From b524e5118a8fdc3da0cd787406d78247031c0698 Mon Sep 17 00:00:00 2001 From: Michael Trip Date: Fri, 19 Nov 2021 10:49:17 +0100 Subject: [PATCH 01/10] first attempt in making this work for newer versions of proxmox --- build/proxmox/Dockerfile | 4 ++-- build/proxmox/build.sh | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/build/proxmox/Dockerfile b/build/proxmox/Dockerfile index 3896f0e..d2ac471 100644 --- a/build/proxmox/Dockerfile +++ b/build/proxmox/Dockerfile @@ -3,13 +3,13 @@ # This Dockerfile builds the newest kernel with RMRR patch # # TODO Add support for custom branch of build -FROM debian:buster +FROM debian:bullseye RUN mkdir -p /build WORKDIR /build RUN set -x \ && apt update && apt install -y ca-certificates wget \ - && wget -O /build/build.sh 'https://raw.githubusercontent.com/kiler129/relax-intel-rmrr/master/build/proxmox/build.sh' + && wget -O /build/build.sh 'https://raw.githubusercontent.com/MichaelTrip/relax-intel-rmrr/master/build/proxmox/build.sh' RUN bash /build/build.sh diff --git a/build/proxmox/build.sh b/build/proxmox/build.sh index a80f3e7..789e711 100644 --- a/build/proxmox/build.sh +++ b/build/proxmox/build.sh @@ -37,8 +37,9 @@ else echo "Step 1.0: Adding Proxmox apt repository..." apt -y update apt -y install gnupg - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7BF2812E8A6E88E0 - echo 'deb http://download.proxmox.com/debian/pve buster pve-no-subscription' > /etc/apt/sources.list.d/pve.list + #apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7BF2812E8A6E88E0 + wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg + echo 'deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription' > /etc/apt/sources.list.d/pve.list fi # Install all packages required to build the kernel & create *.deb packages for installation @@ -61,8 +62,8 @@ cd proxmox-kernel # Clone official Proxmox kernel repo & Relaxed RMRR Mapping patch echo "Step 2.1: Downloading Proxmox kernel toolchain & patches" -git clone --depth=1 -b pve-kernel-5.4 git://git.proxmox.com/git/pve-kernel.git -git clone --depth=1 https://github.com/kiler129/relax-intel-rmrr.git +git clone --depth=1 -b pve-kernel-5.11 git://git.proxmox.com/git/pve-kernel.git +git clone --depth=1 https://github.com/MichaelTrip/relax-intel-rmrr.git # Go to the actual Proxmox toolchain cd pve-kernel From d4e45296ed614b559bdd790c6dccf4ce9be73dc5 Mon Sep 17 00:00:00 2001 From: Michael Trip Date: Fri, 19 Nov 2021 10:51:17 +0100 Subject: [PATCH 02/10] changed build script --- build/proxmox/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/proxmox/build.sh b/build/proxmox/build.sh index 789e711..1e662df 100644 --- a/build/proxmox/build.sh +++ b/build/proxmox/build.sh @@ -48,7 +48,7 @@ apt -y update apt -y install git nano screen patch fakeroot build-essential devscripts libncurses5 libncurses5-dev libssl-dev bc \ flex bison libelf-dev libaudit-dev libgtk2.0-dev libperl-dev asciidoc xmlto gnupg gnupg2 rsync lintian debhelper \ libdw-dev libnuma-dev libslang2-dev sphinx-common asciidoc-base automake cpio dh-python file gcc kmod libiberty-dev \ - libpve-common-perl libtool perl-modules python-minimal sed tar zlib1g-dev lz4 curl + libpve-common-perl libtool perl-modules python2-minimal sed tar zlib1g-dev lz4 curl From ea9609a2ce15eb374e4443c36db1d143dd1504b0 Mon Sep 17 00:00:00 2001 From: Michael Trip Date: Sun, 21 Nov 2021 19:25:41 +0100 Subject: [PATCH 03/10] fixed code from jamestutton/relax-intel-rmrr and merged it with my own fork --- build/proxmox/Dockerfile | 19 ++++++++++-- build/proxmox/README.md | 7 ++--- build/proxmox/build.sh | 44 +++++++++++++++++---------- build/proxmox/build7.sh | 9 ++++++ build/proxmox/docker-compose.yaml | 9 ++++++ patches/add-relaxable-rmrr-5_11.patch | 31 +++++++++++++++++++ patches/proxmox7.patch | 22 ++++++++++++++ 7 files changed, 118 insertions(+), 23 deletions(-) create mode 100755 build/proxmox/build7.sh create mode 100644 build/proxmox/docker-compose.yaml create mode 100644 patches/add-relaxable-rmrr-5_11.patch create mode 100644 patches/proxmox7.patch diff --git a/build/proxmox/Dockerfile b/build/proxmox/Dockerfile index d2ac471..8371d98 100644 --- a/build/proxmox/Dockerfile +++ b/build/proxmox/Dockerfile @@ -10,6 +10,21 @@ WORKDIR /build RUN set -x \ && apt update && apt install -y ca-certificates wget \ - && wget -O /build/build.sh 'https://raw.githubusercontent.com/MichaelTrip/relax-intel-rmrr/master/build/proxmox/build.sh' + && wget -O /build/build.sh 'https://raw.githubusercontent.com/kiler129/relax-intel-rmrr/master/build/proxmox/build.sh' -RUN bash /build/build.sh +RUN apt -y update +RUN apt -y install git nano screen patch fakeroot build-essential devscripts libncurses5 libncurses5-dev libssl-dev bc \ + flex bison libelf-dev libaudit-dev libgtk2.0-dev libperl-dev asciidoc xmlto gnupg gnupg2 rsync lintian debhelper \ + libdw-dev libnuma-dev libslang2-dev sphinx-common asciidoc-base automake cpio dh-python file gcc kmod libiberty-dev \ + libtool perl-modules python3-minimal sed tar zlib1g-dev lz4 curl dwarves + +#Need pahole 1.16 or above +RUN TEMP_DEB="$(mktemp)" && \ + wget -O "$TEMP_DEB" http://archive.ubuntu.com/ubuntu/pool/universe/d/dwarves-dfsg/dwarves_1.21-0ubuntu1~20.04_amd64.deb && \ + dpkg -i "$TEMP_DEB" && \ + rm -f "$TEMP_DEB" + + +COPY *.sh /build/ + +RUN bash /build/build7.sh diff --git a/build/proxmox/README.md b/build/proxmox/README.md index c6db0ea..2129c03 100644 --- a/build/proxmox/README.md +++ b/build/proxmox/README.md @@ -17,7 +17,7 @@ guide if you want to build packages in an isolated environment. 3. ~30GB of free space #### Steps -1. Download the [build script](build.sh) (e.g. use `wget https://raw.githubusercontent.com/kiler129/relax-intel-rmrr/master/build/proxmox/build.sh`) +1. Download the [build script](build.sh) (e.g. use `wget https://raw.githubusercontent.com/kiler129/relax-intel-rmrr/build/proxmox/build.sh`) 2. Run the [`build.sh`](build.sh) script from terminal: `RMRR_AUTOINSTALL=1 bash ./build.sh` *You can also manually execute commands in the script step-by-step. To facilitate that the script contains @@ -50,9 +50,6 @@ This is mostly intended for building packages for later use (and/or when you don 3. Copy debs *(it will give you `debs` folder)*: `docker cp build-cont:/build/proxmox-kernel/debs ./` 4. Cleanup image & dummy container: - ``` - docker rm -f build-cont - docker rmi -f build-img - ``` + `docker rmi -f build-img` Now you can [install debs like you would premade packages](../../README.md#proxmox---premade-packages-easy). diff --git a/build/proxmox/build.sh b/build/proxmox/build.sh index 1e662df..1d63148 100644 --- a/build/proxmox/build.sh +++ b/build/proxmox/build.sh @@ -1,6 +1,21 @@ #!/usr/bin/env bash set -e +: "${PVE_KERNEL_BRANCH:=master}" +: "${RELAX_INTEL_GIT_REPO:=https://github.com/kiler129/relax-intel-rmrr.git}" +: "${PROXMOX_PATCH:=proxmox.patch}" +: "${RELAX_PATCH:=proxmox.patch}" + +echo '###########################################################' +echo '################ Settings ################################' +echo '###########################################################' + +echo "PVE_KERNEL_BRANCH:${PVE_KERNEL_BRANCH}" +echo "RELAX_INTEL_GIT_REPO:${RELAX_INTEL_GIT_REPO}" +echo "PROXMOX_PATCH:${PROXMOX_PATCH}" +echo "RELAX_PATCH:${RELAX_PATCH}" + + ################################################################################# # This script is a part of https://github.com/kiler129/relax-intel-rmrr project # ################################################################################# @@ -37,7 +52,7 @@ else echo "Step 1.0: Adding Proxmox apt repository..." apt -y update apt -y install gnupg - #apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7BF2812E8A6E88E0 + # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7BF2812E8A6E88E0 wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg echo 'deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription' > /etc/apt/sources.list.d/pve.list fi @@ -48,7 +63,7 @@ apt -y update apt -y install git nano screen patch fakeroot build-essential devscripts libncurses5 libncurses5-dev libssl-dev bc \ flex bison libelf-dev libaudit-dev libgtk2.0-dev libperl-dev asciidoc xmlto gnupg gnupg2 rsync lintian debhelper \ libdw-dev libnuma-dev libslang2-dev sphinx-common asciidoc-base automake cpio dh-python file gcc kmod libiberty-dev \ - libpve-common-perl libtool perl-modules python2-minimal sed tar zlib1g-dev lz4 curl + libpve-common-perl libtool perl-modules python3-minimal sed tar zlib1g-dev lz4 curl @@ -62,26 +77,23 @@ cd proxmox-kernel # Clone official Proxmox kernel repo & Relaxed RMRR Mapping patch echo "Step 2.1: Downloading Proxmox kernel toolchain & patches" -git clone --depth=1 -b pve-kernel-5.11 git://git.proxmox.com/git/pve-kernel.git -git clone --depth=1 https://github.com/MichaelTrip/relax-intel-rmrr.git +git clone --depth=1 -b ${PVE_KERNEL_BRANCH} git://git.proxmox.com/git/pve-kernel.git +git clone --depth=1 ${RELAX_INTEL_GIT_REPO} # Go to the actual Proxmox toolchain cd pve-kernel -# (OPTIONAL) Download flat copy of Ubuntu Focal kernel submodule +# (OPTIONAL) Download flat copy of Ubuntu hirsute kernel submodule +# If you skip this the "make" of Proxmox kernel toolchain will download a copy (a Proxmox kernel is based on Ubuntu # If you skip this the "make" of Proxmox kernel toolchain will download a copy (a Proxmox kernel is based on Ubuntu -# Focal kernel). However, it will download it with the whole history etc which takes A LOT of space (and time). This +# hirsute kernel). However, it will download it with the whole history etc which takes A LOT of space (and time). This # bypasses the process safely. # This curl skips certificate validation because Proxmox GIT WebUI doesn't send Let's Encrypt intermediate cert echo "Step 2.2: Downloading base kernel" -curl -f -k "https://git.proxmox.com/?p=mirror_ubuntu-focal-kernel.git;a=snapshot;h=$(git submodule status submodules/ubuntu-focal | cut -c 2-41);sf=tgz" --output kernel.tgz || true - -if [[ -f "kernel.tgz" ]]; then - tar -xf kernel.tgz -C submodules/ubuntu-focal/ --strip 1 - rm kernel.tgz -else - echo "[-] Failed to download flat base kernel (will use git instead)" -fi +#TODO: This needs a proxmox7 fix +# curl -k "https://git.proxmox.com/?p=mirror_ubuntu-hirsute-kernel.git;a=snapshot;h=$(git submodule status submodules/ubuntu-hirsute | cut -c 2-41);sf=tgz" --output kernel.tgz +# tar -xf kernel.tgz -C submodules/ubuntu-hirsute/ --strip 1 +# rm kernel.tgz @@ -89,8 +101,8 @@ echo '###########################################################' echo '################# STEP 3 - CREATE KERNEL ##################' echo '###########################################################' echo "Step 3.0: Applying patches" -cp ../relax-intel-rmrr/patches/add-relaxable-rmrr-below-5_8.patch ./patches/kernel/CUSTOM-add-relaxable-rmrr.patch -patch -p1 < ../relax-intel-rmrr/patches/proxmox.patch +cp ../relax-intel-rmrr/patches/${RELAX_PATCH} ./patches/kernel/CUSTOM-add-relaxable-rmrr.patch +patch -p1 < ../relax-intel-rmrr/patches/${PROXMOX_PATCH} echo "Step 3.1: Compiling kernel... (it will take 30m-3h)" diff --git a/build/proxmox/build7.sh b/build/proxmox/build7.sh new file mode 100755 index 0000000..19f2508 --- /dev/null +++ b/build/proxmox/build7.