Updated to 5.1.5

5 files changed, 133 insertions, 25 deletions

diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
new file mode 100644
index 0000000..e7432e3
--- /dev/null
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -0,0 +1,102 @@
+From e71668257d1353a7bd428ec90f0871b038db813b Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge.hallyn@canonical.com>
+Date: Fri, 31 May 2013 19:12:12 +0100
+Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by
+ default
+
+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+[bwh: Remove unneeded binary sysctl bits]
+Signed-off-by: Daniel Micay <danielmicay@gmail.com>
+---
+ kernel/fork.c           | 15 +++++++++++++++
+ kernel/sysctl.c         | 12 ++++++++++++
+ kernel/user_namespace.c |  3 +++
+ 3 files changed, 30 insertions(+)
+
+diff --git a/kernel/fork.c b/kernel/fork.c
+index b69248e6f0e0..3b1cd11dc6dc 100644
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -104,6 +104,11 @@
+ 
+ #define CREATE_TRACE_POINTS
+ #include <trace/events/task.h>
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#else
++#define unprivileged_userns_clone 0
++#endif
+ 
+ /*
+  * Minimum number of threads to boot the kernel
+@@ -1695,6 +1700,10 @@ static __latent_entropy struct task_struct *copy_process(
+ 	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
+ 		return ERR_PTR(-EINVAL);
+ 
++	if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
++		if (!capable(CAP_SYS_ADMIN))
++			return ERR_PTR(-EPERM);
++
+ 	/*
+ 	 * Thread groups must share signals as well, and detached threads
+ 	 * can only be started up within the thread group.
+@@ -2528,6 +2537,12 @@ int ksys_unshare(unsigned long unshare_flags)
+ 	if (unshare_flags & CLONE_NEWNS)
+ 		unshare_flags |= CLONE_FS;
+ 
++	if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
++		err = -EPERM;
++		if (!capable(CAP_SYS_ADMIN))
++			goto bad_unshare_out;
++	}
++
+ 	err = check_unshare_flags(unshare_flags);
+ 	if (err)
+ 		goto bad_unshare_out;
+diff --git a/kernel/sysctl.c b/kernel/sysctl.c
+index ba4d9e85feb8..e88b93a850df 100644
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -106,6 +106,9 @@ extern int core_uses_pid;
+ extern char core_pattern[];
+ extern unsigned int core_pipe_limit;
+ #endif
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#endif
+ extern int pid_max;
+ extern int pid_max_min, pid_max_max;
+ extern int percpu_pagelist_fraction;
+@@ -515,6 +518,15 @@ static struct ctl_table kern_table[] = {
+ 		.proc_handler	= proc_dointvec,
+ 	},
+ #endif
++#ifdef CONFIG_USER_NS
++	{
++		.procname	= "unprivileged_userns_clone",
++		.data		= &unprivileged_userns_clone,
++		.maxlen		= sizeof(int),
++		.mode		= 0644,
++		.proc_handler	= proc_dointvec,
++	},
++#endif
+ #ifdef CONFIG_PROC_SYSCTL
+ 	{
+ 		.procname	= "tainted",
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index 923414a246e9..6b9dbc257e34 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -26,6 +26,9 @@
+ #include <linux/bsearch.h>
+ #include <linux/sort.h>
+ 
++/* sysctl */
++int unprivileged_userns_clone;
++
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
+ 
+-- 
+2.21.0
+
diff --git a/PKGBUILD b/PKGBUILD
index 825ebae..67f3012 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -6,7 +6,8 @@
 
