summarylogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO30
-rw-r--r--0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch6
-rw-r--r--0002-x86-setup-Consolidate-early-memory-reservations.patch188
-rw-r--r--0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch67
-rw-r--r--0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch87
-rw-r--r--0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch170
-rw-r--r--0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch114
-rw-r--r--0007-x86-crash-remove-crash_reserve_low_1M.patch58
-rw-r--r--PKGBUILD22
-rw-r--r--config7
10 files changed, 728 insertions, 21 deletions
diff --git a/.SRCINFO b/.SRCINFO
index c4135b89b0b..450b4f8b729 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
pkgbase = linux-rc
- pkgver = 5.12.10rc1
+ pkgver = 5.12.13rc1
pkgrel = 1
url = https://www.kernel.org/
arch = x86_64
@@ -12,20 +12,32 @@ pkgbase = linux-rc
makedepends = tar
makedepends = xz
options = !strip
- source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.12.10-rc1.xz
- source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.12.10-rc1.sign
- source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.12.9.tar.xz
- source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.12.9.tar.sign
+ source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.12.13-rc1.xz
+ source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.12.13-rc1.sign
+ source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.12.12.tar.xz
+ source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.12.12.tar.sign
source = config
source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+ source = 0002-x86-setup-Consolidate-early-memory-reservations.patch
+ source = 0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch
+ source = 0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch
+ source = 0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch
+ source = 0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch
+ source = 0007-x86-crash-remove-crash_reserve_low_1M.patch
validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
- b2sums = 391ff48c0c59316fe362d493689839e62b9e38050a87b977402a195b79f70e99bdcc4cd8fb77de5edf32c073f56cd54326be63b7d718cf99064ae208bbc1959f
+ b2sums = 2baef27303c676d82dada549076c29bbf25bb2db1d957a4e292d32dff1647f14b235a691468be0e8d36663ee137d14fe3aeaaa95db2e3592e2eada523b567641
b2sums = SKIP
- b2sums = c4ba5b7da3e7af4edb3511b63a21f3d6ca8138f4a5fa77714f49a97f7c06db21daf3df66bb905561d6975b6652bf5b517e995f5e673328b9df3415f37ac01fd0
+ b2sums = f9aef3da2f65916cc30da9a066217d3379036e6a32a732224da7fee86c80810315484f48132b50b8cf8eb5e0b055ad1b7bbe63dadd0eb54b0b0626bc57c20963
b2sums = SKIP
- b2sums = 18d9f071699c9e9bb4c7d340f4d688554b818a4f7fdcefeee24b8b39fc9328737c6967cfd7e884b518e0c87cfb64ac7a10368ac82436d73f96f0881b5c201099
- b2sums = e43852e13fad5cdf3ce47ed698579bf019ea5c4f2f63191f417e226733b70b984c892bf2fd64bdca89aaa44dfd6b06e01f169bc784d7bf61e6189427e24c8b0a
+ b2sums = 83aa7f127d34a247a8275358d52a510d4895c790211d98ac51ed7df75c881e9071cfe3d03f137f7edff3fe8b46e7f77fd9bfd0ef1b163a9c70dac5b4f3cc9693
+ b2sums = dda152592dec643bce44754bf5d2d43a5897cc57f8dc258b87857055a45abf903d619aba1de389228cb086a17fedea5458f8fe2c0993fa20213bb7c5bca331c8
+ b2sums = 13330cf57b5c6b928ea73bd30479010688cf8d2003107b041a7fdad33c1ac225c8c905bef235cd762d6ea76be754b5db6be769526bacf7333298f72d6afff535
+ b2sums = 381e0f177faa3090d1abf4d11a97db535712840870265dea167d7692dee7733a226d09c103d01705d5c0809fa66c7a23efea9da2473da672644b06e31db77083
+ b2sums = cd9da0dee048fc52a3032343f122c2055081eeedfc8a3e5227218f0f63fc7618e8fe744c8caa7e3a2ca844f4aaf7314b57a306d0d3b1849e97b24687b8c5a501
+ b2sums = 1810832172e1b006a5471d8e317573343884feed9abc9e7380a32d83c958b0e6aa68adf9a647c9b7b714783997591f5d80e754c6e7357279661eee998f22864c
+ b2sums = 4e7cb958f95d99bba9810e675d4f1b0b3c171f78e9fe96ff9d265f792f4ceb1367f2f4d238f36b5ca1c395e14abdabbf0f8ce2dc07c4fe567d822a8b629dfa05
+ b2sums = 2251f8bf84e141b4661f84cc2ce7b21783ac0a349b2651477dfcbc5383b796b2e588d85ee411398b15c820cb3672256be8ed281c8bccfad252c9dd5b0e1e0cd5
pkgname = linux-rc
pkgdesc = The release candidate kernel and modules
diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
index b88a6f2efb0..73e35ef52bf 100644
--- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
@@ -1,7 +1,7 @@
-From 22e3612b3c9305e1010da29ee500a6ad0cc3843f Mon Sep 17 00:00:00 2001
+From fa17daad7209d62169553ce6336ef29ba4748049 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Mon, 16 Sep 2019 04:53:20 +0200
-Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged
+Subject: [PATCH 1/8] ZEN: Add sysctl and CONFIG to disallow unprivileged
CLONE_NEWUSER
Our default behavior continues to match the vanilla kernel.
