diff options
Diffstat (limited to 'debian/patches/features')
5 files changed, 24 insertions, 124 deletions
diff --git a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch index d224208d4e..f836c8b83d 100644 --- a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +++ b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch @@ -35,7 +35,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> reserve_ibft_region(); x86_init.resources.dmi_setup(); -@@ -1063,8 +1065,6 @@ void __init setup_arch(char **cmdline_p) +@@ -1061,8 +1063,6 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); @@ -67,7 +67,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> default: --- a/include/linux/security.h +++ b/include/linux/security.h -@@ -496,6 +496,7 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +@@ -509,6 +509,7 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len, void *val, size_t val_len, u64 id, u64 flags); @@ -75,7 +75,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) -@@ -1439,6 +1440,11 @@ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, +@@ -1483,6 +1484,11 @@ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, { return -EOPNOTSUPP; } diff --git a/debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch b/debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch deleted file mode 100644 index dd7c02e005..0000000000 --- a/debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch +++ /dev/null @@ -1,98 +0,0 @@ -From: "Christoph Lameter (Ampere)" <cl@gentwo.org> -Date: Wed, 6 Mar 2024 17:45:04 -0800 -Subject: ARM64: Dynamically allocate cpumasks and increase supported CPUs to - 512 -Forwarded: https://lore.kernel.org/lkml/37099a57-b655-3b3a-56d0-5f7fbd49d7db@gentwo.org/ -Applied-Upstream: 3fbd56f0e7c14e7c7a7597fd4a368753fe70d76f - - [ a.k.a. Revert "Revert "ARM64: Dynamically allocate cpumasks and - increase supported CPUs to 512""; originally reverted because of a - bug in the cpufreq-dt code not using zalloc_cpumask_var() ] - -Currently defconfig selects NR_CPUS=256, but some vendors (e.g. Ampere -Computing) are planning to ship systems with 512 CPUs. So that all CPUs on -these systems can be used with defconfig, we'd like to bump NR_CPUS to 512. -Therefore this patch increases the default NR_CPUS from 256 to 512. - -As increasing NR_CPUS will increase the size of cpumasks, there's a fear that -this might have a significant impact on stack usage due to code which places -cpumasks on the stack. To mitigate that concern, we can select -CPUMASK_OFFSTACK. As that doesn't seem to be a problem today with -NR_CPUS=256, we only select this when NR_CPUS > 256. - -CPUMASK_OFFSTACK configures the cpumasks in the kernel to be -dynamically allocated. This was used in the X86 architecture in the -past to enable support for larger CPU configurations up to 8k cpus. - -With that is becomes possible to dynamically size the allocation of -the cpu bitmaps depending on the quantity of processors detected on -bootup. Memory used for cpumasks will increase if the kernel is -run on a machine with more cores. - -Further increases may be needed if ARM processor vendors start -supporting more processors. Given the current inflationary trends -in core counts from multiple processor manufacturers this may occur. - -There are minor regressions for hackbench. The kernel data size -for 512 cpus is smaller with offstack than with onstack. - -Benchmark results using hackbench average over 10 runs of - - hackbench -s 512 -l 2000 -g 15 -f 25 -P - -on Altra 80 Core - -Support for 256 CPUs on stack. Baseline - - 7.8564 sec - -Support for 512 CUs on stack. - - 7.8713 sec + 0.18% - -512 CPUS offstack - - 7.8916 sec + 0.44% - -Kernel size comparison: - - text data filename Difference to onstack256 baseline -25755648 9589248 vmlinuz-6.8.0-rc4-onstack256 -25755648 9607680 vmlinuz-6.8.0-rc4-onstack512 +0.19% -25755648 9603584 vmlinuz-6.8.0-rc4-offstack512 +0.14% - -Tested-by: Eric Mackay <eric.mackay@oracle.com> -Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> -Signed-off-by: Christoph Lameter (Ampere) <cl@linux.com> -Acked-by: Mark Rutland <mark.rutland@arm.com> -Link: https://lore.kernel.org/r/37099a57-b655-3b3a-56d0-5f7fbd49d7db@gentwo.org -Link: https://lore.kernel.org/r/20240314125457.186678-1-m.szyprowski@samsung.com -[catalin.marinas@arm.com: use 'select' instead of duplicating 'config CPUMASK_OFFSTACK'] -Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> ---- - arch/arm64/Kconfig | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index 4869265ace2ddd..a03de40bd4cd7c 100644 ---- a/arch/arm64/Kconfig -+++ b/arch/arm64/Kconfig -@@ -120,6 +120,7 @@ config ARM64 - select CLONE_BACKWARDS - select COMMON_CLK - select CPU_PM if (SUSPEND || CPU_IDLE) -+ select CPUMASK_OFFSTACK if NR_CPUS > 256 - select CRC32 - select DCACHE_WORD_ACCESS - select DYNAMIC_FTRACE if FUNCTION_TRACER -@@ -1430,7 +1431,7 @@ config SCHED_SMT - config NR_CPUS - int "Maximum number of CPUs (2-4096)" - range 2 4096 -- default "256" -+ default "512" - - config HOTPLUG_CPU - bool "Support for hot-pluggable CPUs" --- -cgit 1.2.3-korg diff --git a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch index a4576e75f4..fedbab5d78 100644 --- a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch +++ b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch @@ -15,7 +15,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- --- a/drivers/iommu/intel/Kconfig +++ b/drivers/iommu/intel/Kconfig -@@ -56,14 +56,25 @@ config INTEL_IOMMU_SVM +@@ -57,13 +57,24 @@ config INTEL_IOMMU_SVM to access DMA resources through process address space by means of a Process Address Space ID (PASID). @@ -41,15 +41,14 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> + +config INTEL_IOMMU_DEFAULT_OFF + bool "Disable" - ++ +endchoice -+ - config INTEL_IOMMU_BROKEN_GFX_WA - bool "Workaround broken graphics drivers (going away soon)" - depends on BROKEN && X86 + + config INTEL_IOMMU_FLOPPY_WA + def_bool y --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c -@@ -284,14 +284,14 @@ static LIST_HEAD(dmar_satc_units); +@@ -218,13 +218,13 @@ static LIST_HEAD(dmar_satc_units); static void intel_iommu_domain_free(struct iommu_domain *domain); @@ -60,13 +59,12 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> int intel_iommu_enabled = 0; EXPORT_SYMBOL_GPL(intel_iommu_enabled); - static int dmar_map_gfx = 1; -static int dmar_map_intgpu = 1; +static int dmar_map_intgpu = IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_ON); static int intel_iommu_superpage = 1; static int iommu_identity_mapping; static int iommu_skip_te_disable; -@@ -333,6 +333,7 @@ static int __init intel_iommu_setup(char +@@ -263,6 +263,7 @@ static int __init intel_iommu_setup(char while (*str) { if (!strncmp(str, "on", 2)) { dmar_disabled = 0; diff --git a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch index 6950c937d5..8c82cce244 100644 --- a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch +++ b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch @@ -22,7 +22,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -2122,6 +2122,8 @@ +@@ -2174,6 +2174,8 @@ bypassed by not enabling DMAR with this option. In this case, gfx device will use physical address for DMA. @@ -33,7 +33,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> sp_off [Default Off] --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c -@@ -36,6 +36,9 @@ +@@ -35,6 +35,9 @@ #define CONTEXT_SIZE VTD_PAGE_SIZE #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY) @@ -43,24 +43,24 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> #define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB) #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA) #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e) -@@ -291,12 +294,14 @@ int intel_iommu_enabled = 0; +@@ -221,12 +224,14 @@ int intel_iommu_sm = IS_ENABLED(CONFIG_I + int intel_iommu_enabled = 0; EXPORT_SYMBOL_GPL(intel_iommu_enabled); - static int dmar_map_gfx = 1; +static int dmar_map_intgpu = 1; static int intel_iommu_superpage = 1; static int iommu_identity_mapping; static int iommu_skip_te_disable; + static int disable_igfx_iommu; - #define IDENTMAP_GFX 2 #define IDENTMAP_AZALIA 4 +#define IDENTMAP_INTGPU 8 const struct iommu_ops intel_iommu_ops; static const struct iommu_dirty_ops intel_dirty_ops; -@@ -336,6 +341,9 @@ static int __init intel_iommu_setup(char +@@ -266,6 +271,9 @@ static int __init intel_iommu_setup(char } else if (!strncmp(str, "igfx_off", 8)) { - dmar_map_gfx = 0; + disable_igfx_iommu = 1; pr_info("Disable GFX device mapping\n"); + } else if (!strncmp(str, "intgpu_off", 10)) { + dmar_map_intgpu = 0; @@ -68,9 +68,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> } else if (!strncmp(str, "forcedac", 8)) { pr_warn("intel_iommu=forcedac deprecated; use iommu.forcedac instead\n"); iommu_dma_forcedac = true; -@@ -2548,6 +2556,9 @@ static int device_def_domain_type(struct +@@ -2401,6 +2409,9 @@ static int device_def_domain_type(struct - if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev)) + if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev)) return IOMMU_DOMAIN_IDENTITY; + + if ((iommu_identity_mapping & IDENTMAP_INTGPU) && IS_INTGPU_DEVICE(pdev)) @@ -78,9 +78,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> } return 0; -@@ -2855,6 +2866,9 @@ static int __init init_dmars(void) - if (!dmar_map_gfx) - iommu_identity_mapping |= IDENTMAP_GFX; +@@ -2701,6 +2712,9 @@ static int __init init_dmars(void) + iommu_set_root_entry(iommu); + } + if (!dmar_map_intgpu) + iommu_identity_mapping |= IDENTMAP_INTGPU; diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch index 55f43dcd32..b4dd9b9102 100644 --- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch +++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch @@ -29,7 +29,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -6468,6 +6468,10 @@ +@@ -6498,6 +6498,10 @@ later by a loaded module cannot be set this way. Example: sysctl.vm.swappiness=40 @@ -42,7 +42,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Ignore sysrq setting - this boot parameter will --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -3052,6 +3052,14 @@ config COMPAT_32 +@@ -3058,6 +3058,14 @@ config COMPAT_32 select HAVE_UID16 select OLD_SIGSUSPEND3 |