millerson.name
/
gentoo-overlay
1
0
Fork 0
Code Issues Pull Requests Releases Activity

sys-kernel/linux-hardened-sources: bump 5.4 version with Clear Linux patches

pull/1/head
Alexander Miroshnichenko 2020-03-29 09:31:47 +03:00
parent f8ef6c4b2e
commit d4e29560ec
Signed by: alex
GPG Key ID: E93720C6C73A77F4
39 changed files with 54070 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
sys-kernel/linux-hardened-sources/files/5.4/00001_CVE-2019-12379.patch Normal file
View File

@ -0,0 +1,38 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gen Zhang <blackgod016574@gmail.com>
Date: Thu, 23 May 2019 08:34:52 +0800
Subject: [PATCH] consolemap: Fix a memory leaking bug in
drivers/tty/vt/consolemap.c
In function con_insert_unipair(), when allocation for p2 and p1[n]
fails, ENOMEM is returned, but previously allocated p1 is not freed,
remains as leaking memory. Thus we should free p1 as well when this
allocation fails.
Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/vt/consolemap.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
index b28aa0d289f8..79fcc96cc7c0 100644
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -489,7 +489,11 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos)
p2 = p1[n = (unicode >> 6) & 0x1f];
if (!p2) {
p2 = p1[n] = kmalloc_array(64, sizeof(u16), GFP_KERNEL);
- if (!p2) return -ENOMEM;
+ if (!p2) {
+ kfree(p1);
+ p->uni_pgdir[n] = NULL;
+ return -ENOMEM;
+ }
memset(p2, 0xff, 64*sizeof(u16)); /* No glyphs for the characters (yet) */
}
--
https://clearlinux.org

35
sys-kernel/linux-hardened-sources/files/5.4/00004_CVE-2019-19054.patch Normal file
View File

@ -0,0 +1,35 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Navid Emamdoost <navid.emamdoost@gmail.com>
Date: Wed, 25 Sep 2019 12:02:41 -0300
Subject: [PATCH] media: rc: prevent memory leak in cx23888_ir_probe
In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state
should be released.
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
---
drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
index e880afe37f15..d59ca3601785 100644
--- a/drivers/media/pci/cx23885/cx23888-ir.c
+++ b/drivers/media/pci/cx23885/cx23888-ir.c
@@ -1167,8 +1167,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
return -ENOMEM;
spin_lock_init(&state->rx_kfifo_lock);
- if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
+ if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
+ GFP_KERNEL)) {
+ kfree(state);
return -ENOMEM;
+ }
state->dev = dev;
sd = &state->sd;
--
https://clearlinux.org

88
sys-kernel/linux-hardened-sources/files/5.4/000052_0052-drm-i915-save-AUD_FREQ_CNTRL-state-at-audio-domain-s.patch Normal file
View File

@ -0,0 +1,88 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Date: Fri, 20 Sep 2019 11:39:18 +0300
Subject: [PATCH] drm/i915: save AUD_FREQ_CNTRL state at audio domain suspend
commit 87c1694533c947bf950251df3da04a32a05ede64 upstream
When audio power domain is suspended, the display driver must
save state of AUD_FREQ_CNTRL on Tiger Lake and Ice Lake
systems. The initial value of the register is set by BIOS and
is read by driver during the audio component init sequence.
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: Imre Deak <imre.deak@intel.com>
Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190920083918.27057-1-kai.vehmanen@linux.intel.com
---
drivers/gpu/drm/i915/display/intel_audio.c | 17 +++++++++++++++--
drivers/gpu/drm/i915/i915_drv.h | 1 +
drivers/gpu/drm/i915/i915_reg.h | 2 ++
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/display/intel_audio.c b/drivers/gpu/drm/i915/display/intel_audio.c
index aac089c79ceb..54638d99e021 100644
--- a/drivers/gpu/drm/i915/display/intel_audio.c
+++ b/drivers/gpu/drm/i915/display/intel_audio.c
@@ -852,10 +852,17 @@ static unsigned long i915_audio_component_get_power(struct device *kdev)
ret = intel_display_power_get(dev_priv, POWER_DOMAIN_AUDIO);
- /* Force CDCLK to 2*BCLK as long as we need audio to be powered. */
- if (dev_priv->audio_power_refcount++ == 0)
+ if (dev_priv->audio_power_refcount++ == 0) {
+ if (IS_TIGERLAKE(dev_priv) || IS_ICELAKE(dev_priv)) {
+ I915_WRITE(AUD_FREQ_CNTRL, dev_priv->audio_freq_cntrl);
+ DRM_DEBUG_KMS("restored AUD_FREQ_CNTRL to 0x%x\n",
+ dev_priv->audio_freq_cntrl);
+ }
+
+ /* Force CDCLK to 2*BCLK as long as we need audio powered. */
if (IS_CANNONLAKE(dev_priv) || IS_GEMINILAKE(dev_priv))
glk_force_audio_cdclk(dev_priv, true);
+ }
return ret;
}
@@ -1116,6 +1123,12 @@ static void i915_audio_component_init(struct drm_i915_private *dev_priv)
return;
}
+ if (IS_TIGERLAKE(dev_priv) || IS_ICELAKE(dev_priv)) {
+ dev_priv->audio_freq_cntrl = I915_READ(AUD_FREQ_CNTRL);
+ DRM_DEBUG_KMS("init value of AUD_FREQ_CNTRL of 0x%x\n",
+ dev_priv->audio_freq_cntrl);
+ }
+
dev_priv->audio_component_registered = true;
}
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
index 07f1e89a55ca..fcf7423075ef 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -1541,6 +1541,7 @@ struct drm_i915_private {
*/
struct mutex av_mutex;
int audio_power_refcount;
+ u32 audio_freq_cntrl;
struct {
struct mutex mutex;
diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h
index 8649a3028963..6ecb64c042ef 100644
--- a/drivers/gpu/drm/i915/i915_reg.h
+++ b/drivers/gpu/drm/i915/i915_reg.h
@@ -9127,6 +9127,8 @@ enum {
#define HSW_AUD_CHICKENBIT _MMIO(0x65f10)
#define SKL_AUD_CODEC_WAKE_SIGNAL (1 << 15)
+#define AUD_FREQ_CNTRL _MMIO(0x65900)
+
/*
* HSW - ICL power wells
*
--
https://clearlinux.org

58
sys-kernel/linux-hardened-sources/files/5.4/000053_0053-drm-i915-Fix-audio-power-up-sequence-for-gen10-displ.patch Normal file
View File

@ -0,0 +1,58 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Date: Thu, 3 Oct 2019 11:55:30 +0300
Subject: [PATCH] drm/i915: Fix audio power up sequence for gen10+ display
commit 1580d3cdddbba4a5ef78a04a5289e32844e6af24 upstream
On platfroms with gen10+ display, driver must set the enable bit of
AUDIO_PIN_BUF_CTL register before transactions with the HDA controller
can proceed. Add setting this bit to the audio power up sequence.
Failing to do this resulted in errors during display audio codec probe,
and failures during resume from suspend.
Note: We may also need to disable the bit afterwards, but there are
still unresolved issues with that.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=111214
Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191003085531.30990-1-kai.vehmanen@linux.intel.com
---
drivers/gpu/drm/i915/display/intel_audio.c | 5 +++++
drivers/gpu/drm/i915/i915_reg.h | 2 ++
2 files changed, 7 insertions(+)
diff --git a/drivers/gpu/drm/i915/display/intel_audio.c b/drivers/gpu/drm/i915/display/intel_audio.c
index 54638d99e021..e93776710abc 100644
--- a/drivers/gpu/drm/i915/display/intel_audio.c
+++ b/drivers/gpu/drm/i915/display/intel_audio.c
@@ -862,6 +862,11 @@ static unsigned long i915_audio_component_get_power(struct device *kdev)
/* Force CDCLK to 2*BCLK as long as we need audio powered. */
if (IS_CANNONLAKE(dev_priv) || IS_GEMINILAKE(dev_priv))
glk_force_audio_cdclk(dev_priv, true);
+
+ if (INTEL_GEN(dev_priv) >= 10 || IS_GEMINILAKE(dev_priv))
+ I915_WRITE(AUD_PIN_BUF_CTL,
+ (I915_READ(AUD_PIN_BUF_CTL) |
+ AUD_PIN_BUF_ENABLE));
}
return ret;
diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h
index eefd789b9a28..813ddea3f9f1 100644
--- a/drivers/gpu/drm/i915/i915_reg.h
+++ b/drivers/gpu/drm/i915/i915_reg.h
@@ -9133,6 +9133,8 @@ enum {
#define SKL_AUD_CODEC_WAKE_SIGNAL (1 << 15)
#define AUD_FREQ_CNTRL _MMIO(0x65900)
+#define AUD_PIN_BUF_CTL _MMIO(0x48414)
+#define AUD_PIN_BUF_ENABLE REG_BIT(31)
/*
* HSW - ICL power wells
--
https://clearlinux.org

43
sys-kernel/linux-hardened-sources/files/5.4/000054_0054-drm-i915-extend-audio-CDCLK-2-BCLK-constraint-to-mor.patch Normal file
View File