@@ -150,5 +150,5 @@ index 9a4b980d695b..4388ca13ea3f 100644
static DEFINE_MUTEX(userns_state_mutex);
--
-2.31.1
+2.32.0
diff --git a/0002-x86-setup-Consolidate-early-memory-reservations.patch b/0002-x86-setup-Consolidate-early-memory-reservations.patch
new file mode 100644
index 00000000000..20c38079761
--- /dev/null
+++ b/0002-x86-setup-Consolidate-early-memory-reservations.patch
@@ -0,0 +1,188 @@
+From 56e6bb0fe2b790adda81851794409faa533e521c Mon Sep 17 00:00:00 2001
+From: Mike Rapoport <rppt@linux.ibm.com>
+Date: Tue, 2 Mar 2021 12:04:05 +0200
+Subject: [PATCH 2/8] x86/setup: Consolidate early memory reservations
+
+The early reservations of memory areas used by the firmware, bootloader,
+kernel text and data are spread over setup_arch(). Moreover, some of them
+happen *after* memblock allocations, e.g trim_platform_memory_ranges() and
+trim_low_memory_range() are called after reserve_real_mode() that allocates
+memory.
+
+There was no corruption of these memory regions because memblock always
+allocates memory either from the end of memory (in top-down mode) or above
+the kernel image (in bottom-up mode). However, the bottom up mode is going
+to be updated to span the entire memory [1] to avoid limitations caused by
+KASLR.
+
+Consolidate early memory reservations in a dedicated function to improve
+robustness against future changes. Having the early reservations in one
+place also makes it clearer what memory must be reserved before memblock
+allocations are allowed.
+
+Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Baoquan He <bhe@redhat.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+Acked-by: David Hildenbrand <david@redhat.com>
+Link: [1] https://lore.kernel.org/lkml/20201217201214.3414100-2-guro@fb.com
+Link: https://lkml.kernel.org/r/20210302100406.22059-2-rppt@kernel.org
+---
+ arch/x86/kernel/setup.c | 92 ++++++++++++++++++++---------------------
+ 1 file changed, 44 insertions(+), 48 deletions(-)
+
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
+index e79f21d13a0d..420d881da2bd 100644
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -646,18 +646,6 @@ static void __init trim_snb_memory(void)
+ }
+ }
+
+-/*
+- * Here we put platform-specific memory range workarounds, i.e.
+- * memory known to be corrupt or otherwise in need to be reserved on
+- * specific platforms.
+- *
+- * If this gets used more widely it could use a real dispatch mechanism.
+- */
+-static void __init trim_platform_memory_ranges(void)
+-{
+- trim_snb_memory();
+-}
+-
+ static void __init trim_bios_range(void)
+ {
+ /*
+@@ -730,7 +718,38 @@ static void __init trim_low_memory_range(void)
+ {
+ memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE));
+ }
+-
++
++static void __init early_reserve_memory(void)
++{
++ /*
++ * Reserve the memory occupied by the kernel between _text and
++ * __end_of_kernel_reserve symbols. Any kernel sections after the
++ * __end_of_kernel_reserve symbol must be explicitly reserved with a
++ * separate memblock_reserve() or they will be discarded.
++ */
++ memblock_reserve(__pa_symbol(_text),
++ (unsigned long)__end_of_kernel_reserve - (unsigned long)_text);
++
++ /*
++ * Make sure page 0 is always reserved because on systems with
++ * L1TF its contents can be leaked to user processes.
++ */
++ memblock_reserve(0, PAGE_SIZE);
++
++ early_reserve_initrd();
++
++ if (efi_enabled(EFI_BOOT))
++ efi_memblock_x86_reserve_range();
++
++ memblock_x86_reserve_range_setup_data();
++
++ reserve_ibft_region();
++ reserve_bios_regions();
++
++ trim_snb_memory();
++ trim_low_memory_range();
++}
++
+ /*
+ * Dump out kernel offset information on panic.
