From 01997497f915e8f79871f3f2acb55ac465051d24 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 20:49:59 +0200 Subject: Adding debian version 6.1.76-1. Signed-off-by: Daniel Baumann --- ...386-686-pae-pci-set-pci-nobios-by-default.patch | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch (limited to 'debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch') diff --git a/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch new file mode 100644 index 000000000..1b216d0d1 --- /dev/null +++ b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch @@ -0,0 +1,27 @@ +From: Ben Hutchings +Date: Tue, 16 Feb 2016 02:45:42 +0000 +Subject: [i386/686-pae] PCI: Set pci=nobios by default +Forwarded: not-needed + +CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped +W+X, which is undesirable for security reasons and will result in a +warning at boot now that we enable CONFIG_DEBUG_WX. + +This can be overridden using the kernel parameter "pci=nobios", but we +want to disable W+X by default. Disable PCI BIOS probing by default; +it can still be enabled using "pci=bios". + +--- +--- a/arch/x86/pci/common.c ++++ b/arch/x86/pci/common.c +@@ -21,8 +21,8 @@ + #include + #include + +-unsigned int pci_probe = PCI_PROBE_BIOS | PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | +- PCI_PROBE_MMCONF; ++unsigned int pci_probe = PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | PCI_PROBE_MMCONF | ++ (IS_ENABLED(CONFIG_X86_64) || IS_ENABLED(CONFIG_X86_PAE) ? 0 : PCI_PROBE_BIOS); + + static int pci_bf_sort; + int pci_routeirq; -- cgit v1.2.3