@ -0,0 +1,43 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Date: Thu, 3 Oct 2019 11:55:31 +0300
Subject: [PATCH] drm/i915: extend audio CDCLK>=2*BCLK constraint to more
platforms
commit f6ec9483091f8e67adab0311a4e2f90aab523310 upstream
The CDCLK>=2*BCLK constraint applies to all generations since gen10.
Extend the constraint logic in audio get/put_power().
Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191003085531.30990-2-kai.vehmanen@linux.intel.com
---
drivers/gpu/drm/i915/display/intel_audio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/display/intel_audio.c b/drivers/gpu/drm/i915/display/intel_audio.c
index e93776710abc..ed18511befa3 100644
--- a/drivers/gpu/drm/i915/display/intel_audio.c
+++ b/drivers/gpu/drm/i915/display/intel_audio.c
@@ -860,7 +860,7 @@ static unsigned long i915_audio_component_get_power(struct device *kdev)
}
/* Force CDCLK to 2*BCLK as long as we need audio powered. */
- if (IS_CANNONLAKE(dev_priv) || IS_GEMINILAKE(dev_priv))
+ if (INTEL_GEN(dev_priv) >= 10 || IS_GEMINILAKE(dev_priv))
glk_force_audio_cdclk(dev_priv, true);
if (INTEL_GEN(dev_priv) >= 10 || IS_GEMINILAKE(dev_priv))
@@ -879,7 +879,7 @@ static void i915_audio_component_put_power(struct device *kdev,
/* Stop forcing CDCLK to 2*BCLK if no need for audio to be powered. */
if (--dev_priv->audio_power_refcount == 0)
- if (IS_CANNONLAKE(dev_priv) || IS_GEMINILAKE(dev_priv))
+ if (INTEL_GEN(dev_priv) >= 10 || IS_GEMINILAKE(dev_priv))
glk_force_audio_cdclk(dev_priv, false);
intel_display_power_put(dev_priv, POWER_DOMAIN_AUDIO, cookie);
--
https://clearlinux.org

65
sys-kernel/linux-hardened-sources/files/5.4/000101_0101-i8042-decrease-debug-message-level-to-info.patch Normal file
View File

@ -0,0 +1,65 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Tue, 23 Jun 2015 01:26:52 -0500
Subject: [PATCH] i8042: decrease debug message level to info
Author: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
Signed-off-by: Jose Carlos Venegas Munoz <jos.c.venegas.munoz@intel.com>
---
drivers/input/serio/i8042.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
index 20ff2bed3917..9716c549a76b 100644
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -611,7 +611,7 @@ static int i8042_enable_kbd_port(void)
if (i8042_command(&i8042_ctr, I8042_CMD_CTL_WCTR)) {
i8042_ctr &= ~I8042_CTR_KBDINT;
i8042_ctr |= I8042_CTR_KBDDIS;
- pr_err("Failed to enable KBD port\n");
+ pr_info("Failed to enable KBD port\n");
return -EIO;
}
@@ -630,7 +630,7 @@ static int i8042_enable_aux_port(void)
if (i8042_command(&i8042_ctr, I8042_CMD_CTL_WCTR)) {
i8042_ctr &= ~I8042_CTR_AUXINT;
i8042_ctr |= I8042_CTR_AUXDIS;
- pr_err("Failed to enable AUX port\n");
+ pr_info("Failed to enable AUX port\n");
return -EIO;
}
@@ -722,7 +722,7 @@ static int __init i8042_check_mux(void)
i8042_ctr &= ~I8042_CTR_AUXINT;
if (i8042_command(&i8042_ctr, I8042_CMD_CTL_WCTR)) {
- pr_err("Failed to disable AUX port, can't use MUX\n");
+ pr_info("Failed to disable AUX port, can't use MUX\n");
return -EIO;
}
@@ -945,7 +945,7 @@ static int i8042_controller_selftest(void)
do {
if (i8042_command(&param, I8042_CMD_CTL_TEST)) {
- pr_err("i8042 controller selftest timeout\n");
+ pr_info("i8042 controller selftest timeout\n");
return -ENODEV;
}
@@ -967,7 +967,7 @@ static int i8042_controller_selftest(void)
pr_info("giving up on controller selftest, continuing anyway...\n");
return 0;
#else
- pr_err("i8042 controller selftest failed\n");
+ pr_info("i8042 controller selftest failed\n");
return -EIO;
#endif
}
--
https://clearlinux.org

35
sys-kernel/linux-hardened-sources/files/5.4/000102_0102-Increase-the-ext4-default-commit-age.patch Normal file
View File

@ -0,0 +1,35 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Mon, 11 Jan 2016 10:01:44 -0600
Subject: [PATCH] Increase the ext4 default commit age
Both the VM and EXT4 have a "commit to disk after X seconds" time.
Currently the EXT4 time is shorter than our VM time, which is a bit
suboptional,
it's better for performance to let the VM do the writeouts in bulk
rather than something deep in the journalling layer.
(DISTRO TWEAK -- NOT FOR UPSTREAM)
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
---
include/linux/jbd2.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h
index 603fbc4e2f70..339e22bd75d3 100644
--- a/include/linux/jbd2.h
+++ b/include/linux/jbd2.h
@@ -44,7 +44,7 @@
/*
* The default maximum commit age, in seconds.
*/
-#define JBD2_DEFAULT_MAX_COMMIT_AGE 5
+#define JBD2_DEFAULT_MAX_COMMIT_AGE 30
#ifdef CONFIG_JBD2_DEBUG
/*
--
https://clearlinux.org

25
sys-kernel/linux-hardened-sources/files/5.4/000103_0103-silence-rapl.patch Normal file
View File

@ -0,0 +1,25 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Mon, 14 Mar 2016 11:22:09 -0600
Subject: [PATCH] silence rapl
---
drivers/powercap/intel_rapl_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c
index 94ddd7d659c8..8c5a87f5f966 100644
--- a/drivers/powercap/intel_rapl_common.c
+++ b/drivers/powercap/intel_rapl_common.c
@@ -1419,7 +1419,7 @@ static int __init rapl_init(void)
id = x86_match_cpu(rapl_ids);
if (!id) {
- pr_err("driver does not support CPU family %d model %d\n",
+ pr_info("driver does not support CPU family %d model %d\n",
boot_cpu_data.x86, boot_cpu_data.x86_model);
return -ENODEV;
--
https://clearlinux.org

27
sys-kernel/linux-hardened-sources/files/5.4/000104_0104-pci-pme-wakeups.patch Normal file
View File

@ -0,0 +1,27 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Mon, 14 Mar 2016 11:10:58 -0600
Subject: [PATCH] pci pme wakeups
Reduce wakeups for PME checks, which are a workaround for miswired
boards (sadly, too many of them) in laptops.
---
drivers/pci/pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index a97e2571a527..772e8935aa60 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -61,7 +61,7 @@ struct pci_pme_device {
struct pci_dev *dev;
};
-#define PME_TIMEOUT 1000 /* How long between PME checks */
+#define PME_TIMEOUT 4000 /* How long between PME checks */
static void pci_dev_d3_sleep(struct pci_dev *dev)
{
--
https://clearlinux.org

52
sys-kernel/linux-hardened-sources/files/5.4/000105_0105-ksm-wakeups.patch Normal file
View File

@ -0,0 +1,52 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Mon, 6 May 2019 12:57:09 -0500
Subject: [PATCH] ksm-wakeups
reduce wakeups in ksm by adding rounding (aligning) when
the sleep times are 1 second or longer
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
---
kernel/watchdog.c | 2 +-
mm/ksm.c | 11 ++++++++---
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
index f41334ef0971..eb49c42f215b 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -41,7 +41,7 @@ unsigned long __read_mostly watchdog_enabled;
int __read_mostly watchdog_user_enabled = 1;
int __read_mostly nmi_watchdog_user_enabled = NMI_WATCHDOG_DEFAULT;
int __read_mostly soft_watchdog_user_enabled = 1;
-int __read_mostly watchdog_thresh = 10;
+int __read_mostly watchdog_thresh = 40;
static int __read_mostly nmi_watchdog_available;
static struct cpumask watchdog_allowed_mask __read_mostly;
diff --git a/mm/ksm.c b/mm/ksm.c
index 7905934cd3ad..9ea848346a0b 100644
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -2414,9 +2414,14 @@ static int ksm_scan_thread(void *nothing)
if (ksmd_should_run()) {
sleep_ms = READ_ONCE(ksm_thread_sleep_millisecs);
- wait_event_interruptible_timeout(ksm_iter_wait,
- sleep_ms != READ_ONCE(ksm_thread_sleep_millisecs),
- msecs_to_jiffies(sleep_ms));
+ if (sleep_ms >= 1000)
+ wait_event_interruptible_timeout(ksm_iter_wait,
+ sleep_ms != READ_ONCE(ksm_thread_sleep_millisecs),
+ msecs_to_jiffies(round_jiffies_relative(sleep_ms)));
+ else
+ wait_event_interruptible_timeout(ksm_iter_wait,
+ sleep_ms != READ_ONCE(ksm_thread_sleep_millisecs),
+ msecs_to_jiffies(sleep_ms));
} else {
wait_event_freezable(ksm_thread_wait,
ksmd_should_run() || kthread_should_stop());
--
https://clearlinux.org

220
sys-kernel/linux-hardened-sources/files/5.4/000106_0106-intel_idle-tweak-cpuidle-cstates.patch Normal file
View File