+ */
+@@ -765,29 +784,6 @@ dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p)
+
+ void __init setup_arch(char **cmdline_p)
+ {
+- /*
+- * Reserve the memory occupied by the kernel between _text and
+- * __end_of_kernel_reserve symbols. Any kernel sections after the
+- * __end_of_kernel_reserve symbol must be explicitly reserved with a
+- * separate memblock_reserve() or they will be discarded.
+- */
+- memblock_reserve(__pa_symbol(_text),
+- (unsigned long)__end_of_kernel_reserve - (unsigned long)_text);
+-
+- /*
+- * Make sure page 0 is always reserved because on systems with
+- * L1TF its contents can be leaked to user processes.
+- */
+- memblock_reserve(0, PAGE_SIZE);
+-
+- early_reserve_initrd();
+-
+- /*
+- * At this point everything still needed from the boot loader
+- * or BIOS or kernel text should be early reserved or marked not
+- * RAM in e820. All other memory is free game.
+- */
+-
+ #ifdef CONFIG_X86_32
+ memcpy(&boot_cpu_data, &new_cpu_data, sizeof(new_cpu_data));
+
+@@ -911,8 +907,18 @@ void __init setup_arch(char **cmdline_p)
+
+ parse_early_param();
+
+- if (efi_enabled(EFI_BOOT))
+- efi_memblock_x86_reserve_range();
++ /*
++ * Do some memory reservations *before* memory is added to
++ * memblock, so memblock allocations won't overwrite it.
++ * Do it after early param, so we could get (unlikely) panic from
++ * serial.
++ *
++ * After this point everything still needed from the boot loader or
++ * firmware or kernel text should be early reserved or marked not
++ * RAM in e820. All other memory is free game.
++ */
++ early_reserve_memory();
++
+ #ifdef CONFIG_MEMORY_HOTPLUG
+ /*
+ * Memory used by the kernel cannot be hot-removed because Linux
+@@ -939,9 +945,6 @@ void __init setup_arch(char **cmdline_p)
+
+ x86_report_nx();
+
+- /* after early param, so could get panic from serial */
+- memblock_x86_reserve_range_setup_data();
+-
+ if (acpi_mps_check()) {
+ #ifdef CONFIG_X86_LOCAL_APIC
+ disable_apic = 1;
+@@ -1033,8 +1036,6 @@ void __init setup_arch(char **cmdline_p)
+ */
+ find_smp_config();
+
+- reserve_ibft_region();
+-
+ early_alloc_pgt_buf();
+
+ /*
+@@ -1055,8 +1056,6 @@ void __init setup_arch(char **cmdline_p)
+ */
+ sev_setup_arch();
+
+- reserve_bios_regions();
+-
+ efi_fake_memmap();
+ efi_find_mirror();
+ efi_esrt_init();
+@@ -1082,9 +1081,6 @@ void __init setup_arch(char **cmdline_p)
+
+ reserve_real_mode();
+
+- trim_platform_memory_ranges();
+- trim_low_memory_range();
+-
+ init_mem_mapping();
+
+ idt_setup_early_pf();
+--
+2.32.0
+
diff --git a/0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch b/0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch
new file mode 100644
index 00000000000..eca80260ba1
--- /dev/null
+++ b/0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch
@@ -0,0 +1,67 @@
+From e63cb4a867fe803dc90376af8b268ba1549ec36e Mon Sep 17 00:00:00 2001
+From: Mike Rapoport <rppt@linux.ibm.com>
+Date: Tue, 2 Mar 2021 12:04:06 +0200
+Subject: [PATCH 3/8] x86/setup: Merge several reservations of start of memory
+
+Currently, the first several pages are reserved both to avoid leaking
+their contents on systems with L1TF and to avoid corrupting BIOS memory.
+
+Merge the two memory reservations.
+
+Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Acked-by: Borislav Petkov <bp@suse.de>
+Link: https://lkml.kernel.org/r/20210302100406.22059-3-rppt@kernel.org
+---
+ arch/x86/kernel/setup.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
+index 420d881da2bd..282d572e49af 100644
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -714,11 +714,6 @@ static int __init parse_reservelow(char *p)
+
+ early_param("reservelow", parse_reservelow);
+
+-static void __init trim_low_memory_range(void)
+-{
+- memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE));
+-}
+-
+ static void __init early_reserve_memory(void)
+ {
+ /*
+@@ -731,10 +726,17 @@ static void __init early_reserve_memory(void)
+ (unsigned long)__end_of_kernel_reserve - (unsigned long)_text);
+
+ /*
+- * Make sure page 0 is always reserved because on systems with
+- * L1TF its contents can be leaked to user processes.
