summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch102
-rw-r--r--libre/linux-libre/0002-drm-i915-Increase-LSPCON-timeout.patch50
-rw-r--r--libre/linux-libre/PKGBUILD44
3 files changed, 173 insertions, 23 deletions
diff --git a/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
new file mode 100644
index 000000000..c40f1002e
--- /dev/null
+++ b/libre/linux-libre/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -0,0 +1,102 @@
+From 5dde1cf2f63a2e20ff411eac47fb5a53230642fe Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge.hallyn@canonical.com>
+Date: Fri, 31 May 2013 19:12:12 +0100
+Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by
+ default
+
+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+[bwh: Remove unneeded binary sysctl bits]
+Signed-off-by: Daniel Micay <danielmicay@gmail.com>
+---
+ kernel/fork.c | 15 +++++++++++++++
+ kernel/sysctl.c | 12 ++++++++++++
+ kernel/user_namespace.c | 3 +++
+ 3 files changed, 30 insertions(+)
+
+diff --git a/kernel/fork.c b/kernel/fork.c
+index 1b27babc4c78..a88dd3ccd31c 100644
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -103,6 +103,11 @@
+
+ #define CREATE_TRACE_POINTS
+ #include <trace/events/task.h>
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#else
++#define unprivileged_userns_clone 0
++#endif
+
+ /*
+ * Minimum number of threads to boot the kernel
+@@ -1624,6 +1629,10 @@ static __latent_entropy struct task_struct *copy_process(
+ if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
+ return ERR_PTR(-EINVAL);
+
++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
++ if (!capable(CAP_SYS_ADMIN))
++ return ERR_PTR(-EPERM);
++
+ /*
+ * Thread groups must share signals as well, and detached threads
+ * can only be started up within the thread group.
+@@ -2420,6 +2429,12 @@ int ksys_unshare(unsigned long unshare_flags)
+ if (unshare_flags & CLONE_NEWNS)
+ unshare_flags |= CLONE_FS;
+
++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
++ err = -EPERM;
++ if (!capable(CAP_SYS_ADMIN))
++ goto bad_unshare_out;
++ }
++
+ err = check_unshare_flags(unshare_flags);
+ if (err)
+ goto bad_unshare_out;
+diff --git a/kernel/sysctl.c b/kernel/sysctl.c
+index 2d9837c0aff4..eb5236c069fc 100644
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -105,6 +105,9 @@ extern int core_uses_pid;
+ extern char core_pattern[];
+ extern unsigned int core_pipe_limit;
+ #endif
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#endif
+ extern int pid_max;
+ extern int pid_max_min, pid_max_max;
+ extern int percpu_pagelist_fraction;
+@@ -519,6 +522,15 @@ static struct ctl_table kern_table[] = {
+ .proc_handler = proc_dointvec,
+ },
+ #endif
++#ifdef CONFIG_USER_NS
++ {
++ .procname = "unprivileged_userns_clone",
++ .data = &unprivileged_userns_clone,
++ .maxlen = sizeof(int),
++ .mode = 0644,
++ .proc_handler = proc_dointvec,
++ },
++#endif
+ #ifdef CONFIG_PROC_SYSCTL
+ {
+ .procname = "tainted",
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index c3d7583fcd21..6ee37e516869 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -26,6 +26,9 @@
+ #include <linux/bsearch.h>
+ #include <linux/sort.h>
+
++/* sysctl */
++int unprivileged_userns_clone;
++
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
+
+--
+2.18.0
+
diff --git a/libre/linux-libre/0002-drm-i915-Increase-LSPCON-timeout.patch b/libre/linux-libre/0002-drm-i915-Increase-LSPCON-timeout.patch
new file mode 100644
index 000000000..06c514258
--- /dev/null
+++ b/libre/linux-libre/0002-drm-i915-Increase-LSPCON-timeout.patch
@@ -0,0 +1,50 @@
+From 670aed8119f293b41b82195cf96fa78c86cc3d49 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fredrik=20Sch=C3=B6n?= <fredrikschon@gmail.com>
+Date: Fri, 17 Aug 2018 22:07:28 +0200
+Subject: [PATCH 2/2] drm/i915: Increase LSPCON timeout
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+100 ms is not enough time for the LSPCON adapter on Intel NUC devices to
+settle. This causes dropped display modes at boot or screen reconfiguration.
+Empirical testing can reproduce the error up to a timeout of 190 ms. Basic
+boot and stress testing at 200 ms has not (yet) failed.
+
+Increase timeout to 400 ms to get some margin of error.
+
+Changes from v1:
+The initial suggestion of 1000 ms was lowered due to concerns about delaying
+valid timeout cases.
+Update patch metadata.