@ -0,0 +1,220 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Sat, 19 Mar 2016 21:32:19 -0400
Subject: [PATCH] intel_idle: tweak cpuidle cstates
Increase target_residency in cpuidle cstate
Tune intel_idle to be a bit less agressive;
Clear linux is cleaner in hygiene (wakupes) than the average linux,
so we can afford changing these in a way that increases
performance while keeping power efficiency
---
drivers/idle/intel_idle.c | 44 +++++++++++++++++++--------------------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c
index 347b08b56042..31772dd98192 100644
--- a/drivers/idle/intel_idle.c
+++ b/drivers/idle/intel_idle.c
@@ -454,7 +454,7 @@ static struct cpuidle_state hsw_cstates[] = {
.desc = "MWAIT 0x01",
.flags = MWAIT2flg(0x01),
.exit_latency = 10,
- .target_residency = 20,
+ .target_residency = 120,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -462,7 +462,7 @@ static struct cpuidle_state hsw_cstates[] = {
.desc = "MWAIT 0x10",
.flags = MWAIT2flg(0x10) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 33,
- .target_residency = 100,
+ .target_residency = 900,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -470,7 +470,7 @@ static struct cpuidle_state hsw_cstates[] = {
.desc = "MWAIT 0x20",
.flags = MWAIT2flg(0x20) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 133,
- .target_residency = 400,
+ .target_residency = 1000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -478,7 +478,7 @@ static struct cpuidle_state hsw_cstates[] = {
.desc = "MWAIT 0x32",
.flags = MWAIT2flg(0x32) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 166,
- .target_residency = 500,
+ .target_residency = 1500,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -486,7 +486,7 @@ static struct cpuidle_state hsw_cstates[] = {
.desc = "MWAIT 0x40",
.flags = MWAIT2flg(0x40) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 300,
- .target_residency = 900,
+ .target_residency = 2000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -494,7 +494,7 @@ static struct cpuidle_state hsw_cstates[] = {
.desc = "MWAIT 0x50",
.flags = MWAIT2flg(0x50) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 600,
- .target_residency = 1800,
+ .target_residency = 5000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -502,7 +502,7 @@ static struct cpuidle_state hsw_cstates[] = {
.desc = "MWAIT 0x60",
.flags = MWAIT2flg(0x60) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 2600,
- .target_residency = 7700,
+ .target_residency = 9000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -522,7 +522,7 @@ static struct cpuidle_state bdw_cstates[] = {
.desc = "MWAIT 0x01",
.flags = MWAIT2flg(0x01),
.exit_latency = 10,
- .target_residency = 20,
+ .target_residency = 120,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -530,7 +530,7 @@ static struct cpuidle_state bdw_cstates[] = {
.desc = "MWAIT 0x10",
.flags = MWAIT2flg(0x10) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 40,
- .target_residency = 100,
+ .target_residency = 1000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -538,7 +538,7 @@ static struct cpuidle_state bdw_cstates[] = {
.desc = "MWAIT 0x20",
.flags = MWAIT2flg(0x20) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 133,
- .target_residency = 400,
+ .target_residency = 1000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -546,7 +546,7 @@ static struct cpuidle_state bdw_cstates[] = {
.desc = "MWAIT 0x32",
.flags = MWAIT2flg(0x32) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 166,
- .target_residency = 500,
+ .target_residency = 2000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -554,7 +554,7 @@ static struct cpuidle_state bdw_cstates[] = {
.desc = "MWAIT 0x40",
.flags = MWAIT2flg(0x40) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 300,
- .target_residency = 900,
+ .target_residency = 4000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -562,7 +562,7 @@ static struct cpuidle_state bdw_cstates[] = {
.desc = "MWAIT 0x50",
.flags = MWAIT2flg(0x50) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 600,
- .target_residency = 1800,
+ .target_residency = 7000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -570,7 +570,7 @@ static struct cpuidle_state bdw_cstates[] = {
.desc = "MWAIT 0x60",
.flags = MWAIT2flg(0x60) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 2600,
- .target_residency = 7700,
+ .target_residency = 9000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -591,7 +591,7 @@ static struct cpuidle_state skl_cstates[] = {
.desc = "MWAIT 0x01",
.flags = MWAIT2flg(0x01),
.exit_latency = 10,
- .target_residency = 20,
+ .target_residency = 120,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -599,7 +599,7 @@ static struct cpuidle_state skl_cstates[] = {
.desc = "MWAIT 0x10",
.flags = MWAIT2flg(0x10) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 70,
- .target_residency = 100,
+ .target_residency = 1000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -607,7 +607,7 @@ static struct cpuidle_state skl_cstates[] = {
.desc = "MWAIT 0x20",
.flags = MWAIT2flg(0x20) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 85,
- .target_residency = 200,
+ .target_residency = 600,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -615,7 +615,7 @@ static struct cpuidle_state skl_cstates[] = {
.desc = "MWAIT 0x33",
.flags = MWAIT2flg(0x33) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 124,
- .target_residency = 800,
+ .target_residency = 3000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -623,7 +623,7 @@ static struct cpuidle_state skl_cstates[] = {
.desc = "MWAIT 0x40",
.flags = MWAIT2flg(0x40) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 200,
- .target_residency = 800,
+ .target_residency = 3200,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -631,7 +631,7 @@ static struct cpuidle_state skl_cstates[] = {
.desc = "MWAIT 0x50",
.flags = MWAIT2flg(0x50) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 480,
- .target_residency = 5000,
+ .target_residency = 9000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -639,7 +639,7 @@ static struct cpuidle_state skl_cstates[] = {
.desc = "MWAIT 0x60",
.flags = MWAIT2flg(0x60) | CPUIDLE_FLAG_TLB_FLUSHED,
.exit_latency = 890,
- .target_residency = 5000,
+ .target_residency = 9000,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
@@ -660,7 +660,7 @@ static struct cpuidle_state skx_cstates[] = {
.desc = "MWAIT 0x01",
.flags = MWAIT2flg(0x01),
.exit_latency = 10,
- .target_residency = 20,
+ .target_residency = 300,
.enter = &intel_idle,
.enter_s2idle = intel_idle_s2idle, },
{
--
https://clearlinux.org

31
sys-kernel/linux-hardened-sources/files/5.4/000107_0107-bootstats-add-printk-s-to-measure-boot-time-in-more-.patch Normal file
View File

@ -0,0 +1,31 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Wed, 11 Feb 2015 16:05:23 -0600
Subject: [PATCH] bootstats: add printk's to measure boot time in more detail
Few distro-tweaks to add printk's to visualize boot time better
Author: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
---
arch/x86/kernel/alternative.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 9d3a971ea364..49c56443759c 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -720,7 +720,9 @@ void __init alternative_instructions(void)
* patching.
*/
+ printk("clr: Applying alternatives\n");
apply_alternatives(__alt_instructions, __alt_instructions_end);
+ printk("clr: Applying alternatives done\n");
#ifdef CONFIG_SMP
/* Patch to UP if other cpus not imminent. */
--
https://clearlinux.org

28
sys-kernel/linux-hardened-sources/files/5.4/000108_0108-smpboot-reuse-timer-calibration.patch Normal file
View File

@ -0,0 +1,28 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Wed, 11 Feb 2015 17:28:14 -0600
Subject: [PATCH] smpboot: reuse timer calibration
NO point recalibrating for known-constant tsc ...
saves 200ms+ of boot time.
---
arch/x86/kernel/tsc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 7e322e2daaf5..bb2c9b5eed71 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -1528,6 +1528,9 @@ unsigned long calibrate_delay_is_known(void)
if (!constant_tsc || !mask)
return 0;
+ if (cpu != 0)
+ return cpu_data(0).loops_per_jiffy;
+
sibling = cpumask_any_but(mask, cpu);
if (sibling < nr_cpu_ids)
return cpu_data(sibling).loops_per_jiffy;
--
https://clearlinux.org

156
sys-kernel/linux-hardened-sources/files/5.4/000109_0109-raid6-add-Kconfig-option-to-skip-raid6-benchmarking.patch Normal file
View File