++ * The first 4Kb of memory is a BIOS owned area, but generally it is
++ * not listed as such in the E820 table.
++ *
++ * Reserve the first memory page and typically some additional
++ * memory (64KiB by default) since some BIOSes are known to corrupt
++ * low memory. See the Kconfig help text for X86_RESERVE_LOW.
++ *
++ * In addition, make sure page 0 is always reserved because on
++ * systems with L1TF its contents can be leaked to user processes.
+ */
+- memblock_reserve(0, PAGE_SIZE);
++ memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE));
+
+ early_reserve_initrd();
+
+@@ -747,7 +749,6 @@ static void __init early_reserve_memory(void)
+ reserve_bios_regions();
+
+ trim_snb_memory();
+- trim_low_memory_range();
+ }
+
+ /*
+--
+2.32.0
+
diff --git a/0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch b/0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch
new file mode 100644
index 00000000000..8a8e4d194cc
--- /dev/null
+++ b/0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch
@@ -0,0 +1,87 @@
+From c4b5e4bc8317ccb0a822429d87288d9f90453a04 Mon Sep 17 00:00:00 2001
+From: Mike Rapoport <rppt@linux.ibm.com>
+Date: Tue, 13 Apr 2021 21:08:39 +0300
+Subject: [PATCH 4/8] x86/setup: Move trim_snb_memory() later in setup_arch()
+ to fix boot hangs
+
+Commit
+
+ a799c2bd29d1 ("x86/setup: Consolidate early memory reservations")
+
+moved reservation of the memory inaccessible by Sandy Bride integrated
+graphics very early, and, as a result, on systems with such devices
+the first 1M was reserved by trim_snb_memory() which prevented the
+allocation of the real mode trampoline and made the boot hang very
+early.
+
+Since the purpose of trim_snb_memory() is to prevent problematic pages
+ever reaching the graphics device, it is safe to reserve these pages
+after memblock allocations are possible.
+
+Move trim_snb_memory() later in boot so that it will be called after
+reserve_real_mode() and make comments describing trim_snb_memory()
+operation more elaborate.
+
+ [ bp: Massage a bit. ]
+
+Fixes: a799c2bd29d1 ("x86/setup: Consolidate early memory reservations")
+Reported-by: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Tested-by: Randy Dunlap <rdunlap@infradead.org>
+Tested-by: Hugh Dickins <hughd@google.com>
+Link: https://lkml.kernel.org/r/f67d3e03-af90-f790-baf4-8d412fe055af@infradead.org
+---
+ arch/x86/kernel/setup.c | 20 +++++++++++++++-----
+ 1 file changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
+index 282d572e49af..7d466f51be1f 100644
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -634,11 +634,16 @@ static void __init trim_snb_memory(void)
+ printk(KERN_DEBUG "reserving inaccessible SNB gfx pages\n");
+
+ /*
+- * Reserve all memory below the 1 MB mark that has not
+- * already been reserved.
++ * SandyBridge integrated graphics devices have a bug that prevents
++ * them from accessing certain memory ranges, namely anything below
++ * 1M and in the pages listed in bad_pages[] above.
++ *
++ * To avoid these pages being ever accessed by SNB gfx devices
++ * reserve all memory below the 1 MB mark and bad_pages that have
++ * not already been reserved at boot time.
+ */
+ memblock_reserve(0, 1<<20);
+-
++
+ for (i = 0; i < ARRAY_SIZE(bad_pages); i++) {
+ if (memblock_reserve(bad_pages[i], PAGE_SIZE))
+ printk(KERN_WARNING "failed to reserve 0x%08lx\n",
+@@ -747,8 +752,6 @@ static void __init early_reserve_memory(void)
+
+ reserve_ibft_region();
+ reserve_bios_regions();
+-
+- trim_snb_memory();
+ }
+
+ /*
+@@ -1082,6 +1085,13 @@ void __init setup_arch(char **cmdline_p)
+
+ reserve_real_mode();
+
++ /*
++ * Reserving memory causing GPU hangs on Sandy Bridge integrated
++ * graphics devices should be done after we allocated memory under
++ * 1M for the real mode trampoline.
