summaryrefslogtreecommitdiffstats
path: root/debian/patches/features
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/features')
-rw-r--r--debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch6
-rw-r--r--debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch98
-rw-r--r--debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch16
-rw-r--r--debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch24
-rw-r--r--debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch4
5 files changed, 24 insertions, 124 deletions
diff --git a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
index d224208d4e..f836c8b83d 100644
--- a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+++ b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
@@ -35,7 +35,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
reserve_ibft_region();
x86_init.resources.dmi_setup();
-@@ -1063,8 +1065,6 @@ void __init setup_arch(char **cmdline_p)
+@@ -1061,8 +1063,6 @@ void __init setup_arch(char **cmdline_p)
/* Allocate bigger log buffer */
setup_log_buf(1);
@@ -67,7 +67,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
default:
--- a/include/linux/security.h
+++ b/include/linux/security.h
-@@ -496,6 +496,7 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
+@@ -509,6 +509,7 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
int security_locked_down(enum lockdown_reason what);
int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
void *val, size_t val_len, u64 id, u64 flags);
@@ -75,7 +75,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
#else /* CONFIG_SECURITY */
static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
-@@ -1439,6 +1440,11 @@ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx,
+@@ -1483,6 +1484,11 @@ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx,
{
return -EOPNOTSUPP;
}
diff --git a/debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch b/debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch
deleted file mode 100644
index dd7c02e005..0000000000
--- a/debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From: "Christoph Lameter (Ampere)" <cl@gentwo.org>
-Date: Wed, 6 Mar 2024 17:45:04 -0800
-Subject: ARM64: Dynamically allocate cpumasks and increase supported CPUs to
- 512
-Forwarded: https://lore.kernel.org/lkml/37099a57-b655-3b3a-56d0-5f7fbd49d7db@gentwo.org/
-Applied-Upstream: 3fbd56f0e7c14e7c7a7597fd4a368753fe70d76f
-
- [ a.k.a. Revert "Revert "ARM64: Dynamically allocate cpumasks and
- increase supported CPUs to 512""; originally reverted because of a
- bug in the cpufreq-dt code not using zalloc_cpumask_var() ]
-
-Currently defconfig selects NR_CPUS=256, but some vendors (e.g. Ampere
-Computing) are planning to ship systems with 512 CPUs. So that all CPUs on
-these systems can be used with defconfig, we'd like to bump NR_CPUS to 512.
-Therefore this patch increases the default NR_CPUS from 256 to 512.
-
-As increasing NR_CPUS will increase the size of cpumasks, there's a fear that
-this might have a significant impact on stack usage due to code which places
-cpumasks on the stack. To mitigate that concern, we can select
-CPUMASK_OFFSTACK. As that doesn't seem to be a problem today with
-NR_CPUS=256, we only select this when NR_CPUS > 256.
-
-CPUMASK_OFFSTACK configures the cpumasks in the kernel to be
-dynamically allocated. This was used in the X86 architecture in the
-past to enable support for larger CPU configurations up to 8k cpus.
-
-With that is becomes possible to dynamically size the allocation of
-the cpu bitmaps depending on the quantity of processors detected on
-bootup. Memory used for cpumasks will increase if the kernel is
-run on a machine with more cores.
-
-Further increases may be needed if ARM processor vendors start
-supporting more processors. Given the current inflationary trends
-in core counts from multiple processor manufacturers this may occur.
-
-There are minor regressions for hackbench. The kernel data size
-for 512 cpus is smaller with offstack than with onstack.
-
-Benchmark results using hackbench average over 10 runs of
-
- hackbench -s 512 -l 2000 -g 15 -f 25 -P
-
-on Altra 80 Core
-
-Support for 256 CPUs on stack. Baseline
-
- 7.8564 sec
-
-Support for 512 CUs on stack.
-
- 7.8713 sec + 0.18%
-
-512 CPUS offstack
-
- 7.8916 sec + 0.44%
-
-Kernel size comparison:
-
- text data filename Difference to onstack256 baseline
-25755648 9589248 vmlinuz-6.8.0-rc4-onstack256
-25755648 9607680 vmlinuz-6.8.0-rc4-onstack512 +0.19%
-25755648 9603584 vmlinuz-6.8.0-rc4-offstack512 +0.14%
-
-Tested-by: Eric Mackay <eric.mackay@oracle.com>
-Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
-Signed-off-by: Christoph Lameter (Ampere) <cl@linux.com>
-Acked-by: Mark Rutland <mark.rutland@arm.com>
-Link: https://lore.kernel.org/r/37099a57-b655-3b3a-56d0-5f7fbd49d7db@gentwo.org
-Link: https://lore.kernel.org/r/20240314125457.186678-1-m.szyprowski@samsung.com
-[catalin.marinas@arm.com: use 'select' instead of duplicating 'config CPUMASK_OFFSTACK']
-Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
----
- arch/arm64/Kconfig | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
-index 4869265ace2ddd..a03de40bd4cd7c 100644
---- a/arch/arm64/Kconfig
-+++ b/arch/arm64/Kconfig
-@@ -120,6 +120,7 @@ config ARM64
- select CLONE_BACKWARDS
- select COMMON_CLK
- select CPU_PM if (SUSPEND || CPU_IDLE)
-+ select CPUMASK_OFFSTACK if NR_CPUS > 256
- select CRC32
- select DCACHE_WORD_ACCESS
- select DYNAMIC_FTRACE if FUNCTION_TRACER
-@@ -1430,7 +1431,7 @@ config SCHED_SMT
- config NR_CPUS
- int "Maximum number of CPUs (2-4096)"
- range 2 4096
-- default "256"
-+ default "512"
-
- config HOTPLUG_CPU
- bool "Support for hot-pluggable CPUs"
---
-cgit 1.2.3-korg
diff --git a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch
index a4576e75f4..fedbab5d78 100644
--- a/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch
+++ b/debian/patches/features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch
@@ -15,7 +15,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
--- a/drivers/iommu/intel/Kconfig
+++ b/drivers/iommu/intel/Kconfig
-@@ -56,14 +56,25 @@ config INTEL_IOMMU_SVM
+@@ -57,13 +57,24 @@ config INTEL_IOMMU_SVM
to access DMA resources through process address space by
means of a Process Address Space ID (PASID).