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +set -e + +export PVE_KERNEL_BRANCH=pve-kernel-5.11 +export RELAX_INTEL_GIT_REPO="https://github.com/jamestutton/relax-intel-rmrr.git" +export RELAX_PATCH="add-relaxable-rmrr-5_11.patch" +export PROXMOX_PATCH="proxmox7.patch" + +./build.sh \ No newline at end of file diff --git a/build/proxmox/docker-compose.yaml b/build/proxmox/docker-compose.yaml new file mode 100644 index 0000000..b5bb3c2 --- /dev/null +++ b/build/proxmox/docker-compose.yaml @@ -0,0 +1,9 @@ +version: '3' +services: + build-cont: + image: build-img + build: . + stdin_open: true + tty: true + volumes: + - ./debs:/build/proxmox-kernel/debs \ No newline at end of file diff --git a/patches/add-relaxable-rmrr-5_11.patch b/patches/add-relaxable-rmrr-5_11.patch new file mode 100644 index 0000000..e453d19 --- /dev/null +++ b/patches/add-relaxable-rmrr-5_11.patch @@ -0,0 +1,31 @@ +--- a/drivers/iommu/intel/iommu.c 2021-07-30 16:21:22.235520365 +0100 ++++ b/drivers/iommu/intel/iommu.c 2021-07-30 16:28:28.905719413 +0100 +@@ -355,6 +355,7 @@ + static int intel_iommu_superpage = 1; + static int iommu_identity_mapping; + static int iommu_skip_te_disable; ++static int intel_relaxable_rmrr = 0; + + #define IDENTMAP_GFX 2 + #define IDENTMAP_AZALIA 4 +@@ -455,7 +456,10 @@ + } else if (!strncmp(str, "tboot_noforce", 13)) { + pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n"); + intel_iommu_tboot_noforce = 1; +- } ++ } else if (!strncmp(str, "relax_rmrr", 10)) { ++ pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n"); ++ intel_relaxable_rmrr = 1; ++ } + + str += strcspn(str, ","); + while (*str == ',') +@@ -2802,7 +2806,7 @@ + return false; + + pdev = to_pci_dev(dev); +- if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) ++ if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) + return true; + else + return false; diff --git a/patches/proxmox7.patch b/patches/proxmox7.patch new file mode 100644 index 0000000..f1bdc26 --- /dev/null +++ b/patches/proxmox7.patch @@ -0,0 +1,22 @@ +--- a/Makefile ++++ b/Makefile +@@ -11,7 +11,7 @@ + KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN) + KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL) + +-EXTRAVERSION=-${KREL}-pve ++EXTRAVERSION=-${KREL}-pve-relaxablermrr + KVNAME=${KERNEL_VER}${EXTRAVERSION} + PACKAGE=pve-kernel-${KVNAME} + HDRPACKAGE=pve-headers-${KVNAME} +--- a/debian/scripts/find-firmware.pl ++++ b/debian/scripts/find-firmware.pl +@@ -8,7 +8,7 @@ + + die "no such directory" if ! -d $dir; + +-die "strange directory name: $dir" if $dir !~ m|^(.*/)?(\d+.\d+.\d+\-\d+\-pve)(/+)?$|; ++#die "strange directory name: $dir" if $dir !~ m|^(.*/)?(\d+.\d+.\d+\-\d+\-pve)(/+)?$|; + + + my $apiver = $2; From c82ed6ea76b880b760b6677275a1f8f66d89bf2e Mon Sep 17 00:00:00 2001 From: Michael Trip Date: Sun, 21 Nov 2021 19:28:41 +0100 Subject: [PATCH 04/10] fixed chmod --- build/proxmox/build.