++ */
++ trim_snb_memory();
++
+ init_mem_mapping();
+
+ idt_setup_early_pf();
+--
+2.32.0
+
diff --git a/0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch b/0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch
new file mode 100644
index 00000000000..169ba22ae2d
--- /dev/null
+++ b/0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch
@@ -0,0 +1,170 @@
+From 3ffe8ae29143ee20e01b0bc4a63774182b59daf9 Mon Sep 17 00:00:00 2001
+From: Mike Rapoport <rppt@linux.ibm.com>
+Date: Tue, 1 Jun 2021 10:53:52 +0300
+Subject: [PATCH 5/8] x86/setup: always reserve the first 1M of RAM
+
+There are BIOSes that are known to corrupt the memory under 1M, or more
+precisely under 640K because the memory above 640K is anyway reserved for
+the EGA/VGA frame buffer and BIOS.
+
+To prevent usage of the memory that will be potentially clobbered by the
+kernel, the beginning of the memory is always reserved. The exact size of
+the reserved area is determined by CONFIG_X86_RESERVE_LOW build time and
+reservelow command line option. The reserved range may be from 4K to 640K
+with the default of 64K. There are also configurations that reserve the
+entire 1M range, like machines with SandyBridge graphic devices or systems
+that enable crash kernel.
+
+In addition to the potentially clobbered memory, EBDA of unknown size may
+be as low as 128K and the memory above that EBDA start is also reserved
+early.
+
+It would have been possible to reserve the entire range under 1M unless for
+the real mode trampoline that must reside in that area.
+
+To accommodate placement of the real mode trampoline and keep the memory
+safe from being clobbered by BIOS reserve the first 64K of RAM before
+memory allocations are possible and then, after the real mode trampoline is
+allocated, reserve the entire range from 0 to 1M.
+
+Update trim_snb_memory() and reserve_real_mode() to avoid redundant
+reservations of the same memory range.
+
+Also make sure the memory under 1M is not getting freed by
+efi_free_boot_services().
+
+Fixes: a799c2bd29d1 ("x86/setup: Consolidate early memory reservations")
+Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
+---
+ arch/x86/kernel/setup.c | 35 ++++++++++++++++++++--------------
+ arch/x86/platform/efi/quirks.c | 12 ++++++++++++
+ arch/x86/realmode/init.c | 14 ++++++++------
+ 3 files changed, 41 insertions(+), 20 deletions(-)
+
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
+index 7d466f51be1f..d7cfb927864f 100644
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -638,11 +638,11 @@ static void __init trim_snb_memory(void)
+ * them from accessing certain memory ranges, namely anything below
+ * 1M and in the pages listed in bad_pages[] above.
+ *
+- * To avoid these pages being ever accessed by SNB gfx devices
+- * reserve all memory below the 1 MB mark and bad_pages that have
+- * not already been reserved at boot time.
++ * To avoid these pages being ever accessed by SNB gfx devices reserve
++ * bad_pages that have not already been reserved at boot time.
++ * All memory below the 1 MB mark is anyway reserved later during
++ * setup_arch(), so there is no need to reserve it here.
+ */
+- memblock_reserve(0, 1<<20);
+
+ for (i = 0; i < ARRAY_SIZE(bad_pages); i++) {
+ if (memblock_reserve(bad_pages[i], PAGE_SIZE))
+@@ -734,14 +734,14 @@ static void __init early_reserve_memory(void)
+ * The first 4Kb of memory is a BIOS owned area, but generally it is
+ * not listed as such in the E820 table.
+ *
+- * Reserve the first memory page and typically some additional
+- * memory (64KiB by default) since some BIOSes are known to corrupt
+- * low memory. See the Kconfig help text for X86_RESERVE_LOW.
++ * Reserve the first 64K of memory since some BIOSes are known to
++ * corrupt low memory. After the real mode trampoline is allocated the
++ * rest of the memory below 640k is reserved.
+ *
+ * In addition, make sure page 0 is always reserved because on
+ * systems with L1TF its contents can be leaked to user processes.
+ */
+- memblock_reserve(0, ALIGN(reserve_low, PAGE_SIZE));
++ memblock_reserve(0, SZ_64K);
+
+ early_reserve_initrd();
+
+@@ -752,6 +752,7 @@ static void __init early_reserve_memory(void)
+
+ reserve_ibft_region();
+ reserve_bios_regions();
++ trim_snb_memory();
+ }
+
+ /*
+@@ -1083,14 +1084,20 @@ void __init setup_arch(char **cmdline_p)
+ (max_pfn_mapped<<PAGE_SHIFT) - 1);
+ #endif
+
+- reserve_real_mode();
+-
+ /*
+- * Reserving memory causing GPU hangs on Sandy Bridge integrated
+- * graphics devices should be done after we allocated memory under
+- * 1M for the real mode trampoline.
++ * Find free memory for the real mode trampoline and place it
++ * there.
++ * If there is not enough free memory under 1M, on EFI-enabled
++ * systems there will be additional attempt to reclaim the memory
++ * for the real mode trampoline at efi_free_boot_services().
