diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2016-02-16 02:50:51 +0000 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2016-02-16 02:51:44 +0000 |
| commit | 5427214b64970ddf2079021a7090c2d244122498 (patch) | |
| tree | 97cdfb2bfe41fc01803ce585356bd23e0c55956b | |
| parent | fcd5547ba0cae795425bf7fd601e4a2e594f4f8c (diff) | |
| download | kernel_replicant_linux-5427214b64970ddf2079021a7090c2d244122498.tar.gz kernel_replicant_linux-5427214b64970ddf2079021a7090c2d244122498.tar.bz2 kernel_replicant_linux-5427214b64970ddf2079021a7090c2d244122498.zip | |
[i386/686-pae] PCI: Set pci=nobios by default
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch | 27 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 29 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 1d45e539163b..a1a39a27027b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -35,6 +35,7 @@ linux (4.4.1-1) UNRELEASED; urgency=medium - [amd64] efi: Build our own page table structure - [i386/686-pae] mm: Fix types used in pgprot cacheability flags translations + - [i386/686-pae] PCI: Set pci=nobios by default [ Roger Shimizu ] * Enable TTY_PRINTK as module (Closes: #814540). diff --git a/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch new file mode 100644 index 000000000000..2787c2518b5f --- /dev/null +++ b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch @@ -0,0 +1,27 @@ +From: Ben Hutchings <ben@decadent.org.uk> +Date: Tue, 16 Feb 2016 02:45:42 +0000 +Subject: [i386/686-pae] PCI: Set pci=nobios by default +Forwarded: not-needed + +CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped +W+X, which is undesirable for security reasons and will result in a +warning at boot now that we enable CONFIG_DEBUG_WX. + +This can be overridden using the kernel parameter "pci=nobios", but we +want to disable W+X by default. Disable PCI BIOS probing by default; +it can still be enabled using "pci=bios". + +--- +--- a/arch/x86/pci/common.c ++++ b/arch/x86/pci/common.c +@@ -20,8 +20,8 @@ + #include <asm/pci_x86.h> + #include <asm/setup.h> + +-unsigned int pci_probe = PCI_PROBE_BIOS | PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | +- PCI_PROBE_MMCONF; ++unsigned int pci_probe = PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | PCI_PROBE_MMCONF | ++ (IS_ENABLED(CONFIG_X86_64) || IS_ENABLED(CONFIG_X86_PAE) ? 0 : PCI_PROBE_BIOS); + + unsigned int pci_early_dump_regs; + static int pci_bf_sort; diff --git a/debian/patches/series b/debian/patches/series index aac4e3e78725..646e47c4557c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -131,3 +131,4 @@ bugfix/x86/x86-efi-hoist-page-table-switching-code-into-efi_cal.patch bugfix/x86/x86-efi-build-our-own-page-table-structures.patch bugfix/x86/x86-efi-setup-separate-efi-page-tables-in-kexec-path.patch bugfix/x86/x86-mm-fix-types-used-in-pgprot-cacheability-flags-t.patch +debian/i386-686-pae-pci-set-pci-nobios-by-default.patch |