Update to 4.14.5-1

2017-12-13 17:27:14 -05:00 · 2017-12-13 17:27:14 -05:00 · eed374cdff
commit eed374cdff
parent 49ce0d9356
7 changed files with 723 additions and 9136 deletions
--- a/.SRCINFO
+++ b/.SRCINFO
@ -1,10 +1,9 @@
 # Generated by mksrcinfo v8
-# Mon Nov 27 02:49:05 UTC 2017
+# Wed Dec 13 22:27:02 UTC 2017
 pkgbase = linux-vfio
-	pkgver = 4.13.12
-	pkgrel = 2
+	pkgver = 4.14.5
+	pkgrel = 1
 	url = http://www.kernel.org/
-	arch = i686
 	arch = x86_64
 	license = GPL2
 	makedepends = xmlto
@ -14,26 +13,26 @@ pkgbase = linux-vfio
 	makedepends = bc
 	makedepends = libelf
 	options = !strip
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.13.tar.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.13.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.13.12.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.13.12.sign
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.5.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.5.sign
 	source = config
-	source = config.x86_64
 	source = 90-linux.hook
 	source = linux.preset
 	source = add-acs-overrides.patch
 	source = i915-vga-arbiter.patch
-	sha256sums = 2db3d6066c3ad93eb25b973a3d2951e022a7e975ee2fa7cbe5bddf84d9a49a2c
+	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+	sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7
 	sha256sums = SKIP
-	sha256sums = d5830f31cf8522986fb530e69b3b9b023f0298c4f88d897541ff0776dc805828
+	sha256sums = d86eb2fd1c424fec9fbb12afacf7b783756651f5d7d0cf7ac71c3fbbbedddc9c
 	sha256sums = SKIP
-	sha256sums = 9b1d9fcb55782e6149aca4dc2d3b250dd4cedf1bf4bd8c6f0968acab0e2e0ee4
-	sha256sums = 9c6c4d27d59638d0569ea09a97138bfcfb219f17cdf1138be141380e6654f302
+	sha256sums = bfde21c325d39013463c38e9fa23d6d6481238b8509eea4ae38906127017e47d
 	sha256sums = 8f407ad5ff6eff106562ba001c36a281134ac9aa468a596aea660a4fe1fd60b5
 	sha256sums = 99d0102c8065793096b8ea2ccc01c41fa3dcb96855f9f6f2c583b2372208c6f9
-	sha256sums = d08e95336be54792b3ded0a5c9b0aeddd47a38d61752af2cbaf38bb6d158d521
-	sha256sums = 19fd3b81b4b081ceb100c89fb6bab012a8d708da6ca8cee53d771abca4770236
+	sha256sums = c238969a3c3a44b41c868a883880d8c4dc475e457427e91c649e9f24170b2c7d
+	sha256sums = eaf70cd805cdb43cf6227d354a6d54f67645b6df99e06136a8055d7494d7439c
+	sha256sums = 37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85