++ *
++ * Unconditionally reserve the entire first 1M of RAM because
++ * BIOSes are know to corrupt low memory and several
++ * hundred kilobytes are not worth complex detection what memory gets
++ * clobbered. Moreover, on machines with SandyBridge graphics or in
++ * setups that use crashkernel the entire 1M is anyway reserved.
+ */
+- trim_snb_memory();
++ reserve_real_mode();
+
+ init_mem_mapping();
+
+diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c
+index 67d93a243c35..27561b56a821 100644
+--- a/arch/x86/platform/efi/quirks.c
++++ b/arch/x86/platform/efi/quirks.c
+@@ -450,6 +450,18 @@ void __init efi_free_boot_services(void)
+ size -= rm_size;
+ }
+
++ /*
++ * Don't free memory under 1M for two reasons:
++ * - BIOS might clobber it
++ * - Crash kernel needs it to be reserved
++ */
++ if (start + size < SZ_1M)
++ continue;
++ if (start < SZ_1M) {
++ size -= (SZ_1M - start);
++ start = SZ_1M;
++ }
++
+ memblock_free_late(start, size);
+ }
+
+diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
+index 22fda7d99159..ea42630d4e2e 100644
+--- a/arch/x86/realmode/init.c
++++ b/arch/x86/realmode/init.c
+@@ -29,14 +29,16 @@ void __init reserve_real_mode(void)
+
+ /* Has to be under 1M so we can execute real-mode AP code. */
+ mem = memblock_find_in_range(0, 1<<20, size, PAGE_SIZE);
+- if (!mem) {
++ if (!mem)
+ pr_info("No sub-1M memory is available for the trampoline\n");
+- return;
+- }
++ else
++ set_real_mode_mem(mem);
+
+- memblock_reserve(mem, size);
+- set_real_mode_mem(mem);
+- crash_reserve_low_1M();
++ /*
++ * Unconditionally reserve the entire fisrt 1M, see comment in
++ * setup_arch()
++ */
++ memblock_reserve(0, SZ_1M);
+ }
+
+ static void sme_sev_setup_real_mode(struct trampoline_header *th)
+--
+2.32.0
+
diff --git a/0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch b/0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch
new file mode 100644
index 00000000000..a49d92c2252
--- /dev/null
+++ b/0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch
@@ -0,0 +1,114 @@
+From 2e68d15d0a146e9b13bfbaba5f260c82b8c3d049 Mon Sep 17 00:00:00 2001
+From: Mike Rapoport <rppt@linux.ibm.com>
+Date: Tue, 1 Jun 2021 10:53:53 +0300
+Subject: [PATCH 6/8] x86/setup: remove CONFIG_X86_RESERVE_LOW and reservelow
+ options
+
+The CONFIG_X86_RESERVE_LOW build time and reservelow command line option
+allowed to control the amount of memory under 1M that would be reserved at
+boot to avoid using memory that can be potentially clobbered by BIOS.
+
+Since the entire range under 1M is always reserved there is no need for
+these options and they can be removed.
+
+Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
+---
+ .../admin-guide/kernel-parameters.txt | 5 ----
+ arch/x86/Kconfig | 29 -------------------
+ arch/x86/kernel/setup.c | 24 ---------------
+ 3 files changed, 58 deletions(-)
+
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
+index 835f810f2f26..479cc44cc4e2 100644
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -4623,11 +4623,6 @@
+ Reserves a hole at the top of the kernel virtual
+ address space.
+
+- reservelow= [X86]
+- Format: nn[K]
+- Set the amount of memory to reserve for BIOS at
+- the bottom of the address space.
+-
+ reset_devices [KNL] Force drivers to reset the underlying device
+ during initialization.
+
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index 861b1b794697..fc91be3b1bd1 100644
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -1688,35 +1688,6 @@ config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
+ Set whether the default state of memory_corruption_check is
+ on or off.
+
+-config X86_RESERVE_LOW
+- int "Amount of low memory, in kilobytes, to reserve for the BIOS"
+- default 64
+- range 4 640
+- help
+- Specify the amount of low memory to reserve for the BIOS.
+-
+- The first page contains BIOS data structures that the kernel
+- must not use, so that page must always be reserved.
+-
+- By default we reserve the first 64K of physical RAM, as a
+- number of BIOSes are known to corrupt that memory range
+- during events such as suspend/resume or monitor cable
+- insertion, so it must not be used by the kernel.
+-
+- You can set this to 4 if you are absolutely sure that you
+- trust the BIOS to get all its memory reservations and usages
+- right. If you know your BIOS have problems beyond the
+- default 64K area, you can set this to 640 to avoid using the
+- entire low memory range.