@ -0,0 +1,156 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jim Kukunas <james.t.kukunas@linux.intel.com>
Date: Fri, 27 May 2016 09:26:51 -0400
Subject: [PATCH] raid6: add Kconfig option to skip raid6 benchmarking
Adds CONFIG_RAID6_FORCE_ALGO, which causes the kernel to not benchmark
each raid recovery and syndrome generation algorithm, and instead use
the version selected via Kconfig (CONFIG_RAID6_FORCE_{INT,SSSE3,AVX2}).
In the case, the selected algorithm is not supported by the processor at
runtime, a fallback is used.
Signed-off-by: Jim Kukunas <james.t.kukunas@linux.intel.com>
---
lib/Kconfig | 3 +--
lib/raid6/Kconfig | 38 +++++++++++++++++++++++++++++++
lib/raid6/algos.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 97 insertions(+), 2 deletions(-)
create mode 100644 lib/raid6/Kconfig
diff --git a/lib/Kconfig b/lib/Kconfig
index 3321d04dfa5a..e4343fa05964 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -8,8 +8,7 @@ config BINARY_PRINTF
menu "Library routines"
-config RAID6_PQ
- tristate
+source "lib/raid6/Kconfig"
config RAID6_PQ_BENCHMARK
bool "Automatically choose fastest RAID6 PQ functions"
diff --git a/lib/raid6/Kconfig b/lib/raid6/Kconfig
new file mode 100644
index 000000000000..d881d6be89bb
--- /dev/null
+++ b/lib/raid6/Kconfig
@@ -0,0 +1,38 @@
+menu "RAID 6"
+
+config RAID6_PQ
+ tristate
+
+config RAID6_FORCE_ALGO
+ bool "Always use specified recovery algorithm"
+ default n
+ depends on RAID6_PQ
+ help
+ If this option is not set, on every boot the kernel will
+ benchmark each optimized version of the RAID6 recovery and
+ syndrome generation algorithms and will select the one that
+ performs best. Microbenchmarking each version negatively
+ affects boot time.
+
+ Enabling this option skips the benchmark at boot, and
+ instead always uses the algorithm selected. The only exception
+ is if the selected algorithm relies on a cpu feature not
+ supported at runtime. In this case, one of the lower performance
+ fallbacks are used.
+
+choice
+ prompt "RAID6 Recovery Algorithm"
+ default RAID6_FORCE_INT
+ depends on RAID6_FORCE_ALGO
+ ---help---
+ Select the RAID6 recovery algorithm to unconditionally use
+
+ config RAID6_FORCE_INT
+ bool "Reference Implementation"
+ config RAID6_FORCE_SSSE3
+ bool "SSSE3"
+ config RAID6_FORCE_AVX2
+ bool "AVX2"
+endchoice
+
+endmenu
diff --git a/lib/raid6/algos.c b/lib/raid6/algos.c
index 17417eee0866..8af3d7c737c1 100644
--- a/lib/raid6/algos.c
+++ b/lib/raid6/algos.c
@@ -124,6 +124,63 @@ const struct raid6_recov_calls *const raid6_recov_algos[] = {
#define time_before(x, y) ((x) < (y))
#endif
+#ifdef CONFIG_RAID6_FORCE_ALGO
+/* TODO don't compile in algos that will never be used */
+int __init raid6_select_algo(void)
+{
+ const struct raid6_recov_calls *recov_fallback = &raid6_recov_intx1;
+ const struct raid6_recov_calls *recov_algo;
+ const struct raid6_calls *gen_fallback;
+ const struct raid6_calls *gen_algo;
+
+#if defined(__i386__)
+ gen_fallback = &raid6_intx32;
+#elif defined(__x86_64__)
+ gen_fallback = &raid6_sse2x2;
+#else
+# error "TODO"
+#endif
+
+#if defined(CONFIG_RAID6_FORCE_INT)
+ recov_algo = &raid6_recov_intx1;
+ gen_algo = &raid6_intx32;
+
+#elif defined(CONFIG_RAID6_FORCE_SSSE3)
+ recov_algo = &raid6_recov_ssse3;
+#if defined(__i386__)
+ gen_algo = &raid6_sse2x2;
+#else
+ gen_algo = &raid6_sse2x4;
+#endif
+
+#elif defined(CONFIG_RAID6_FORCE_AVX2)
+ recov_algo = &raid6_recov_avx2;
+
+#if defined(__i386__)
+ gen_algo = &raid6_avx2x2;
+#else
+ gen_algo = &raid6_avx2x4;
+#endif
+
+#else
+#error "RAID6 Forced Recov Algo: Unsupported selection"
+#endif
+
+ if (recov_algo->valid != NULL && recov_algo->valid() == 0)
+ recov_algo = recov_fallback;
+
+ pr_info("raid6: Forced to use recovery algorithm %s\n", recov_algo->name);
+
+ raid6_2data_recov = recov_algo->data2;
+ raid6_datap_recov = recov_algo->datap;
+
+ pr_info("raid6: Forced gen() algo %s\n", gen_algo->name);
+
+ raid6_call = *gen_algo;
+
+ return gen_algo && recov_algo ? 0 : -EINVAL;
+}
+#else
static inline const struct raid6_recov_calls *raid6_choose_recov(void)
{
const struct raid6_recov_calls *const *algo;
@@ -260,6 +317,7 @@ int __init raid6_select_algo(void)
return gen_best && rec_best ? 0 : -EINVAL;
}
+#endif
static void raid6_exit(void)
{
--
https://clearlinux.org

50
sys-kernel/linux-hardened-sources/files/5.4/000110_0110-Initialize-ata-before-graphics.patch Normal file
View File

@ -0,0 +1,50 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Thu, 2 Jun 2016 23:36:32 -0500
Subject: [PATCH] Initialize ata before graphics
ATA init is the long pole in the boot process, and its asynchronous.
move the graphics init after it so that ata and graphics initialize
in parallel
---
drivers/Makefile | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/Makefile b/drivers/Makefile
index aaef17cc6512..d08f3a394929 100644
--- a/drivers/Makefile
+++ b/drivers/Makefile
@@ -58,15 +58,8 @@ obj-y += char/
# iommu/ comes before gpu as gpu are using iommu controllers
obj-y += iommu/
-# gpu/ comes after char for AGP vs DRM startup and after iommu
-obj-y += gpu/
-
obj-$(CONFIG_CONNECTOR) += connector/
-# i810fb and intelfb depend on char/agp/
-obj-$(CONFIG_FB_I810) += video/fbdev/i810/
-obj-$(CONFIG_FB_INTEL) += video/fbdev/intelfb/
-
obj-$(CONFIG_PARPORT) += parport/
obj-$(CONFIG_NVM) += lightnvm/
obj-y += base/ block/ misc/ mfd/ nfc/
@@ -79,6 +72,14 @@ obj-$(CONFIG_IDE) += ide/
obj-y += scsi/
obj-y += nvme/
obj-$(CONFIG_ATA) += ata/
+
+# gpu/ comes after char for AGP vs DRM startup and after iommu
+obj-y += gpu/
+
+# i810fb and intelfb depend on char/agp/
+obj-$(CONFIG_FB_I810) += video/fbdev/i810/
+obj-$(CONFIG_FB_INTEL) += video/fbdev/intelfb/
+
obj-$(CONFIG_TARGET_CORE) += target/
obj-$(CONFIG_MTD) += mtd/
obj-$(CONFIG_SPI) += spi/
--
https://clearlinux.org

30
sys-kernel/linux-hardened-sources/files/5.4/000111_0111-give-rdrand-some-credit.patch Normal file
View File

@ -0,0 +1,30 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Fri, 29 Jul 2016 19:10:52 +0000
Subject: [PATCH] give rdrand some credit
try to credit rdrand/rdseed with some entropy
In VMs but even modern hardware, we're super starved for entropy, and while we can
and do wear a tin foil hat, it's very hard to argue that
rdrand and rdtsc add zero entropy.
---
drivers/char/random.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 01b8868b9bed..8544472650ea 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1937,6 +1937,8 @@ static void __init init_std_data(struct entropy_store *r)
if (!arch_get_random_seed_long(&rv) &&
!arch_get_random_long(&rv))
rv = random_get_entropy();
+ else
+ credit_entropy_bits(r, 1);
mix_pool_bytes(r, &rv, sizeof(rv));
}
mix_pool_bytes(r, utsname(), sizeof(*(utsname())));
--
https://clearlinux.org

28
sys-kernel/linux-hardened-sources/files/5.4/000112_0112-ipv4-tcp-allow-the-memory-tuning-for-tcp-to-go-a-lit.patch Normal file
View File

@ -0,0 +1,28 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Fri, 6 Jan 2017 15:34:09 +0000
Subject: [PATCH] ipv4/tcp: allow the memory tuning for tcp to go a little
bigger than default
---
net/ipv4/tcp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index d8876f0e9672..bbd15a66bf6e 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4001,8 +4001,8 @@ void __init tcp_init(void)
tcp_init_mem();
/* Set per-socket limits to no more than 1/128 the pressure threshold */
limit = nr_free_buffer_pages() << (PAGE_SHIFT - 7);
- max_wshare = min(4UL*1024*1024, limit);
- max_rshare = min(6UL*1024*1024, limit);
+ max_wshare = min(16UL*1024*1024, limit);
+ max_rshare = min(16UL*1024*1024, limit);
init_net.ipv4.sysctl_tcp_wmem[0] = SK_MEM_QUANTUM;
init_net.ipv4.sysctl_tcp_wmem[1] = 16*1024;
--
https://clearlinux.org

25
sys-kernel/linux-hardened-sources/files/5.4/000113_0113-kernel-time-reduce-ntp-wakeups.patch Normal file
View File

@ -0,0 +1,25 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Sat, 29 Apr 2017 22:24:34 +0000
Subject: [PATCH] kernel: time: reduce ntp wakeups
---
kernel/time/ntp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 069ca78fb0bf..22d82f21fc2e 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -513,7 +513,7 @@ static void sched_sync_hw_clock(struct timespec64 now,
* the algorithm is very likely to require a short-sleep retry
* after the above long sleep to synchronize ts_nsec.
*/
- next.tv_sec = 0;
+ next.tv_sec = 10;
}
/* Compute the needed delay that will get to tv_nsec == target_nsec */
--
https://clearlinux.org

52
sys-kernel/linux-hardened-sources/files/5.4/000114_0114-init-wait-for-partition-and-retry-scan.patch Normal file
View File