 # # I maintain this because:
 # Parabola version patch script does not apply consistently
-# Parabola version lacks ath9k, bdver2, greysky2, and raid6 patches
+# Parabola version lacks graysky gcc patch with bdver2 fix
+# Parabola version lacks ath9k regdom and raid6 algo patches
 # Parabola version allows SEED, SM3, SM4, and Streebog
 # Parabola version is 300 Hz
 # Parabola version supports Intel ME
@@ -15,7 +16,7 @@
 
 pkgbase=linux-libre
 _majver=5.1
-_minver=4
+_minver=5
   if [ "$_minver" == "0" ]; then
     pkgver=${_majver}
   else
@@ -35,8 +36,9 @@ options=('!strip')
 source=(
         https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign}
         https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnupkgver}/patch-${_gnumajver}-${_gnupkgver}.xz{,.sign}
+        0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+        graysky_bdver2-hotfix.patch
         enable_additional_cpu_optimizations-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/$_gcc_more_v.tar.gz
-        bdver2-fix-for-graysky.patch
         ath9k-regdom-hack.patch
         raid6-default-algo.patch
         config.x86_64  # the main kernel config files
@@ -46,13 +48,14 @@ source=(
        )
 sha512sums=('42510bffa69746e0f919fecef5a23da4adb2473239ee67730fa1eb2340256fb4618c6acab439c01ae781df768a2e1ac4b76ad80fe0e4a432eaceb7f01f275439'
             'SKIP'
-            '09b935439659f6d170f8acc77d47f43973d066e372fe353167ab1cf96598a757e2430e448477384dc799b910a7903fb6841467be2a01e08e40194bfc6bea77c3'
+            '77bb081adeaff3128290452960b4ed7d0189084bdce0cddc080b72b920772ccece7a0260396d80183b5efc7de9864a07ea4990a734c21a8b9ddf9f387b4b2d37'
             'SKIP'
+            '81a57ab537da498800475d1b30d2d067e06325486e7f19aab713c4bab211a7caaf63b85e1c761646eb945c40b6a0b917eeb2be9e58c8a6d9f730e5b25bb982b8'
+            '5ec8f3ef9c4467a99ae9c5350d0cc82fcf4ed78064ae732805d348053655b9ac8217ee2bfe301918634110cab14d85f58b8422e41e328f2ac77921ae8ec3a770'
             'a0f37a9b8dbd11f8ef4450b06afee0a6e5519cb5a5cd78f84896812b007ef645bcb9c733ae9817c24d1f4a4c2114258015abceb5a94c7e08d2bb00531a6f04c7'
-            'c74bb817cbec20b275fe8fdafdd113ab639d699a3c7d92c743923436dc9ce5f7b30ba3bebc1d5abdc52ed9b320818d1d6781f522918e55fa8ecf2b7608b9abc8'
             '905beb3f47cccb161e1ee74f8d5ba324b7c2f72e86246d941dfb18c85ace9d32df1966b52d2be2e3ff1ebea74af3b868422aec5a3eebc29858ee9e7207dea226'
             'd6bec327f4f2c69f2fc2780d90cd5d057bc5e32b39e54a13fccb1f5a880a148fa322e54c372e38d3f453d06fd9ab54d653265f355bd61e08a416058bd4224167'
-            'f7e38302297d2b629378c90ed056a99eccd98e4624faf0567cd62407ba309962715e4097d89ea6914bc37e9c33d9922badf7e52510c488398e5d7c420cc73e18'
+            '258117d6bff3ca91bad12351d1b436678d8de9111c628a93f31fc13802b3facf75afb5a28a2b7bcac96a636f0e3ea9a8bcaef8df95890ecf10358b964b7ddeca'
             '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a'
             '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44'
             '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf')
@@ -72,15 +75,18 @@ prepare() {
   fi
 
   # Hotfixes
-  # msg2 "Applying hotfixes"
+  msg2 "Applying hotfixes"
+  patch -p1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
 
-  # graysky2 gcc patch
-  msg2 "Applying graysky2 cpu patch"
+
+  # graysky gcc hotfixes
+  msg2 "Applying graysky gcc patch hotfixes"
+  patch -p1 -i ../graysky_bdver2-hotfix.patch "$srcdir/kernel_gcc_patch-${_gcc_more_v}/enable_additional_cpu_optimizations_for_gcc_v8.1+_kernel_v4.13+.patch"
+
+  # graysky gcc patch
+  msg2 "Applying graysky cpu patch"
   patch -p1 -i ../kernel_gcc_patch-${_gcc_more_v}/enable_additional_cpu_optimizations_for_gcc_v8.1+_kernel_v4.13+.patch
 