+-
+- If you have doubts about the BIOS (e.g. suspend/resume does
+- not work or there's kernel crashes after certain hardware
+- hotplug events) then you might want to enable
+- X86_CHECK_BIOS_CORRUPTION=y to allow the kernel to check
+- typical corruption patterns.
+-
+- Leave this to the default value of 64 if you are unsure.
+-
+ config MATH_EMULATION
+ bool
+ depends on MODIFY_LDT_SYSCALL
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
+index d7cfb927864f..fbda4bbf75c1 100644
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -695,30 +695,6 @@ static void __init e820_add_kernel_range(void)
+ e820__range_add(start, size, E820_TYPE_RAM);
+ }
+
+-static unsigned reserve_low = CONFIG_X86_RESERVE_LOW << 10;
+-
+-static int __init parse_reservelow(char *p)
+-{
+- unsigned long long size;
+-
+- if (!p)
+- return -EINVAL;
+-
+- size = memparse(p, &p);
+-
+- if (size < 4096)
+- size = 4096;
+-
+- if (size > 640*1024)
+- size = 640*1024;
+-
+- reserve_low = size;
+-
+- return 0;
+-}
+-
+-early_param("reservelow", parse_reservelow);
+-
+ static void __init early_reserve_memory(void)
+ {
+ /*
+--
+2.32.0
+
diff --git a/0007-x86-crash-remove-crash_reserve_low_1M.patch b/0007-x86-crash-remove-crash_reserve_low_1M.patch
new file mode 100644
index 00000000000..903e5fa0969
--- /dev/null
+++ b/0007-x86-crash-remove-crash_reserve_low_1M.patch
@@ -0,0 +1,58 @@
+From bb4c1200fdfd6c17fff64e159e625c3678342b87 Mon Sep 17 00:00:00 2001
+From: Mike Rapoport <rppt@linux.ibm.com>
+Date: Tue, 1 Jun 2021 10:53:54 +0300
+Subject: [PATCH 7/8] x86/crash: remove crash_reserve_low_1M()
+
+The entire memory range under 1M is unconditionally reserved at
+setup_arch(), so there is no need for crash_reserve_low_1M() anymore.
+
+Remove this function.
+
+Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
+---
+ arch/x86/include/asm/crash.h | 6 ------
+ arch/x86/kernel/crash.c | 13 -------------
+ 2 files changed, 19 deletions(-)
+
+diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h
+index f58de66091e5..8b6bd63530dc 100644
+--- a/arch/x86/include/asm/crash.h
++++ b/arch/x86/include/asm/crash.h
+@@ -9,10 +9,4 @@ int crash_setup_memmap_entries(struct kimage *image,
+ struct boot_params *params);
+ void crash_smp_send_stop(void);
+
+-#ifdef CONFIG_KEXEC_CORE
+-void __init crash_reserve_low_1M(void);
+-#else
+-static inline void __init crash_reserve_low_1M(void) { }
+-#endif
+-
+ #endif /* _ASM_X86_CRASH_H */
+diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
+index b1deacbeb266..e0b8d9662da5 100644
+--- a/arch/x86/kernel/crash.c
++++ b/arch/x86/kernel/crash.c
+@@ -70,19 +70,6 @@ static inline void cpu_crash_vmclear_loaded_vmcss(void)
+ rcu_read_unlock();
+ }
+
+-/*
+- * When the crashkernel option is specified, only use the low
+- * 1M for the real mode trampoline.