@ -0,0 +1,52 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Wed, 17 May 2017 01:52:11 +0000
Subject: [PATCH] init: wait for partition and retry scan
As Clear Linux boots fast the device is not ready when
the mounting code is reached, so a retry device scan will
be performed every 0.5 sec for at least 40 sec
and synchronize the async task.
Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
---
init/do_mounts.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/init/do_mounts.c b/init/do_mounts.c
index 9634ecf3743d..7f7d64621a2a 100644
--- a/init/do_mounts.c
+++ b/init/do_mounts.c
@@ -225,11 +225,19 @@ dev_t name_to_dev_t(const char *name)
char *p;
dev_t res = 0;
int part;
+ /* we will wait at least 40 sec */
+ int needtowait = 40<<1;
#ifdef CONFIG_BLOCK
if (strncmp(name, "PARTUUID=", 9) == 0) {
name += 9;
res = devt_from_partuuid(name);
+ while (!res && needtowait) {
+ /* waiting 0.5 sec */
+ msleep(500);
+ res = devt_from_partuuid(name);
+ needtowait--;
+ }
if (!res)
goto fail;
goto done;
@@ -585,7 +593,9 @@ void __init prepare_namespace(void)
* For example, it is not atypical to wait 5 seconds here
* for the touchpad of a laptop to initialize.
*/
+ async_synchronize_full();
wait_for_device_probe();
+ async_synchronize_full();
md_run_setup();
--
https://clearlinux.org

52
sys-kernel/linux-hardened-sources/files/5.4/000115_0115-print-fsync-count-for-bootchart.patch Normal file
View File

@ -0,0 +1,52 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Tue, 20 Jun 2017 20:19:08 +0000
Subject: [PATCH] print fsync count for bootchart
---
block/blk-core.c | 3 +++
include/linux/sched.h | 1 +
kernel/sched/debug.c | 1 +
3 files changed, 5 insertions(+)
diff --git a/block/blk-core.c b/block/blk-core.c
index d5e668ec751b..be554fee0584 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -1168,6 +1168,9 @@ blk_qc_t submit_bio(struct bio *bio)
count_vm_events(PGPGIN, count);
}
+ if (bio->bi_opf & REQ_PREFLUSH)
+ current->fsync_count++;
+
if (unlikely(block_dump)) {
char b[BDEVNAME_SIZE];
printk(KERN_DEBUG "%s(%d): %s block %Lu on %s (%u sectors)\n",
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 775503573ed7..08eb6063db49 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -881,6 +881,7 @@ struct task_struct {
/* Cached requested key. */
struct key *cached_requested_key;
#endif
+ int fsync_count;
/*
* executable name, excluding path.
diff --git a/kernel/sched/debug.c b/kernel/sched/debug.c
index f7e4579e746c..2e4e887349ff 100644
--- a/kernel/sched/debug.c
+++ b/kernel/sched/debug.c
@@ -879,6 +879,7 @@ void proc_sched_show_task(struct task_struct *p, struct pid_namespace *ns,
PN(se.exec_start);
PN(se.vruntime);
PN(se.sum_exec_runtime);
+ P(fsync_count);
nr_switches = p->nvcsw + p->nivcsw;
--
https://clearlinux.org

71
sys-kernel/linux-hardened-sources/files/5.4/000116_0116-Add-boot-option-to-allow-unsigned-modules.patch Normal file
View File

@ -0,0 +1,71 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Brett T. Warden" <brett.t.warden@intel.com>
Date: Mon, 13 Aug 2018 04:01:21 -0500
Subject: [PATCH] Add boot option to allow unsigned modules
Add module.sig_unenforce boot parameter to allow loading unsigned kernel
modules. Parameter is only effective if CONFIG_MODULE_SIG_FORCE is
enabled and system is *not* SecureBooted.
Signed-off-by: Brett T. Warden <brett.t.warden@intel.com>
Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
---
kernel/module.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/kernel/module.c b/kernel/module.c
index ff2d7359a418..f6368b8f90b6 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -53,6 +53,7 @@
#include <linux/bsearch.h>
#include <linux/dynamic_debug.h>
#include <linux/audit.h>
+#include <linux/efi.h>
#include <uapi/linux/module.h>
#include "module-internal.h"
@@ -268,6 +269,10 @@ static void module_assert_mutex_or_preempt(void)
static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
module_param(sig_enforce, bool_enable_only, 0644);
+/* Allow disabling module signature requirement by adding boot param */
+static bool sig_unenforce = false;
+module_param(sig_unenforce, bool_enable_only, 0644);
+
/*
* Export sig_enforce kernel cmdline parameter to allow other subsystems rely
@@ -393,6 +398,8 @@ extern const s32 __start___kcrctab_unused[];
extern const s32 __start___kcrctab_unused_gpl[];
#endif
+extern struct boot_params boot_params;
+
#ifndef CONFIG_MODVERSIONS
#define symversion(base, idx) NULL
#else
@@ -4401,6 +4408,20 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
proc_create("modules", 0, NULL, &proc_modules_operations);
+
+#ifdef CONFIG_MODULE_SIG_FORCE
+ switch (boot_params.secure_boot) {
+ case efi_secureboot_mode_unset:
+ case efi_secureboot_mode_unknown:
+ case efi_secureboot_mode_disabled:
+ /*
+ * sig_unenforce is only applied if SecureBoot is not
+ * enabled.
+ */
+ sig_enforce = !sig_unenforce;
+ }
+#endif
+
return 0;
}
module_init(proc_modules_init);
--
https://clearlinux.org

28
sys-kernel/linux-hardened-sources/files/5.4/000117_0117-Enable-stateless-firmware-loading.patch Normal file
View File

@ -0,0 +1,28 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: William Douglas <william.douglas@intel.com>
Date: Wed, 20 Jun 2018 17:23:21 +0000
Subject: [PATCH] Enable stateless firmware loading
Prefer the order of specific version before generic and /etc before
/lib to enable the user to give specific overrides for generic
firmware and distribution firmware.
---
drivers/base/firmware_loader/main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index bf44c79beae9..019547b549a9 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -439,6 +439,8 @@ static int fw_decompress_xz(struct device *dev, struct fw_priv *fw_priv,
static char fw_path_para[256];
static const char * const fw_path[] = {
fw_path_para,
+ "/etc/firmware/" UTS_RELEASE,
+ "/etc/firmware",
"/lib/firmware/updates/" UTS_RELEASE,
"/lib/firmware/updates",
"/lib/firmware/" UTS_RELEASE,
--
https://clearlinux.org

45
sys-kernel/linux-hardened-sources/files/5.4/000118_0118-Migrate-some-systemd-defaults-to-the-kernel-defaults.patch Normal file
View File

@ -0,0 +1,45 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Auke Kok <auke-jan.h.kok@intel.com>
Date: Thu, 2 Aug 2018 12:03:22 -0700
Subject: [PATCH] Migrate some systemd defaults to the kernel defaults.
These settings are needed to prevent networking issues when
the networking modules come up by default without explicit
settings, which breaks some cases.
We don't want the modprobe settings to be read at boot time
if we're not going to do anything else ever.
---
drivers/net/dummy.c | 2 +-
include/uapi/linux/if_bonding.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/dummy.c b/drivers/net/dummy.c
index 54e4d8b07f0e..a23d569417a7 100644
--- a/drivers/net/dummy.c
+++ b/drivers/net/dummy.c
@@ -44,7 +44,7 @@
#define DRV_NAME "dummy"
#define DRV_VERSION "1.0"
-static int numdummies = 1;
+static int numdummies = 0;
/* fake multicast ability */
static void set_multicast_list(struct net_device *dev)
diff --git a/include/uapi/linux/if_bonding.h b/include/uapi/linux/if_bonding.h
index 790585f0e61b..85560927eff7 100644
--- a/include/uapi/linux/if_bonding.h
+++ b/include/uapi/linux/if_bonding.h
@@ -82,7 +82,7 @@
#define BOND_STATE_ACTIVE 0 /* link is active */
#define BOND_STATE_BACKUP 1 /* link is backup */
-#define BOND_DEFAULT_MAX_BONDS 1 /* Default maximum number of devices to support */
+#define BOND_DEFAULT_MAX_BONDS 0 /* Default maximum number of devices to support */
#define BOND_DEFAULT_TX_QUEUES 16 /* Default number of tx queues per device */
--
https://clearlinux.org

55
sys-kernel/linux-hardened-sources/files/5.4/000119_0119-xattr-allow-setting-user.-attributes-on-symlinks-by-.patch Normal file
View File

@ -0,0 +1,55 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alan Cox <alan@linux.intel.com>
Date: Thu, 10 Mar 2016 15:11:28 +0000
Subject: [PATCH] xattr: allow setting user.* attributes on symlinks by owner
Kvmtool and clear containers supports using user attributes to label host
files with the virtual uid/guid of the file in the container. This allows an
end user to manage their files and a complete uid space without all the ugly
namespace stuff.
The one gap in the support is symlinks because an end user can change the
ownership of a symbolic link. We support attributes on these files as you
can already (as root) set security attributes on them.
The current rules seem slightly over-paranoid and as we have a use case this
patch enables updating the attributes on a symbolic link IFF you are the
owner of the synlink (as permissions are not usually meaningful on the link
itself).
Signed-off-by: Alan Cox <alan@linux.intel.com>
---
fs/xattr.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/fs/xattr.c b/fs/xattr.c
index 90dd78f0eb27..a81d9690f136 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -119,15 +119,17 @@ xattr_permission(struct inode *inode, const char *name, int mask)
}
/*
- * In the user.* namespace, only regular files and directories can have
- * extended attributes. For sticky directories, only the owner and
- * privileged users can write attributes.
+ * In the user.* namespace, only regular files, symbolic links, and
+ * directories can have extended attributes. For symbolic links and
+ * sticky directories, only the owner and privileged users can write
+ * attributes.
*/
if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
- if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
+ if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode) && !S_ISLNK(inode->i_mode))
return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
- if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
- (mask & MAY_WRITE) && !inode_owner_or_capable(inode))
+ if (((S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX))
+ || S_ISLNK(inode->i_mode)) && (mask & MAY_WRITE)
+ && !inode_owner_or_capable(inode))
return -EPERM;
}
--
https://clearlinux.org