+
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107503
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1570392
+Fixes: 357c0ae9198a ("drm/i915/lspcon: Wait for expected LSPCON mode to settle")
+Cc: Shashank Sharma <shashank.sharma@intel.com>
+Cc: Imre Deak <imre.deak@intel.com>
+Cc: Jani Nikula <jani.nikula@intel.com>
+Cc: <stable@vger.kernel.org> # v4.11+
+Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Signed-off-by: Fredrik Schön <fredrik.schon@gmail.com>
+Reviewed-by: Shashank Sharma <shashank.sharma@intel.com>
+---
+ drivers/gpu/drm/i915/intel_lspcon.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/i915/intel_lspcon.c b/drivers/gpu/drm/i915/intel_lspcon.c
+index 8ae8f42f430a..6b6758419fb3 100644
+--- a/drivers/gpu/drm/i915/intel_lspcon.c
++++ b/drivers/gpu/drm/i915/intel_lspcon.c
+@@ -74,7 +74,7 @@ static enum drm_lspcon_mode lspcon_wait_mode(struct intel_lspcon *lspcon,
+ DRM_DEBUG_KMS("Waiting for LSPCON mode %s to settle\n",
+ lspcon_mode_name(mode));
+
+- wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 100);
++ wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 400);
+ if (current_mode != mode)
+ DRM_ERROR("LSPCON mode hasn't settled\n");
+
+--
+2.18.0
+
diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD
index 5bd7209d0..1eac8f72b 100644
--- a/libre/linux-libre/PKGBUILD
+++ b/libre/linux-libre/PKGBUILD
@@ -12,8 +12,7 @@
pkgbase=linux-libre # Build stock kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_srcbasever=4.18-gnu
-_srcver=4.18.4-gnu
-_archrel=arch1
+_srcver=4.18.5-gnu
_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
_replacesoldkernels=() # '%' gets replaced with _kernelname
@@ -30,9 +29,8 @@ license=(GPL2)
makedepends=(xmlto kmod inetutils bc libelf python-sphinx graphviz)
options=('!strip')
source=(
- "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcbasever}/linux-libre-${_srcbasever}.tar.xz"{,.sign}
- "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcver}/patch-${_srcbasever}-${_srcver}.xz"{,.sign}
- "https://repo.parabola.nu/other/arch/patches/${_srcver%-*}/patch-${_srcver%-*}-${_archrel}.patch"{,.sig}
+ "https://linux-libre.fsfla.org/pub/linux-libre/releases/$_srcbasever/linux-libre-$_srcbasever.tar.xz"{,.sign}
+ "https://linux-libre.fsfla.org/pub/linux-libre/releases/$_srcver/patch-$_srcbasever-$_srcver.xz"{,.sign}
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_clut224.ppm"{,.sig}
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_mono.pbm"{,.sig}
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_vga16.ppm"{,.sig}
@@ -43,7 +41,7 @@ source=(
# standard config files for mkinitcpio ramdisk
'linux.preset'
# armv7h patches
- "https://repo.parabola.nu/other/rcn-libre/patches/${_srcver%-*}/rcn-libre-${_srcver%-*}-${rcnrel}.patch"{,.sig}
+ "https://repo.parabola.nu/other/rcn-libre/patches/${_srcver%-*}/rcn-libre-${_srcver%-*}-$rcnrel.patch"{,.sig}
'0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch'
'0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch'
'0003-SMILE-Plug-device-tree-file.patch'
@@ -61,6 +59,8 @@ source=(
# other patches
'0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch'
'0002-fix-Atmel-maXTouch-touchscreen-support.patch'
+ '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch'
+ '0002-drm-i915-Increase-LSPCON-timeout.patch'
)
validpgpkeys=(
'474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva
@@ -68,9 +68,7 @@ validpgpkeys=(
)
sha512sums=('0c221c6e84eb5bc270ef79454bf407079daed84534afb1d449d40fa46e42868a471d3063016a4eb3f68d42879e18ee314ab30716116805fee35b5084b23df2a9'
'SKIP'
- '0f4edca52da5cdd903d46035eb19ad5fe490462bfad5fabb5b2a15fd0a75324a5b0cec9b0c5385599fb88675f4241d3589f17f88f5c1280dece384d42aca9cd9'
- 'SKIP'
- '191ab07e37811f9644d69e2087217a17baddb86014fa44f5826333150aeb2a59ed49564dc7f51ec23d0b13be7b3e400a72a4ca665c9773fc9d1f6499fc9ff80d'