 pkgname = linux-vfio
 	pkgdesc = The Linux kernel and modules with patches to enable GPU passthrough with KVM
--- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@ -0,0 +1,102 @@
+From 5ec2dd3a095442ec1a21d86042a4994f2ba24e63 Mon Sep 17 00:00:00 2001
+Message-Id: <5ec2dd3a095442ec1a21d86042a4994f2ba24e63.1512651251.git.jan.steffens@gmail.com>
+From: Serge Hallyn <serge.hallyn@canonical.com>
+Date: Fri, 31 May 2013 19:12:12 +0100
+Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default
+
+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+[bwh: Remove unneeded binary sysctl bits]
+Signed-off-by: Daniel Micay <danielmicay@gmail.com>
+---
+ kernel/fork.c           | 15 +++++++++++++++
+ kernel/sysctl.c         | 12 ++++++++++++
+ kernel/user_namespace.c |  3 +++
+ 3 files changed, 30 insertions(+)
+
+diff --git a/kernel/fork.c b/kernel/fork.c
+index 07cc743698d3668e..4011d68a8ff9305c 100644
+--- a/kernel/fork.c
+++ b/kernel/fork.c
+@@ -102,6 +102,11 @@
+ 
+ #define CREATE_TRACE_POINTS
+ #include <trace/events/task.h>
+#ifdef CONFIG_USER_NS
+extern int unprivileged_userns_clone;
+#else
+#define unprivileged_userns_clone 0
+#endif
+ 
+ /*
+  * Minimum number of threads to boot the kernel
+@@ -1555,6 +1560,10 @@ static __latent_entropy struct task_struct *copy_process(
+ 	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
+ 		return ERR_PTR(-EINVAL);
+ 
+	if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
+		if (!capable(CAP_SYS_ADMIN))
+			return ERR_PTR(-EPERM);
+
+ 	/*
+ 	 * Thread groups must share signals as well, and detached threads
+ 	 * can only be started up within the thread group.
+@@ -2348,6 +2357,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+ 	if (unshare_flags & CLONE_NEWNS)
+ 		unshare_flags |= CLONE_FS;
+ 
+	if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
+		err = -EPERM;
+		if (!capable(CAP_SYS_ADMIN))
+			goto bad_unshare_out;
+	}
+
+ 	err = check_unshare_flags(unshare_flags);
+ 	if (err)
+ 		goto bad_unshare_out;
+diff --git a/kernel/sysctl.c b/kernel/sysctl.c
+index b86520ed3fb60fbf..f7dab3760839f1a1 100644
+--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
+@@ -105,6 +105,9 @@ extern int core_uses_pid;
+ extern char core_pattern[];
+ extern unsigned int core_pipe_limit;
+ #endif
+#ifdef CONFIG_USER_NS
+extern int unprivileged_userns_clone;
+#endif
+ extern int pid_max;
+ extern int pid_max_min, pid_max_max;
+ extern int percpu_pagelist_fraction;
+@@ -513,6 +516,15 @@ static struct ctl_table kern_table[] = {
+ 		.proc_handler	= proc_dointvec,
+ 	},
+ #endif
+#ifdef CONFIG_USER_NS
+	{
+		.procname	= "unprivileged_userns_clone",
+		.data		= &unprivileged_userns_clone,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec,
+	},
+#endif
+ #ifdef CONFIG_PROC_SYSCTL
+ 	{
+ 		.procname	= "tainted",
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index c490f1e4313b998a..dd03bd39d7bf194d 100644
+--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
+@@ -24,6 +24,9 @@
+ #include <linux/projid.h>
+ #include <linux/fs_struct.h>
+ 
+/* sysctl */
+int unprivileged_userns_clone;
+
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
+ 
+-- 
+2.15.1
+
--- a/32
+++ b/32
@ -2,10 +2,10 @@
 # Maintainer: Mark Weiman <markzz@archlinux.net>