@@ -41,15 +41,14 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+
+config INTEL_IOMMU_DEFAULT_OFF
+ bool "Disable"
-
++
+endchoice
-+
- config INTEL_IOMMU_BROKEN_GFX_WA
- bool "Workaround broken graphics drivers (going away soon)"
- depends on BROKEN && X86
+
+ config INTEL_IOMMU_FLOPPY_WA
+ def_bool y
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
-@@ -284,14 +284,14 @@ static LIST_HEAD(dmar_satc_units);
+@@ -218,13 +218,13 @@ static LIST_HEAD(dmar_satc_units);
static void intel_iommu_domain_free(struct iommu_domain *domain);
@@ -60,13 +59,12 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
int intel_iommu_enabled = 0;
EXPORT_SYMBOL_GPL(intel_iommu_enabled);
- static int dmar_map_gfx = 1;
-static int dmar_map_intgpu = 1;
+static int dmar_map_intgpu = IS_ENABLED(CONFIG_INTEL_IOMMU_DEFAULT_ON);
static int intel_iommu_superpage = 1;
static int iommu_identity_mapping;
static int iommu_skip_te_disable;
-@@ -333,6 +333,7 @@ static int __init intel_iommu_setup(char
+@@ -263,6 +263,7 @@ static int __init intel_iommu_setup(char
while (*str) {
if (!strncmp(str, "on", 2)) {
dmar_disabled = 0;
diff --git a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch
index 6950c937d5..8c82cce244 100644
--- a/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch
+++ b/debian/patches/features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch
@@ -22,7 +22,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -2122,6 +2122,8 @@
+@@ -2174,6 +2174,8 @@
bypassed by not enabling DMAR with this option. In
this case, gfx device will use physical address for
DMA.
@@ -33,7 +33,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
sp_off [Default Off]
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
-@@ -36,6 +36,9 @@
+@@ -35,6 +35,9 @@
#define CONTEXT_SIZE VTD_PAGE_SIZE
#define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY)
@@ -43,24 +43,24 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
#define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB)
#define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA)
#define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e)
-@@ -291,12 +294,14 @@ int intel_iommu_enabled = 0;
+@@ -221,12 +224,14 @@ int intel_iommu_sm = IS_ENABLED(CONFIG_I
+ int intel_iommu_enabled = 0;
EXPORT_SYMBOL_GPL(intel_iommu_enabled);
- static int dmar_map_gfx = 1;
+static int dmar_map_intgpu = 1;
static int intel_iommu_superpage = 1;
static int iommu_identity_mapping;
static int iommu_skip_te_disable;
+ static int disable_igfx_iommu;
- #define IDENTMAP_GFX 2
#define IDENTMAP_AZALIA 4
+#define IDENTMAP_INTGPU 8
const struct iommu_ops intel_iommu_ops;
static const struct iommu_dirty_ops intel_dirty_ops;
-@@ -336,6 +341,9 @@ static int __init intel_iommu_setup(char
+@@ -266,6 +271,9 @@ static int __init intel_iommu_setup(char
} else if (!strncmp(str, "igfx_off", 8)) {
- dmar_map_gfx = 0;
+ disable_igfx_iommu = 1;
pr_info("Disable GFX device mapping\n");
+ } else if (!strncmp(str, "intgpu_off", 10)) {
+ dmar_map_intgpu = 0;
@@ -68,9 +68,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
} else if (!strncmp(str, "forcedac", 8)) {
pr_warn("intel_iommu=forcedac deprecated; use iommu.forcedac instead\n");
iommu_dma_forcedac = true;
-@@ -2548,6 +2556,9 @@ static int device_def_domain_type(struct
+@@ -2401,6 +2409,9 @@ static int device_def_domain_type(struct
- if ((iommu_identity_mapping & IDENTMAP_GFX) && IS_GFX_DEVICE(pdev))
+ if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev))
return IOMMU_DOMAIN_IDENTITY;
+
+ if ((iommu_identity_mapping & IDENTMAP_INTGPU) && IS_INTGPU_DEVICE(pdev))
@@ -78,9 +78,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
}
return 0;
-@@ -2855,6 +2866,9 @@ static int __init init_dmars(void)
- if (!dmar_map_gfx)
- iommu_identity_mapping |= IDENTMAP_GFX;
+@@ -2701,6 +2712,9 @@ static int __init init_dmars(void)
+ iommu_set_root_entry(iommu);
+ }
+ if (!dmar_map_intgpu)
+ iommu_identity_mapping |= IDENTMAP_INTGPU;
diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
index 55f43dcd32..b4dd9b9102 100644
--- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
+++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
@@ -29,7 +29,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -6468,6 +6468,10 @@
+@@ -6498,6 +6498,10 @@
later by a loaded module cannot be set this way.
Example: sysctl.vm.swappiness=40
@@ -42,7 +42,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ignore sysrq setting - this boot parameter will
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -3052,6 +3052,14 @@ config COMPAT_32
+@@ -3058,6 +3058,14 @@ config COMPAT_32
select HAVE_UID16
select OLD_SIGSUSPEND3