+ '4185dde406aafd020a0c7ab5cadff02a6f92812b5e7616c39b85051af23adc6bb0927f75bcc5213f9df8d34d0e7deb7c930844565318dd771b6695763deef174'
'SKIP'
'13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
'SKIP'
@@ -80,7 +78,7 @@ sha512sums=('0c221c6e84eb5bc270ef79454bf407079daed84534afb1d449d40fa46e42868a471
'SKIP'
'f02e3abf8a9f2b6a08b444b9de5e6f81c1836ec737e2fc49c373f4f0896aaa30d3418522f50ec2767924c99a47ce9a819cf3e64deaa5e5aad07ead3b895ba585'
'8b42e76dd715a8bbbcd78d0cf68e85dd530418eef4df10cfaf2529a28c18448645879c80c36d13289693a682931649ebb144deb1c7a891e993db2d45483e19a9'
- 'e67a0187f3fbcafefd973cfd4b30804cd480141285cef29d20e65fcb25e6108dd1d83de02f9520d7967c106ffce4176e4a23557db123e9bf77c6498f6af2f3c7'
+ '5287d26853da66b08e4d2a0ca205a884d3a1ba9d5cadfe93502a32b2ffaebd0bbbc5731f23bbc5c834cbeeae5d9493a48db1f147946a1a22e6997cec487205c0'
'7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a'
'4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44'
'2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf'
@@ -101,7 +99,9 @@ sha512sums=('0c221c6e84eb5bc270ef79454bf407079daed84534afb1d449d40fa46e42868a471
'c3a3ceed29b8513f478cad877507c7d2171453d24346c4d62ebf34c3f35ed13ebce2ca6f7200e97693ea900f504528685fe5b59c641ccfe36bc9bc257106f157'
'073c48fea2989334451b9020e8151c0385b07affcb2bc5f778fd5f9d2d8182e40dcd04edde4d53648c1ed8cea4721afc04267a72e429be3612d2f77f5d0fd459'
'02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
- 'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168')
+ 'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168'
+ '8ed3859b495f88287222bd87927fad795b409541c113784bea933099d10bb62bbf24dd7f847dd47f8742d83d7143d9a0d04642528c2c1d41ef7e0ffde3d4a0b3'
+ 'f97ec2ad3d919c1a59211dab61be6701e3ebd5647afc725c32365bc083272d770c0ad8be5bf8b43b32905d2d107da822bd1013668a5cf75ec51770e151e4f5f8')
_kernelname=${pkgbase#linux-libre}
_replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}")
@@ -117,13 +117,8 @@ prepare() {
cd $_srcname
# add upstream patch
- if [ "${_srcbasever}" != "${_srcver}" ]; then
- patch -p1 -i ../patch-${_srcbasever}-${_srcver}
- fi
-
- # add Arch Linux kernel patch
- if [ -e ../patch-${_srcver%-*}-${_archrel}.patch ]; then
- patch -p1 -i ../patch-${_srcver%-*}-${_archrel}.patch
+ if [ "$_srcbasever" != "$_srcver" ]; then
+ patch -p1 -i ../patch-$_srcbasever-$_srcver
fi
if [ "$CARCH" = "armv7h" ]; then
@@ -131,7 +126,7 @@ prepare() {
# Note: For stability reasons, AUFS has been removed in the RCN patch.
# We are supporting AUFS in linux-libre-pck through PCK patch.
# See https://wiki.parabola.nu/PCK for further details.
- patch -p1 -i ../rcn-libre-${_srcver%-*}-${rcnrel}.patch
+ patch -p1 -i ../rcn-libre-${_srcver%-*}-$rcnrel.patch
# ALARM patches
patch -p1 -i ../0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch
@@ -154,6 +149,10 @@ prepare() {
install -m644 -t drivers/video/logo \
../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm}
+ # Arch's linux patches
+ patch -p1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+ patch -p1 -i ../0002-drm-i915-Increase-LSPCON-timeout.patch
+
# maintain the TTY over USB disconnects
# http://www.coreboot.org/EHCI_Gadget_Debug
patch -p1 -i ../0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
@@ -270,6 +269,9 @@ _package-headers() {
install -Dt "$builddir" -m644 Makefile .config Module.symvers System.map vmlinux
install -Dt "$builddir/kernel" -m644 kernel/Makefile
install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile
+ if [[ $CARCH = i686 ]]; then
+ install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile_32.cpu
+ fi
cp -t "$builddir" -a scripts
# add objtool for external module building and enabled VALIDATION_STACK option
@@ -280,10 +282,6 @@ _package-headers() {
# add xfs and shmem for aufs building
mkdir -p "$builddir"/{fs/xfs,mm}
- if [[ $CARCH = i686 ]]; then
- install -t "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile_32.cpu
- fi
-
# ???
mkdir "$builddir/.tmp_versions"