82
sys-kernel/linux-hardened-sources/files/5.4/000120_0120-add-scheduler-turbo3-patch.patch Normal file
View File

@ -0,0 +1,82 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Wed, 21 Nov 2018 21:21:44 +0000
Subject: [PATCH] add scheduler turbo3 patch
Small scheduler tweak to make the scheduler more turbo3 aware
---
arch/x86/kernel/itmt.c | 14 ++++++++++++++
kernel/sched/fair.c | 19 +++++++++++++++++++
2 files changed, 33 insertions(+)
diff --git a/arch/x86/kernel/itmt.c b/arch/x86/kernel/itmt.c
index 1cb3ca9bba49..eeb201bb014b 100644
--- a/arch/x86/kernel/itmt.c
+++ b/arch/x86/kernel/itmt.c
@@ -173,6 +173,11 @@ int arch_asym_cpu_priority(int cpu)
return per_cpu(sched_core_priority, cpu);
}
+extern int best_core;
+extern int second_best_core;
+static int best_core_score;
+static int second_best_core_score;
+
/**
* sched_set_itmt_core_prio() - Set CPU priority based on ITMT
* @prio: Priority of cpu core
@@ -202,5 +207,14 @@ void sched_set_itmt_core_prio(int prio, int core_cpu)
smt_prio = prio * smp_num_siblings / i;
per_cpu(sched_core_priority, cpu) = smt_prio;
i++;
+
+ if (smt_prio > best_core_score) {
+ best_core = cpu;
+ best_core_score = smt_prio;
+ } else
+ if (smt_prio > second_best_core_score) {
+ second_best_core = cpu;
+ second_best_core_score = smt_prio;
+ }
}
}
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 69a81a5709ff..e1961b94270d 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -6439,6 +6439,10 @@ static int find_energy_efficient_cpu(struct task_struct *p, int prev_cpu)
*
* preempt must be disabled.
*/
+
+int best_core = -1;
+int second_best_core = -1;
+
static int
select_task_rq_fair(struct task_struct *p, int prev_cpu, int sd_flag, int wake_flags)
{
@@ -6462,6 +6466,21 @@ select_task_rq_fair(struct task_struct *p, int prev_cpu, int sd_flag, int wake_f
cpumask_test_cpu(cpu, p->cpus_ptr);
}
+ if (prev_cpu != best_core && prev_cpu != second_best_core &&
+ cpu_rq(prev_cpu)->nr_running != 0) {
+ if (second_best_core != -1 && cpu_rq(second_best_core)->nr_running == 0 &&
+ nr_iowait_cpu(second_best_core) < 2 && cpu_to_node(prev_cpu) == cpu_to_node(second_best_core))
+ prev_cpu = second_best_core;
+ if (best_core != -1 && cpu_rq(best_core)->nr_running == 0 &&
+ nr_iowait_cpu(best_core) < 2 && cpu_to_node(prev_cpu) == cpu_to_node(best_core))
+ prev_cpu = best_core;
+ }
+/*
+ if (prev_cpu > 0 && cpu_rq(prev_cpu)->nr_running != 0 && cpu_rq(prev_cpu - 1)->nr_running == 0)
+ prev_cpu = prev_cpu - 1;
+*/
+
+
rcu_read_lock();
for_each_domain(cpu, tmp) {
if (!(tmp->flags & SD_LOAD_BALANCE))
--
https://clearlinux.org

25
sys-kernel/linux-hardened-sources/files/5.4/000121_0121-use-lfence-instead-of-rep-and-nop.patch Normal file
View File

@ -0,0 +1,25 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Sat, 8 Dec 2018 18:21:32 +0000
Subject: [PATCH] use lfence instead of rep and nop
---
arch/x86/include/asm/processor.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 54f5d54280f6..ee60a1f2dd11 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -647,7 +647,7 @@ static inline unsigned int cpuid_edx(unsigned int op)
/* REP NOP (PAUSE) is a good thing to insert into busy-wait loops. */
static __always_inline void rep_nop(void)
{
- asm volatile("rep; nop" ::: "memory");
+ asm volatile("lfence" ::: "memory");
}
static __always_inline void cpu_relax(void)
--
https://clearlinux.org

89
sys-kernel/linux-hardened-sources/files/5.4/000122_0122-do-accept-in-LIFO-order-for-cache-efficiency.patch Normal file
View File

@ -0,0 +1,89 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Thu, 13 Dec 2018 01:00:49 +0000
Subject: [PATCH] do accept() in LIFO order for cache efficiency
---
include/linux/wait.h | 2 ++
kernel/sched/wait.c | 24 ++++++++++++++++++++++++
net/ipv4/inet_connection_sock.c | 2 +-
3 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/include/linux/wait.h b/include/linux/wait.h
index 3eb7cae8206c..340ca4b81b26 100644
--- a/include/linux/wait.h
+++ b/include/linux/wait.h
@@ -162,6 +162,7 @@ static inline bool wq_has_sleeper(struct wait_queue_head *wq_head)
extern void add_wait_queue(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry);
extern void add_wait_queue_exclusive(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry);
+extern void add_wait_queue_exclusive_lifo(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry);
extern void remove_wait_queue(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry);
static inline void __add_wait_queue(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry)
@@ -1122,6 +1123,7 @@ do { \
*/
void prepare_to_wait(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry, int state);
void prepare_to_wait_exclusive(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry, int state);
+void prepare_to_wait_exclusive_lifo(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry, int state);
long prepare_to_wait_event(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry, int state);
void finish_wait(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry);
long wait_woken(struct wait_queue_entry *wq_entry, unsigned mode, long timeout);
diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c
index c1e566a114ca..5f8fca88ab23 100644
--- a/kernel/sched/wait.c
+++ b/kernel/sched/wait.c
@@ -37,6 +37,17 @@ void add_wait_queue_exclusive(struct wait_queue_head *wq_head, struct wait_queue
}
EXPORT_SYMBOL(add_wait_queue_exclusive);
+void add_wait_queue_exclusive_lifo(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry)
+{
+ unsigned long flags;
+
+ wq_entry->flags |= WQ_FLAG_EXCLUSIVE;
+ spin_lock_irqsave(&wq_head->lock, flags);
+ __add_wait_queue(wq_head, wq_entry);
+ spin_unlock_irqrestore(&wq_head->lock, flags);
+}
+EXPORT_SYMBOL(add_wait_queue_exclusive_lifo);
+
void remove_wait_queue(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry)
{
unsigned long flags;
@@ -246,6 +257,19 @@ prepare_to_wait_exclusive(struct wait_queue_head *wq_head, struct wait_queue_ent
}
EXPORT_SYMBOL(prepare_to_wait_exclusive);
+void prepare_to_wait_exclusive_lifo(struct wait_queue_head *wq_head, struct wait_queue_entry *wq_entry, int state)
+{
+ unsigned long flags;
+
+ wq_entry->flags |= WQ_FLAG_EXCLUSIVE;
+ spin_lock_irqsave(&wq_head->lock, flags);
+ if (list_empty(&wq_entry->entry))
+ __add_wait_queue(wq_head, wq_entry);
+ set_current_state(state);
+ spin_unlock_irqrestore(&wq_head->lock, flags);
+}
+EXPORT_SYMBOL(prepare_to_wait_exclusive_lifo);
+
void init_wait_entry(struct wait_queue_entry *wq_entry, int flags)
{
wq_entry->flags = flags;
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index eb30fc1770de..71e8dc087870 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -407,7 +407,7 @@ static int inet_csk_wait_for_connect(struct sock *sk, long timeo)
* having to remove and re-insert us on the wait queue.
*/
for (;;) {
- prepare_to_wait_exclusive(sk_sleep(sk), &wait,
+ prepare_to_wait_exclusive_lifo(sk_sleep(sk), &wait,
TASK_INTERRUPTIBLE);
release_sock(sk);
if (reqsk_queue_empty(&icsk->icsk_accept_queue))
--
https://clearlinux.org

26
sys-kernel/linux-hardened-sources/files/5.4/000123_0123-zero-extra-registers.patch Normal file
View File

@ -0,0 +1,26 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Thu, 8 Feb 2018 16:49:38 +0000
Subject: [PATCH] zero extra registers
This for Zero used caller-saved general registers upon function return.
---
arch/x86/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 94df0868804b..083a97af538c 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -216,7 +216,7 @@ KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
# Avoid indirect branches in kernel to deal with Spectre
ifdef CONFIG_RETPOLINE
- KBUILD_CFLAGS += $(RETPOLINE_CFLAGS)
+ KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -mzero-caller-saved-regs=used
# Additionally, avoid generating expensive indirect jumps which
# are subject to retpolines for small number of switch cases.
# clang turns off jump table generation by default when under
--
https://clearlinux.org