 pkgbase=linux-vfio
-_srcname=linux-4.13
-pkgver=4.13.12
-pkgrel=2
-arch=('i686' 'x86_64')
+_srcname=linux-4.14
+pkgver=4.14.5
+pkgrel=1
+arch=('x86_64')
 url="http://www.kernel.org/"
 license=('GPL2')
 makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc' 'libelf')
@ -15,24 +15,25 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
        "https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.xz"
        "https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.sign"
        # the main kernel config files
-        'config' 'config.x86_64'
+        'config'
        # pacman hook for initramfs regeneration
        '90-linux.hook'
        # standard config files for mkinitcpio ramdisk
        'linux.preset'
        # patches for pci passthrough
        'add-acs-overrides.patch'
-        'i915-vga-arbiter.patch')
-sha256sums=('2db3d6066c3ad93eb25b973a3d2951e022a7e975ee2fa7cbe5bddf84d9a49a2c'
+        'i915-vga-arbiter.patch'
+        0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch)
+sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
            'SKIP'
-            'd5830f31cf8522986fb530e69b3b9b023f0298c4f88d897541ff0776dc805828'
+            'd86eb2fd1c424fec9fbb12afacf7b783756651f5d7d0cf7ac71c3fbbbedddc9c'
            'SKIP'
-            '9b1d9fcb55782e6149aca4dc2d3b250dd4cedf1bf4bd8c6f0968acab0e2e0ee4'
-            '9c6c4d27d59638d0569ea09a97138bfcfb219f17cdf1138be141380e6654f302'
+            'bfde21c325d39013463c38e9fa23d6d6481238b8509eea4ae38906127017e47d'
            '8f407ad5ff6eff106562ba001c36a281134ac9aa468a596aea660a4fe1fd60b5'
            '99d0102c8065793096b8ea2ccc01c41fa3dcb96855f9f6f2c583b2372208c6f9'
-            'd08e95336be54792b3ded0a5c9b0aeddd47a38d61752af2cbaf38bb6d158d521'
-            '19fd3b81b4b081ceb100c89fb6bab012a8d708da6ca8cee53d771abca4770236')
+            'c238969a3c3a44b41c868a883880d8c4dc475e457427e91c649e9f24170b2c7d'
+            'eaf70cd805cdb43cf6227d354a6d54f67645b6df99e06136a8055d7494d7439c'
+            '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85')
 validpgpkeys=(
              'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
              '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@ -49,11 +50,10 @@ prepare() {
  # add latest fixes from stable queue, if needed
  # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git

-  if [ "${CARCH}" = "x86_64" ]; then
-    cat "${srcdir}/config.x86_64" > ./.config
-  else
+  # disable USER_NS for non-root users by default
+  patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+
  cat "${srcdir}/config" > ./.config
-  fi

  # patches for vga arbiter fix in intel systems
  echo '==> Applying i915 VGA arbitration patch'
--- a/add-acs-overrides.patch
+++ b/add-acs-overrides.patch
@ -1,7 +1,7 @@
-From 2c6fca56ec527524700a1d2f26ea77ae2d5e561f Mon Sep 17 00:00:00 2001
+From 77026d26e851bbdc1bf5d5f1b6f21be7bbac86f1 Mon Sep 17 00:00:00 2001
 From: Mark Weiman <mark.weiman@markzz.com>
-Date: Sun, 26 Nov 2017 21:47:18 -0500
-Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.13)
+Date: Wed, 13 Dec 2017 15:30:35 -0500
+Subject: [PATCH] pci: Enable overrides for missing ACS capabilities (4.14)

 This an updated version of Alex Williamson's patch from:
 https://lkml.org/lkml/2013/5/30/513
@ -50,10 +50,10 @@ your customers the hassle of this boot option.
 2 files changed, 110 insertions(+)

 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index d9c171ce4190..e1d4b9cdfc8d 100644
+index 05496622b4ef..d4c793024f7c 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -2914,6 +2914,15 @@
+@@ -2937,6 +2937,15 @@
 		nomsi		[MSI] If the PCI_MSI kernel config parameter is
 				enabled, this kernel boot option can be used to
 				disable the use of MSI interrupts system-wide.
@ -70,10 +70,10 @@ index d9c171ce4190..e1d4b9cdfc8d 100644
 				Safety option to keep boot IRQs enabled. This
 				should never be necessary.
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 140760403f36..a7a58d814a17 100644
+index f66f9375177c..7c1867f29b7f 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
-@@ -3671,6 +3671,106 @@ static int __init pci_apply_final_quirks(void)
+@@ -3673,6 +3673,106 @@ static int __init pci_apply_final_quirks(void)
 
 fs_initcall_sync(pci_apply_final_quirks);
 
