[linux] 01/01: [i386/686-pae] PCI: Set pci=nobios by default

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Tue Feb 16 03:02:23 UTC 2016 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch sid
in repository linux.

commit 5427214b64970ddf2079021a7090c2d244122498
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Tue Feb 16 02:50:51 2016 +0000

    [i386/686-pae] PCI: Set pci=nobios by default
---
 debian/changelog                                   |  1 +
 ...386-686-pae-pci-set-pci-nobios-by-default.patch | 27 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 29 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1d45e53..a1a39a2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -35,6 +35,7 @@ linux (4.4.1-1) UNRELEASED; urgency=medium
     - [amd64] efi: Build our own page table structure
     - [i386/686-pae] mm: Fix types used in pgprot cacheability flags
       translations
+    - [i386/686-pae] PCI: Set pci=nobios by default
 
   [ Roger Shimizu ]
   * Enable TTY_PRINTK as module (Closes: #814540).
diff --git a/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
new file mode 100644
index 0000000..2787c25
--- /dev/null
+++ b/debian/patches/debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
@@ -0,0 +1,27 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Tue, 16 Feb 2016 02:45:42 +0000
+Subject: [i386/686-pae] PCI: Set pci=nobios by default
+Forwarded: not-needed
+
+CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped
+W+X, which is undesirable for security reasons and will result in a
+warning at boot now that we enable CONFIG_DEBUG_WX.
+
+This can be overridden using the kernel parameter "pci=nobios", but we
+want to disable W+X by default.  Disable PCI BIOS probing by default;
+it can still be enabled using "pci=bios".
+
+---
+--- a/arch/x86/pci/common.c
++++ b/arch/x86/pci/common.c
+@@ -20,8 +20,8 @@
+ #include <asm/pci_x86.h>
+ #include <asm/setup.h>
+ 
+-unsigned int pci_probe = PCI_PROBE_BIOS | PCI_PROBE_CONF1 | PCI_PROBE_CONF2 |
+-				PCI_PROBE_MMCONF;
++unsigned int pci_probe = PCI_PROBE_CONF1 | PCI_PROBE_CONF2 | PCI_PROBE_MMCONF |
++	(IS_ENABLED(CONFIG_X86_64) || IS_ENABLED(CONFIG_X86_PAE) ? 0 : PCI_PROBE_BIOS);
+ 
+ unsigned int pci_early_dump_regs;
+ static int pci_bf_sort;
diff --git a/debian/patches/series b/debian/patches/series
index aac4e3e..646e47c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -131,3 +131,4 @@ bugfix/x86/x86-efi-hoist-page-table-switching-code-into-efi_cal.patch
 bugfix/x86/x86-efi-build-our-own-page-table-structures.patch
 bugfix/x86/x86-efi-setup-separate-efi-page-tables-in-kexec-path.patch
 bugfix/x86/x86-mm-fix-types-used-in-pgprot-cacheability-flags-t.patch
+debian/i386-686-pae-pci-set-pci-nobios-by-default.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list