||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||
@@ -3408,6 +3408,14 @@
|
||||
nomsi [MSI] If the PCI_MSI kernel config parameter is
|
||||
enabled, this kernel boot option can be used to
|
||||
disable the use of MSI interrupts system-wide.
|
||||
+ pci_acs_override [PCIE] Override missing PCIe ACS support for:
|
||||
+ downstream
|
||||
+ All downstream ports - full ACS capabilities
|
||||
+ multifunction
|
||||
+ Add multifunction devices - multifunction ACS subset
|
||||
+ id:nnnn:nnnn
|
||||
+ Specific device - full ACS capabilities
|
||||
+ Specified as vid:did (vendor/device ID) in hex
|
||||
noioapicquirk [APIC] Disable all boot interrupt quirks.
|
||||
Safety option to keep boot IRQs enabled. This
|
||||
should never be necessary.
|
||||
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
|
||||
index c0673a717239..695d99b390f7 100644
|
||||
--- a/drivers/pci/quirks.c
|
||||
+++ b/drivers/pci/quirks.c
|
||||
@@ -192,6 +192,106 @@ static int __init pci_apply_final_quirks(void)
|
||||
}
|
||||
fs_initcall_sync(pci_apply_final_quirks);
|
||||
|
||||
+static bool acs_on_downstream;
|
||||
+static bool acs_on_multifunction;
|
||||
+
|
||||
+#define NUM_ACS_IDS 16
|
||||
+struct acs_on_id {
|
||||
+ unsigned short vendor;
|
||||
+ unsigned short device;
|
||||
+};
|
||||
+static struct acs_on_id acs_on_ids[NUM_ACS_IDS];
|
||||
+static u8 max_acs_id;
|
||||
+
|
||||
+static __init int pcie_acs_override_setup(char *p)
|
||||
+{
|
||||
+ if (!p)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ while (*p) {
|
||||
+ if (!strncmp(p, "downstream", 10))
|
||||
+ acs_on_downstream = true;
|
||||
+ if (!strncmp(p, "multifunction", 13))
|
||||
+ acs_on_multifunction = true;
|
||||
+ if (!strncmp(p, "id:", 3)) {
|
||||
+ char opt[5];
|
||||
+ int ret;
|
||||
+ long val;
|
||||
+
|
||||
+ if (max_acs_id >= NUM_ACS_IDS - 1) {
|
||||
+ pr_warn("Out of PCIe ACS override slots (%d)\n",
|
||||
+ NUM_ACS_IDS);
|
||||
+ goto next;
|
||||
+ }
|
||||
+
|
||||
+ p += 3;
|
||||
+ snprintf(opt, 5, "%s", p);
|
||||
+ ret = kstrtol(opt, 16, &val);
|
||||
+ if (ret) {
|
||||
+ pr_warn("PCIe ACS ID parse error %d\n", ret);
|
||||
+ goto next;
|
||||
+ }
|
||||
+ acs_on_ids[max_acs_id].vendor = val;
|
||||
+ p += strcspn(p, ":");
|
||||
+ if (*p != ':') {
|
||||
+ pr_warn("PCIe ACS invalid ID\n");
|
||||
+ goto next;
|
||||
+ }
|
||||
+
|
||||
+ p++;
|
||||
+ snprintf(opt, 5, "%s", p);
|
||||
+ ret = kstrtol(opt, 16, &val);
|
||||
+ if (ret) {
|
||||
+ pr_warn("PCIe ACS ID parse error %d\n", ret);
|
||||
+ goto next;
|
||||
+ }
|
||||
+ acs_on_ids[max_acs_id].device = val;
|
||||
+ max_acs_id++;
|
||||
+ }
|
||||
+next:
|
||||
+ p += strcspn(p, ",");
|
||||
+ if (*p == ',')
|
||||
+ p++;
|
||||
+ }
|
||||
+
|
||||
+ if (acs_on_downstream || acs_on_multifunction || max_acs_id)
|
||||
+ pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n");
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+early_param("pcie_acs_override", pcie_acs_override_setup);
|
||||
+
|
||||
+static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags)
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ /* Never override ACS for legacy devices or devices with ACS caps */
|
||||
+ if (!pci_is_pcie(dev) ||
|
||||
+ pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS))
|
||||
+ return -ENOTTY;
|
||||
+
|
||||
+ for (i = 0; i < max_acs_id; i++)
|
||||
+ if (acs_on_ids[i].vendor == dev->vendor &&
|
||||
+ acs_on_ids[i].device == dev->device)
|
||||
+ return 1;
|
||||
+
|
||||
+switch (pci_pcie_type(dev)) {
|
||||
+ case PCI_EXP_TYPE_DOWNSTREAM:
|
||||
+ case PCI_EXP_TYPE_ROOT_PORT:
|
||||
+ if (acs_on_downstream)
|
||||
+ return 1;
|
||||
+ break;
|
||||
+ case PCI_EXP_TYPE_ENDPOINT:
|
||||
+ case PCI_EXP_TYPE_UPSTREAM:
|
||||
+ case PCI_EXP_TYPE_LEG_END:
|
||||
+ case PCI_EXP_TYPE_RC_END:
|
||||
+ if (acs_on_multifunction && dev->multifunction)
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ return -ENOTTY;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Decoding should be disabled for a PCI device during BAR sizing to avoid
|
||||
* conflict. But doing so may cause problems on host bridge and perhaps other
|
||||
@@ -4674,6 +4674,8 @@ static const struct pci_dev_acs_enabled {
|
||||
{ PCI_VENDOR_ID_ZHAOXIN, 0x9083, pci_quirk_mf_endpoint_acs },
|
||||
/* Zhaoxin Root/Downstream Ports */
|
||||
{ PCI_VENDOR_ID_ZHAOXIN, PCI_ANY_ID, pci_quirk_zhaoxin_pcie_ports_acs },
|
||||
+ /* allow acs for any */
|
||||
+ { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
|
||||
{ 0 }
|
||||
};
|
||||
|
||||
--
|
||||
2.20.0
|
||||
|
Loading…
Reference in a new issue