35
sys-kernel/linux-hardened-sources/files/5.4/000124_0124-locking-rwsem-spin-faster.patch Normal file
View File

@ -0,0 +1,35 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Sun, 18 Feb 2018 23:35:41 +0000
Subject: [PATCH] locking: rwsem: spin faster
tweak rwsem owner spinning a bit
---
kernel/locking/rwsem.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c
index eef04551eae7..1ec5ab4c8ff7 100644
--- a/kernel/locking/rwsem.c
+++ b/kernel/locking/rwsem.c
@@ -720,6 +720,7 @@ rwsem_spin_on_owner(struct rw_semaphore *sem, unsigned long nonspinnable)
struct task_struct *new, *owner;
unsigned long flags, new_flags;
enum owner_state state;
+ int i = 0;
owner = rwsem_owner_flags(sem, &flags);
state = rwsem_owner_state(owner, flags, nonspinnable);
@@ -753,7 +754,8 @@ rwsem_spin_on_owner(struct rw_semaphore *sem, unsigned long nonspinnable)
break;
}
- cpu_relax();
+ if (i++ > 1000)
+ cpu_relax();
}
rcu_read_unlock();
--
https://clearlinux.org

42
sys-kernel/linux-hardened-sources/files/5.4/000125_0125-ata-libahci-ignore-staggered-spin-up.patch Normal file
View File

@ -0,0 +1,42 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Joe Konno <joe.konno@intel.com>
Date: Tue, 25 Jun 2019 10:35:54 -0700
Subject: [PATCH] ata: libahci: ignore staggered spin-up
Change libahci to ignore firmware's staggered spin-up flag. End-users
who wish to honor firmware's SSS flag can add the following kernel
parameter to a new file at /etc/kernel/cmdline.d/ignore_sss.conf:
libahci.ignore_sss=0
And then run
sudo clr-boot-manager update
Signed-off-by: Joe Konno <joe.konno@intel.com>
---
drivers/ata/libahci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
index bff369d9a1a7..30d5784741d1 100644
--- a/drivers/ata/libahci.c
+++ b/drivers/ata/libahci.c
@@ -33,14 +33,14 @@
#include "libata.h"
static int ahci_skip_host_reset;
-int ahci_ignore_sss;
+int ahci_ignore_sss=1;
EXPORT_SYMBOL_GPL(ahci_ignore_sss);
module_param_named(skip_host_reset, ahci_skip_host_reset, int, 0444);
MODULE_PARM_DESC(skip_host_reset, "skip global host reset (0=don't skip, 1=skip)");
module_param_named(ignore_sss, ahci_ignore_sss, int, 0444);
-MODULE_PARM_DESC(ignore_sss, "Ignore staggered spinup flag (0=don't ignore, 1=ignore)");
+MODULE_PARM_DESC(ignore_sss, "Ignore staggered spinup flag (0=don't ignore, 1=ignore [default])");
static int ahci_set_lpm(struct ata_link *link, enum ata_lpm_policy policy,
unsigned hints);
--
https://clearlinux.org

29
sys-kernel/linux-hardened-sources/files/5.4/000126_0126-print-CPU-that-faults.patch Normal file
View File

@ -0,0 +1,29 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Sat, 10 Aug 2019 03:19:04 +0000
Subject: [PATCH] print CPU that faults
print cpu number when we print a crash
---
arch/x86/mm/fault.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 9ceacd1156db..5ffc44b5decb 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -842,9 +842,9 @@ show_signal_msg(struct pt_regs *regs, unsigned long error_code,
if (!printk_ratelimit())
return;
- printk("%s%s[%d]: segfault at %lx ip %px sp %px error %lx",
+ printk("%s%s[%d]: segfault at %lx ip %px sp %px error %lx cpu %i",
loglvl, tsk->comm, task_pid_nr(tsk), address,
- (void *)regs->ip, (void *)regs->sp, error_code);
+ (void *)regs->ip, (void *)regs->sp, error_code, raw_smp_processor_id());
print_vma_addr(KERN_CONT " in ", regs->ip);
--
https://clearlinux.org

143
sys-kernel/linux-hardened-sources/files/5.4/000127_0127-x86-microcode-Force-update-a-uCode-even-if-the-rev-i.patch Normal file
View File

@ -0,0 +1,143 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ashok Raj <ashok.raj@intel.com>
Date: Sat, 20 Jul 2019 14:14:47 +0000
Subject: [PATCH] x86/microcode: Force update a uCode even if the rev is the
same
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
---
arch/x86/kernel/cpu/microcode/core.c | 1 +
arch/x86/kernel/cpu/microcode/intel.c | 57 +++++++++++++++++++++++++--
2 files changed, 55 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index cb0fdcaf1415..d44fe3e5c028 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -601,6 +601,7 @@ static int microcode_reload_late(void)
atomic_set(&late_cpus_in, 0);
atomic_set(&late_cpus_out, 0);
+ printk ("Going to do stop_machine\n");
ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask);
if (ret > 0)
microcode_check();
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index ce799cfe9434..9e85d785b226 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -30,6 +30,7 @@
#include <linux/uio.h>
#include <linux/mm.h>
+#include <asm/cmdline.h>
#include <asm/microcode_intel.h>
#include <asm/intel-family.h>
#include <asm/processor.h>
@@ -38,6 +39,7 @@
#include <asm/msr.h>
static const char ucode_path[] = "kernel/x86/microcode/GenuineIntel.bin";
+static bool force_ucode_load = false;
/* Current microcode patch used in early patching on the APs. */
static struct microcode_intel *intel_ucode_patch;
@@ -94,8 +96,18 @@ static int has_newer_microcode(void *mc, unsigned int csig, int cpf, int new_rev
{
struct microcode_header_intel *mc_hdr = mc;
- if (mc_hdr->rev <= new_rev)
+ //if (mc_hdr->rev <= new_rev)
+ if (mc_hdr->rev < new_rev) {
+ printk ("Returning NO_NEW old = 0x%x new = 0x%x\n",
+ mc_hdr->rev, new_rev);
return 0;
+ }
+ if ((mc_hdr->rev == new_rev) && !force_ucode_load) {
+ printk ("SAME REV: no_force Returning NO_NEW old = 0x%x new = 0x%x\n",
+ mc_hdr->rev, new_rev);
+ return 0;
+ }
+ printk ("ucode: force loading same rev\n");
return find_matching_signature(mc, csig, cpf);
}
@@ -593,11 +605,20 @@ static int apply_microcode_early(struct ucode_cpu_info *uci, bool early)
* already.
*/
rev = intel_get_microcode_revision();
- if (rev >= mc->hdr.rev) {
+ if (rev > mc->hdr.rev) {
uci->cpu_sig.rev = rev;
return UCODE_OK;
}
+ if (rev == mc->hdr.rev) {
+ if (!force_ucode_load) {
+ printk ("Matching ucode rev, no update\n");
+ return UCODE_OK;
+ } else {
+ printk ("Matching ucode rev.. force updating\n");
+ }
+ }
+
/*
* Writeback and invalidate caches before updating microcode to avoid
* internal issues depending on what the microcode is updating.
@@ -649,6 +670,29 @@ int __init save_microcode_in_initrd_intel(void)
return 0;
}
+static bool check_force_ucode_bsp(void)
+{
+ static const char *__force_ucode_str = "force_ucode_load";
+
+#ifdef CONFIG_X86_32
+ const char *cmdline = (const char *)__pa_nodebug(boot_command_line);
+ const char *option = (const char *)__pa_nodebug(__force_ucode_str);
+ bool *res = (bool *)__pa_nodebug(&force_ucode_load);
+
+#else /* CONFIG_X86_64 */
+ const char *cmdline = boot_command_line;
+ const char *option = __force_ucode_str;
+ bool *res = &force_ucode_load;
+#endif
+
+ if (cmdline_find_option_bool(cmdline, option)) {
+ printk("cmdline forcing ucode update for same rev\n");
+ *res = true;
+ }
+
+ return *res;
+}
+
/*
* @res_patch, output: a pointer to the patch we found.
*/
@@ -682,6 +726,9 @@ void __init load_ucode_intel_bsp(void)
{
struct microcode_intel *patch;
struct ucode_cpu_info uci;
+ bool force_bsp;
+
+ force_bsp = check_force_ucode_bsp();
patch = __load_ucode_intel(&uci);
if (!patch)
@@ -730,8 +777,12 @@ static struct microcode_intel *find_patch(struct ucode_cpu_info *uci)
phdr = (struct microcode_header_intel *)iter->data;
- if (phdr->rev <= uci->cpu_sig.rev)
+ if (phdr->rev < uci->cpu_sig.rev)
continue;
+ if (phdr->rev == uci->cpu_sig.rev && !force_ucode_load)
+ continue;
+ else
+ printk ("same rev forcing ucode\n");
if (!find_matching_signature(phdr,
uci->cpu_sig.sig,
--
https://clearlinux.org

69
sys-kernel/linux-hardened-sources/files/5.4/000128_0128-x86-microcode-echo-2-reload-to-force-load-ucode.patch Normal file
View File