@ -180,14 +180,14 @@ index 140760403f36..a7a58d814a17 100644
 /*
  * Following are device-specific reset methods which can be used to
  * reset a single function if other methods (e.g. FLR, PM D0->D3) are
-@@ -4474,6 +4574,7 @@ static const struct pci_dev_acs_enabled {
- 	{ 0x10df, 0x720, pci_quirk_mf_endpoint_acs }, /* Emulex Skyhawk-R */
- 	/* Cavium ThunderX */
+@@ -4505,6 +4605,7 @@ static const struct pci_dev_acs_enabled {
 	{ PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs },
+ 	/* APM X-Gene */
+ 	{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
 +    { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
 	{ 0 }
 };
 
 -- 
-2.15.0
+2.15.1

--- a/1257
+++ b/1257
--- a/config.x86_64
+++ b/config.x86_64
--- a/i915-vga-arbiter.patch
+++ b/i915-vga-arbiter.patch
@ -1,8 +1,8 @@
-From db04b56b1238755405312341055a3d64d4ea1858 Mon Sep 17 00:00:00 2001
+From ad546a3996bf0725bb89545b4bf4656b4105221e Mon Sep 17 00:00:00 2001
 From: Mark Weiman <mark.weiman@markzz.com>
-Date: Fri, 29 Sep 2017 17:34:27 -0400
+Date: Wed, 13 Dec 2017 15:38:53 -0500
 Subject: [PATCH] i915: Add module option to support VGA arbiter on HD devices
- (4.13+)
+ (4.14)

 This is an updated version of Alex Williamson's patch from:
 https://lkml.org/lkml/2014/5/9/517
@ -43,10 +43,10 @@ until after vgacon->fbcon handoff.
 5 files changed, 60 insertions(+), 3 deletions(-)

 diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
-index fc307e03943c..742039c1f1c7 100644
+index 82498f8232eb..13795e7cdb5f 100644
 --- a/drivers/gpu/drm/i915/i915_drv.c
 +++ b/drivers/gpu/drm/i915/i915_drv.c
-@@ -614,10 +614,20 @@ static int i915_load_modeset_init(struct drm_device *dev)
+@@ -629,10 +629,20 @@ static int i915_load_modeset_init(struct drm_device *dev)
 	 * If we are a secondary display controller (!PCI_DISPLAY_CLASS_VGA),
 	 * then we do not take part in VGA arbitration and the
 	 * vga_client_register() fails with -ENODEV.
@ -70,7 +70,7 @@ index fc307e03943c..742039c1f1c7 100644
 
 	intel_register_dsm_handler();
 
-@@ -659,6 +669,12 @@ static int i915_load_modeset_init(struct drm_device *dev)
+@@ -674,6 +684,12 @@ static int i915_load_modeset_init(struct drm_device *dev)
 	if (ret)
 		goto cleanup_gem;
 
@ -84,7 +84,7 @@ index fc307e03943c..742039c1f1c7 100644
 	intel_hpd_init(dev_priv);
 
 diff --git a/drivers/gpu/drm/i915/i915_params.c b/drivers/gpu/drm/i915/i915_params.c
-index b6a7e363d076..5883c1f98e2d 100644
+index 8ab003dca113..c1e5c6c2e24e 100644
 --- a/drivers/gpu/drm/i915/i915_params.c
 +++ b/drivers/gpu/drm/i915/i915_params.c
@@ -51,6 +51,7 @@ struct i915_params i915 __read_mostly = {
@ -95,7 +95,7 @@ index b6a7e363d076..5883c1f98e2d 100644
 	.use_mmio_flip = 0,
 	.mmio_debug = 0,
 	.verbose_state_checks = 1,
-@@ -194,6 +195,10 @@ module_param_named_unsafe(enable_cmd_parser, i915.enable_cmd_parser, bool, 0400)
+@@ -198,6 +199,10 @@ module_param_named_unsafe(enable_cmd_parser, i915.enable_cmd_parser, bool, 0400)
 MODULE_PARM_DESC(enable_cmd_parser,
 		 "Enable command parsing (true=enabled [default], false=disabled)");
 