-  # Fix stack warnings and ldconfig segfaults on bdver2 with graysky2 gcc patch
-  msg2 "Applying bdver2 fix for graysky2 cpu patch"
-  patch -p1 -i ../bdver2-fix-for-graysky.patch
 
   # Ignore ath9k eeprom patch
   msg2 "Applying ath9k patch"
diff --git a/bdver2-fix-for-graysky.patch b/bdver2-fix-for-graysky.patch
deleted file mode 100644
index b7e5402..0000000
--- a/bdver2-fix-for-graysky.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/arch/x86/Makefile
-+++ b/arch/x86/Makefile
-@@ -492,7 +492,7 @@
-         cflags-$(CONFIG_MBOBCAT) += $(call cc-option,-march=btver1)
-         cflags-$(CONFIG_MJAGUAR) += $(call cc-option,-march=btver2)
-         cflags-$(CONFIG_MBULLDOZER) += $(call cc-option,-march=bdver1)
--        cflags-$(CONFIG_MPILEDRIVER) += $(call cc-option,-march=bdver2)
-+        cflags-$(CONFIG_MPILEDRIVER) += $(call cc-option,-march=bdver2) $(call cc-option,-mno-tbm)
-         cflags-$(CONFIG_MSTEAMROLLER) += $(call cc-option,-march=bdver3)
-         cflags-$(CONFIG_MEXCAVATOR) += $(call cc-option,-march=bdver4)
-         cflags-$(CONFIG_MZEN) += $(call cc-option,-march=znver1)
diff --git a/config.x86_64 b/config.x86_64
index cf091e4..2ff18c8 100644
--- a/config.x86_64
+++ b/config.x86_64
@@ -4,10 +4,10 @@
 #
 
 #
-# Compiler: gcc (GCC) 8.3.0
+# Compiler: gcc (GCC) 9.1.0
 #
 CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=80300
+CONFIG_GCC_VERSION=90100
 CONFIG_CLANG_VERSION=0
 CONFIG_CC_HAS_ASM_GOTO=y
 CONFIG_CC_HAS_WARN_MAYBE_UNINITIALIZED=y
diff --git a/graysky_bdver2-hotfix.patch b/graysky_bdver2-hotfix.patch
new file mode 100644
index 0000000..5cd9dbc
--- /dev/null
+++ b/graysky_bdver2-hotfix.patch
@@ -0,0 +1,11 @@
+--- a/kernel_gcc_patch-20180509/enable_additional_cpu_optimizations_for_gcc_v8.1+_kernel_v4.13+.patch
++++ b/kernel_gcc_patch-20180509/enable_additional_cpu_optimizations_for_gcc_v8.1+_kernel_v4.13+.patch
+@@ -492,7 +492,7 @@   +        cflags-$(CONFIG_MBARCELONA) += $(call cc-option,-march=barcelona)
+ +        cflags-$(CONFIG_MBOBCAT) += $(call cc-option,-march=btver1)
+ +        cflags-$(CONFIG_MJAGUAR) += $(call cc-option,-march=btver2)
+ +        cflags-$(CONFIG_MBULLDOZER) += $(call cc-option,-march=bdver1)
+-+        cflags-$(CONFIG_MPILEDRIVER) += $(call cc-option,-march=bdver2)
+++        cflags-$(CONFIG_MPILEDRIVER) += $(call cc-option,-march=bdver2) $(call cc-option,-mno-tbm)
+ +        cflags-$(CONFIG_MSTEAMROLLER) += $(call cc-option,-march=bdver3)
+ +        cflags-$(CONFIG_MEXCAVATOR) += $(call cc-option,-march=bdver4)
+ +        cflags-$(CONFIG_MZEN) += $(call cc-option,-march=znver1)