@ -0,0 +1,69 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ashok Raj <ashok.raj@intel.com>
Date: Sat, 20 Jul 2019 14:14:47 +0000
Subject: [PATCH] x86/microcode: echo 2 > reload to force load ucode.
If you want to force a ucode load even if the version
doesn't change try this
To just do a normal upgrade where new rev > current rev
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
---
arch/x86/kernel/cpu/microcode/core.c | 8 +++++++-
arch/x86/kernel/cpu/microcode/intel.c | 2 +-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index d44fe3e5c028..2b0e98ec22bc 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -615,18 +615,23 @@ static ssize_t reload_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t size)
{
+ extern bool force_ucode_load;
enum ucode_state tmp_ret = UCODE_OK;
int bsp = boot_cpu_data.cpu_index;
unsigned long val;
+ bool orig_cmd_line = force_ucode_load;
ssize_t ret = 0;
ret = kstrtoul(buf, 0, &val);
if (ret)
return ret;
- if (val != 1)
+ if (!val || val > 2)
return size;
+ if (val == 2)
+ force_ucode_load = true;
+
tmp_ret = microcode_ops->request_microcode_fw(bsp, &microcode_pdev->dev, true);
if (tmp_ret != UCODE_NEW)
return size;
@@ -642,6 +647,7 @@ static ssize_t reload_store(struct device *dev,
mutex_unlock(&microcode_mutex);
put:
+ force_ucode_load = orig_cmd_line;
put_online_cpus();
if (ret >= 0)
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 9e85d785b226..5c67ac023f4a 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -39,7 +39,7 @@
#include <asm/msr.h>
static const char ucode_path[] = "kernel/x86/microcode/GenuineIntel.bin";
-static bool force_ucode_load = false;
+bool force_ucode_load = false;
/* Current microcode patch used in early patching on the APs. */
static struct microcode_intel *intel_ucode_patch;
--
https://clearlinux.org

26
sys-kernel/linux-hardened-sources/files/5.4/000129_0129-fix-bug-in-ucode-force-reload-revision-check.patch Normal file
View File

@ -0,0 +1,26 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jim Kukunas <james.t.kukunas@linux.intel.com>
Date: Sat, 2 Nov 2019 00:59:52 +0000
Subject: [PATCH] fix bug in ucode force reload revision check
If force_ucode_load==true, reload ucode even if revision # is identical.
---
arch/x86/kernel/cpu/microcode/intel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 5c67ac023f4a..2ca566bedfc8 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -865,7 +865,7 @@ static enum ucode_state apply_microcode_intel(int cpu)
* already.
*/
rev = intel_get_microcode_revision();
- if (rev >= mc->hdr.rev) {
+ if (rev > mc->hdr.rev || (rev == mc->hdr.rev && !force_ucode_load)) {
ret = UCODE_OK;
goto out;
}
--
https://clearlinux.org

25
sys-kernel/linux-hardened-sources/files/5.4/000131_0131-nvme-workaround.patch Normal file
View File

@ -0,0 +1,25 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@linux.intel.com>
Date: Mon, 11 Nov 2019 23:12:11 +0000
Subject: [PATCH] nvme workaround
---
drivers/nvme/host/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index fa7ba09dca77..758553763243 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -48,7 +48,7 @@ static u8 nvme_max_retries = 5;
module_param_named(max_retries, nvme_max_retries, byte, 0644);
MODULE_PARM_DESC(max_retries, "max number of retries a command may have");
-static unsigned long default_ps_max_latency_us = 100000;
+static unsigned long default_ps_max_latency_us = 200;
module_param(default_ps_max_latency_us, ulong, 0644);
MODULE_PARM_DESC(default_ps_max_latency_us,
"max power saving latency for new devices; use PM QOS to change per device");
--
https://clearlinux.org

52034
sys-kernel/linux-hardened-sources/files/5.4/001001_1001-WireGuard-fast-modern-secure-kernel-VPN-tunnel.patch Normal file
View File

File diff suppressed because it is too large Load Diff

40
sys-kernel/linux-hardened-sources/files/mkspec_script_local.patch Normal file
View File

@ -0,0 +1,40 @@
diff -ur linux-5.4.21.a-hardened/scripts/package/mkspec linux-5.4.21.a-hardened.new/scripts/package/mkspec
--- linux-5.4.21.a-hardened/scripts/package/mkspec 2019-11-25 03:32:01.000000000 +0300
+++ linux-5.4.21.a-hardened.new/scripts/package/mkspec 2020-03-28 17:07:06.136236182 +0300
@@ -85,9 +85,11 @@
mkdir -p %{buildroot}/boot
%ifarch ia64
mkdir -p %{buildroot}/boot/efi
+ /usr/local/bin/sbsign_local.sh \$($MAKE image_name)
cp \$($MAKE image_name) %{buildroot}/boot/efi/vmlinuz-$KERNELRELEASE
ln -s efi/vmlinuz-$KERNELRELEASE %{buildroot}/boot/
%else
+ /usr/local/bin/sbsign_local.sh \$($MAKE image_name)
cp \$($MAKE image_name) %{buildroot}/boot/vmlinuz-$KERNELRELEASE
%endif
$M $MAKE %{?_smp_mflags} INSTALL_MOD_PATH=%{buildroot} modules_install
@@ -98,11 +100,11 @@
mv vmlinux.bz2 %{buildroot}/boot/vmlinux-$KERNELRELEASE.bz2
$S$M rm -f %{buildroot}/lib/modules/$KERNELRELEASE/build
$S$M rm -f %{buildroot}/lib/modules/$KERNELRELEASE/source
-$S$M mkdir -p %{buildroot}/usr/src/kernels/$KERNELRELEASE
-$S$M tar cf - $EXCLUDES . | tar xf - -C %{buildroot}/usr/src/kernels/$KERNELRELEASE
+$S$M mkdir -p %{buildroot}/usr/src/$KERNELRELEASE
+$S$M tar cf - $EXCLUDES . | tar xf - -C %{buildroot}/usr/src/$KERNELRELEASE
$S$M cd %{buildroot}/lib/modules/$KERNELRELEASE
-$S$M ln -sf /usr/src/kernels/$KERNELRELEASE build
-$S$M ln -sf /usr/src/kernels/$KERNELRELEASE source
+$S$M ln -sf /usr/src/$KERNELRELEASE build
+$S$M ln -sf /usr/src/$KERNELRELEASE source
%clean
rm -rf %{buildroot}
@@ -141,7 +143,7 @@
$S$M
$S$M %files devel
$S$M %defattr (-, root, root)
-$S$M /usr/src/kernels/$KERNELRELEASE
+$S$M /usr/src/$KERNELRELEASE
$S$M /lib/modules/$KERNELRELEASE/build
$S$M /lib/modules/$KERNELRELEASE/source
EOF

55
sys-kernel/linux-hardened-sources/linux-hardened-sources-5.4.28.ebuild Normal file
View File

@ -0,0 +1,55 @@
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# See https://blogs.gentoo.org/ago/2017/08/21/sys-kernel-grsecurity-sources-available
EAPI="6"
ETYPE="sources"
UNIPATCH_STRICTORDER="no"
K_SECURITY_UNSUPPORTED="0"
#K_GENPATCHES_VER="not-empty" # Set to not-empty to avoid the useless download of patch-*.xz
K_WANT_GENPATCHES="base extras experimental"
K_GENPATCHES_VER="28"
K_NOSETEXTRAVERSION="1"
NAME="linux-hardened"
MINOR_VER=".a"
PN="hardened"
inherit kernel-2
detect_version
detect_arch
UNIPATCH_LIST="${DISTDIR}/1199_${NAME}-${PV}.a.patch
${FILESDIR}/5.4/*.patch
${FILESDIR}/mkspec_script_local.patch"
UNIPATCH_EXCLUDE="1500_XATTR_USER_PREFIX.patch
1510_fs-enable-link-security-restrictions-by-default.patch
2900_dev-root-proc-mount-fix.patch
4200_fbcondecor.patch
4400_alpha-sysctl-uac.patch"
LINHARD_URI="https://github.com/anthraxx/${NAME}/releases/download/${PV}${MINOR_VER}/${NAME}-${PV}${MINOR_VER}.patch -> 1199_${NAME}-${PV}${MINOR_VER}.patch"
KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
HOMEPAGE="https://dev.gentoo.org/~mpagano/genpatches"
IUSE="experimental"
DESCRIPTION="Full sources including the Gentoo, ArchLinux, Clear Linux and Linux Hardened patches for the ${KV_MAJOR}.${KV_MINOR} kernel tree"
SRC_URI="${KERNEL_URI} ${GENPATCHES_URI} ${LINHARD_URI} ${ARCH_URI}"
src_compile() {
echo "${MINOR_VER}-hardened" > ${S}/localversion-hardened
}
K_EXTRAEINFO="For more info on this patchset, and for how to report problems, see: \
${HOMEPAGE}"
pkg_postinst() {
kernel-2_pkg_postinst
}
pkg_postrm() {
kernel-2_pkg_postrm
}

13
sys-kernel/linux-hardened-sources/metadata.xml Normal file
View File

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>alex@millerson.name</email>
<name>Alexander Miroshnichenko</name>
<description>Maintainer. Assign bugs to him</description>
</maintainer>
<longdescription>
Minimal supplement to upstream Kernel Self Protection Project changes.
Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope
</longdescription>
</pkgmetadata>