+- */
+-void __init crash_reserve_low_1M(void)
+-{
+- if (cmdline_find_option(boot_command_line, "crashkernel", NULL, 0) < 0)
+- return;
+-
+- memblock_reserve(0, 1<<20);
+- pr_info("Reserving the low 1M of memory for crashkernel\n");
+-}
+-
+ #if defined(CONFIG_SMP) && defined(CONFIG_X86_LOCAL_APIC)
+
+ static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
+--
+2.32.0
+
diff --git a/PKGBUILD b/PKGBUILD
index 790ecbd8af3..de0d18c58a8 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@ _srcname=linux-5.12
_major=5.12
### on initial release this is null otherwise it is the current stable subversion
### ie 1,2,3 corresponding $_major.1, $_major.3 etc
-_minor=9
+_minor=12
_minorc=$((_minor+1))
### on initial release this is just $_major
_fullver=$_major.$_minor
@@ -30,17 +30,29 @@ source=(
https://www.kernel.org/pub/linux/kernel/v5.x/linux-$_fullver.tar.{xz,sign}
config # the main kernel config file
0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+ 0002-x86-setup-Consolidate-early-memory-reservations.patch
+ 0003-x86-setup-Merge-several-reservations-of-start-of-mem.patch
+ 0004-x86-setup-Move-trim_snb_memory-later-in-setup_arch-t.patch
+ 0005-x86-setup-always-reserve-the-first-1M-of-RAM.patch
+ 0006-x86-setup-remove-CONFIG_X86_RESERVE_LOW-and-reservel.patch
+ 0007-x86-crash-remove-crash_reserve_low_1M.patch
)
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
)
-b2sums=('391ff48c0c59316fe362d493689839e62b9e38050a87b977402a195b79f70e99bdcc4cd8fb77de5edf32c073f56cd54326be63b7d718cf99064ae208bbc1959f'
+b2sums=('2baef27303c676d82dada549076c29bbf25bb2db1d957a4e292d32dff1647f14b235a691468be0e8d36663ee137d14fe3aeaaa95db2e3592e2eada523b567641'
'SKIP'
- 'c4ba5b7da3e7af4edb3511b63a21f3d6ca8138f4a5fa77714f49a97f7c06db21daf3df66bb905561d6975b6652bf5b517e995f5e673328b9df3415f37ac01fd0'
+ 'f9aef3da2f65916cc30da9a066217d3379036e6a32a732224da7fee86c80810315484f48132b50b8cf8eb5e0b055ad1b7bbe63dadd0eb54b0b0626bc57c20963'
'SKIP'
- '18d9f071699c9e9bb4c7d340f4d688554b818a4f7fdcefeee24b8b39fc9328737c6967cfd7e884b518e0c87cfb64ac7a10368ac82436d73f96f0881b5c201099'
- 'e43852e13fad5cdf3ce47ed698579bf019ea5c4f2f63191f417e226733b70b984c892bf2fd64bdca89aaa44dfd6b06e01f169bc784d7bf61e6189427e24c8b0a')
+ '83aa7f127d34a247a8275358d52a510d4895c790211d98ac51ed7df75c881e9071cfe3d03f137f7edff3fe8b46e7f77fd9bfd0ef1b163a9c70dac5b4f3cc9693'
+ 'dda152592dec643bce44754bf5d2d43a5897cc57f8dc258b87857055a45abf903d619aba1de389228cb086a17fedea5458f8fe2c0993fa20213bb7c5bca331c8'
+ '13330cf57b5c6b928ea73bd30479010688cf8d2003107b041a7fdad33c1ac225c8c905bef235cd762d6ea76be754b5db6be769526bacf7333298f72d6afff535'
+ '381e0f177faa3090d1abf4d11a97db535712840870265dea167d7692dee7733a226d09c103d01705d5c0809fa66c7a23efea9da2473da672644b06e31db77083'
+ 'cd9da0dee048fc52a3032343f122c2055081eeedfc8a3e5227218f0f63fc7618e8fe744c8caa7e3a2ca844f4aaf7314b57a306d0d3b1849e97b24687b8c5a501'
+ '1810832172e1b006a5471d8e317573343884feed9abc9e7380a32d83c958b0e6aa68adf9a647c9b7b714783997591f5d80e754c6e7357279661eee998f22864c'
+ '4e7cb958f95d99bba9810e675d4f1b0b3c171f78e9fe96ff9d265f792f4ceb1367f2f4d238f36b5ca1c395e14abdabbf0f8ce2dc07c4fe567d822a8b629dfa05'
+ '2251f8bf84e141b4661f84cc2ce7b21783ac0a349b2651477dfcbc5383b796b2e588d85ee411398b15c820cb3672256be8ed281c8bccfad252c9dd5b0e1e0cd5')
export KBUILD_BUILD_HOST=archlinux
diff --git a/config b/config
index 29de5dd6eb6..331edb01255 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.12.8-arch1 Kernel Configuration
+# Linux/x86 5.12.11-arch1 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0"
CONFIG_CC_IS_GCC=y
@@ -451,7 +451,6 @@ CONFIG_X86_PMEM_LEGACY_DEVICE=y
CONFIG_X86_PMEM_LEGACY=m
CONFIG_X86_CHECK_BIOS_CORRUPTION=y
CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
-CONFIG_X86_RESERVE_LOW=64
CONFIG_MTRR=y
CONFIG_MTRR_SANITIZER=y
CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=1
@@ -9689,7 +9688,7 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="lockdown,yama,bpf"
+CONFIG_LSM="lockdown,yama"
#
# Kernel hardening options
@@ -10288,7 +10287,7 @@ CONFIG_STACKTRACE=y
#
# Debug kernel data structures
#
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
# CONFIG_DEBUG_PLIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set