@ -107,11 +107,11 @@ index b6a7e363d076..5883c1f98e2d 100644
 MODULE_PARM_DESC(use_mmio_flip,
 		 "use MMIO flips (-1=never, 0=driver discretion [default], 1=always)");
 diff --git a/drivers/gpu/drm/i915/i915_params.h b/drivers/gpu/drm/i915/i915_params.h
-index 34148cc8637c..edc38206d360 100644
+index ac844709c97e..edb6633e417d 100644
 --- a/drivers/gpu/drm/i915/i915_params.h
 +++ b/drivers/gpu/drm/i915/i915_params.h
-@@ -63,6 +63,7 @@
- 	func(bool, reset); \
+@@ -64,6 +64,7 @@
+ 	func(bool, force_reset_modeset_test); \
 	func(bool, error_capture); \
 	func(bool, disable_display); \
 +	func(bool, enable_hd_vgaarb); \
@ -119,10 +119,10 @@ index 34148cc8637c..edc38206d360 100644
 	func(bool, nuclear_pageflip); \
 	func(bool, enable_dp_mst); \
 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index cc484b56eeaa..1d0e504f32ee 100644
+index 5ebdb63330dd..f686661d4ac4 100644
 --- a/drivers/gpu/drm/i915/intel_display.c
 +++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -14883,6 +14883,37 @@ static void i915_disable_vga(struct drm_i915_private *dev_priv)
+@@ -14382,6 +14382,37 @@ static void i915_disable_vga(struct drm_i915_private *dev_priv)
 	POSTING_READ(vga_reg);
 }
 
@ -160,7 +160,7 @@ index cc484b56eeaa..1d0e504f32ee 100644
 void intel_modeset_init_hw(struct drm_device *dev)
 {
 	struct drm_i915_private *dev_priv = to_i915(dev);
-@@ -15381,6 +15412,7 @@ void i915_redisable_vga_power_on(struct drm_i915_private *dev_priv)
+@@ -14880,6 +14911,7 @@ void i915_redisable_vga_power_on(struct drm_i915_private *dev_priv)
 	if (!(I915_READ(vga_reg) & VGA_DISP_DISABLE)) {
 		DRM_DEBUG_KMS("Something enabled VGA plane, disabling it\n");
 		i915_disable_vga(dev_priv);
@ -168,7 +168,7 @@ index cc484b56eeaa..1d0e504f32ee 100644
 	}
 }
 
-@@ -15732,6 +15764,8 @@ void intel_modeset_cleanup(struct drm_device *dev)
+@@ -15248,6 +15280,8 @@ void intel_modeset_cleanup(struct drm_device *dev)
 {
 	struct drm_i915_private *dev_priv = to_i915(dev);
 
@ -178,17 +178,17 @@ index cc484b56eeaa..1d0e504f32ee 100644
 	WARN_ON(!llist_empty(&dev_priv->atomic_helper.free_list));
 
 diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h
-index d93efb49a2e2..cdd474ba61f9 100644
+index 79fbaf78f604..c0083032a053 100644
 --- a/drivers/gpu/drm/i915/intel_drv.h
 +++ b/drivers/gpu/drm/i915/intel_drv.h
-@@ -1336,6 +1336,7 @@ int vlv_get_cck_clock_hpll(struct drm_i915_private *dev_priv,
+@@ -1316,6 +1316,7 @@ int vlv_get_cck_clock_hpll(struct drm_i915_private *dev_priv,
+ 			   const char *name, u32 reg);
 void lpt_disable_pch_transcoder(struct drm_i915_private *dev_priv);
 void lpt_disable_iclkip(struct drm_i915_private *dev_priv);
- extern const struct drm_plane_funcs intel_plane_funcs;
 +extern void i915_disable_vga_mem(struct drm_i915_private *dev_priv);
 void intel_init_display_hooks(struct drm_i915_private *dev_priv);
 unsigned int intel_fb_xy_to_linear(int x, int y,
 				   const struct intel_plane_state *state,
 -- 
-2.14.2
+2.15.1