kylekrein/live-bootstrap
1
0
Fork 0
mirror of https://github.com/fosslinux/live-bootstrap.git synced 2026-03-12 06:15:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
live-bootstrap/steps/linux-4.14.336/patches/ddfd117714014cebe7b5d008fdec8eaec620cba1.patch
Gábor Stefanik 11d3605b08 Upgrade Linux kernel to 4.14.336 
This is the last LTS version buildable using GCC 4.0.x. The next one,
version 4.19, requires at least GCC 4.6.

Fortunately, this is also the first version of the Linux kernel
without firmware blobs being included in /firmware, so the FSFLA
deblob scripts aren't needed anymore to ensure a fully auditable
kernel - the 3 remaining drivers that do include blobs masquerading
as source code are removed via a patch, avoiding all the other side
effects of the deblob scripts.
This doesn't compromise the trustworthiness of the bootstrapped
environment, since all the other drivers deblob would remove use
the firmware loader mechanism, which does nothing when the actual
firmware blobs aren't installed on the system separately. Features
dependent on firmware still won't work, but many drivers that load
firmware do so only optionally. This includes r8169, the driver for
the Realtek gigabit NICs found on many x86 motherboards.

This kernel is considerably larger than 4.9.10, and we build more
of it (including drivers that would previously get stripped away by
the deblob script, such as r8169), so to accommodate that, Fiwix
initrd size is increased by 64MiB, while lowering kexec space by
the same amount to ensure enough userspace memory available in Fiwix.
Fiwix's maximum open file count is also bumped from 1.5K to 2.5K.

The Documentation folder is deleted before build, to further save
space in the ramdisk.
2024-02-17 15:37:33 +01:00

60 lines
2.3 KiB
Diff
Raw Blame History

SPDX-FileCopyrightText: 2022 Sean Christopherson <seanjc@google.com>
SPDX-License-Identifier: GPL-2.0-only
Revert the following patch:
From ddfd117714014cebe7b5d008fdec8eaec620cba1 Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc@google.com>
Date: Wed, 30 Nov 2022 23:36:48 +0000
Subject: [PATCH] x86/virt: Force GIF=1 prior to disabling SVM (for reboot
flows)
commit 6a3236580b0b1accc3976345e723104f74f6f8e6 upstream.
Set GIF=1 prior to disabling SVM to ensure that INIT is recognized if the
kernel is disabling SVM in an emergency, e.g. if the kernel is about to
jump into a crash kernel or may reboot without doing a full CPU RESET.
If GIF is left cleared, the new kernel (or firmware) will be unabled to
awaken APs. Eat faults on STGI (due to EFER.SVME=0) as it's possible
that SVM could be disabled via NMI shootdown between reading EFER.SVME
and executing STGI.
Link: https://lore.kernel.org/all/cbcb6f35-e5d7-c1c9-4db9-fe5cc4de579a@amd.com
Cc: stable@vger.kernel.org
Cc: Andrew Cooper <Andrew.Cooper3@citrix.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20221130233650.1404148-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/virtext.h | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/virtext.h b/arch/x86/include/asm/virtext.h
index 0116b2ee9e64f..4699acd602af4 100644
--- arch/x86/include/asm/virtext.h
+++ arch/x86/include/asm/virtext.h
@@ -114,21 +114,7 @@ static inline void cpu_svm_disable(void)
wrmsrl(MSR_VM_HSAVE_PA, 0);
rdmsrl(MSR_EFER, efer);
- if (efer & EFER_SVME) {
- /*
- * Force GIF=1 prior to disabling SVM to ensure INIT and NMI
- * aren't blocked, e.g. if a fatal error occurred between CLGI
- * and STGI. Note, STGI may #UD if SVM is disabled from NMI
- * context between reading EFER and executing STGI. In that
- * case, GIF must already be set, otherwise the NMI would have
- * been blocked, so just eat the fault.
- */
- asm_volatile_goto("1: stgi\n\t"
- _ASM_EXTABLE(1b, %l[fault])
- ::: "memory" : fault);
-fault:
- wrmsrl(MSR_EFER, efer & ~EFER_SVME);
- }
+ wrmsrl(MSR_EFER, efer & ~EFER_SVME);
}
/** Makes sure SVM is disabled, if it is supported on the CPU
Reference in a new issue View git blame Copy permalink