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 build/proxmox/build.sh diff --git a/build/proxmox/build.sh b/build/proxmox/build.sh old mode 100644 new mode 100755 From 88dc4ad4a4dc19157a764bf0f72282fd1425b4f0 Mon Sep 17 00:00:00 2001 From: Michael Trip Date: Sun, 19 Dec 2021 21:08:08 +0100 Subject: [PATCH 05/10] added zstd to packages --- build/proxmox/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/proxmox/build.sh b/build/proxmox/build.sh index 1d63148..acaddb1 100755 --- a/build/proxmox/build.sh +++ b/build/proxmox/build.sh @@ -63,7 +63,7 @@ apt -y update apt -y install git nano screen patch fakeroot build-essential devscripts libncurses5 libncurses5-dev libssl-dev bc \ flex bison libelf-dev libaudit-dev libgtk2.0-dev libperl-dev asciidoc xmlto gnupg gnupg2 rsync lintian debhelper \ libdw-dev libnuma-dev libslang2-dev sphinx-common asciidoc-base automake cpio dh-python file gcc kmod libiberty-dev \ - libpve-common-perl libtool perl-modules python3-minimal sed tar zlib1g-dev lz4 curl + libpve-common-perl libtool perl-modules python3-minimal sed tar zlib1g-dev lz4 curl zstd From f61cf36ecf1fa7b97065cbe08cb161c3a810ef59 Mon Sep 17 00:00:00 2001 From: Michael Trip Date: Sun, 19 Dec 2021 21:08:18 +0100 Subject: [PATCH 06/10] pushed kernel version to 5.13 --- build/proxmox/build7.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/proxmox/build7.sh b/build/proxmox/build7.sh index 19f2508..d17cce9 100755 --- a/build/proxmox/build7.sh +++ b/build/proxmox/build7.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -e -export PVE_KERNEL_BRANCH=pve-kernel-5.11 +export PVE_KERNEL_BRANCH=pve-kernel-5.13 export RELAX_INTEL_GIT_REPO="https://github.com/jamestutton/relax-intel-rmrr.git" export RELAX_PATCH="add-relaxable-rmrr-5_11.patch" export PROXMOX_PATCH="proxmox7.patch" From 63d133f8e01d65aa715d91295e5f3a955d2bd3ff Mon Sep 17 00:00:00 2001 From: OrpheeGT Date: Sat, 26 Feb 2022 14:37:04 +0100 Subject: [PATCH 07/10] add dwarves dependency --- build/proxmox/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/proxmox/build.sh b/build/proxmox/build.sh index acaddb1..d6d4243 100755 --- a/build/proxmox/build.sh +++ b/build/proxmox/build.sh @@ -63,7 +63,7 @@ apt -y update apt -y install git nano screen patch fakeroot build-essential devscripts libncurses5 libncurses5-dev libssl-dev bc \ flex bison libelf-dev libaudit-dev libgtk2.0-dev libperl-dev asciidoc xmlto gnupg gnupg2 rsync lintian debhelper \ libdw-dev libnuma-dev libslang2-dev sphinx-common asciidoc-base automake cpio dh-python file gcc kmod libiberty-dev \ - libpve-common-perl libtool perl-modules python3-minimal sed tar zlib1g-dev lz4 curl zstd + libpve-common-perl libtool perl-modules python3-minimal sed tar zlib1g-dev lz4 curl zstd dwarves From d46193c19eb498e916f02a0fc5496e7a4792630d Mon Sep 17 00:00:00 2001 From: OrpheeGT Date: Sat, 26 Feb 2022 14:38:12 +0100 Subject: [PATCH 08/10] PVE 7.1-10 OIMMU patch --- patches/add-relaxable-rmrr-5_13.patch | 29 +++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 patches/add-relaxable-rmrr-5_13.patch diff --git a/patches/add-relaxable-rmrr-5_13.patch b/patches/add-relaxable-rmrr-5_13.patch new file mode 100644 index 0000000..427eed2 --- /dev/null +++ b/patches/add-relaxable-rmrr-5_13.patch @@ -0,0 +1,29 @@ +--- a/drivers/iommu/intel/iommu.c 2022-02-26 13:51:33.821885509 +0100 ++++ b/drivers/iommu/intel/iommu.c 2022-02-26 13:58:27.231463792 +0100 +@@ -364,6 +364,7 @@ + static int intel_iommu_superpage = 1; + static int iommu_identity_mapping; + static int iommu_skip_te_disable; ++static int intel_relaxable_rmrr = 0; + + #define IDENTMAP_GFX 2 + #define IDENTMAP_AZALIA 4 +@@ -465,6 +466,9 @@ + } else if (!strncmp(str, "tboot_noforce", 13)) { + pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n"); + intel_iommu_tboot_noforce = 1; ++ } else if (!strncmp(str, "relax_rmrr", 10)) { ++ pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n"); ++ intel_relaxable_rmrr = 1; + } else { + pr_notice("Unknown option - '%s'\n", str); + } +@@ -2846,7 +2850,7 @@ + return false; + + pdev = to_pci_dev(dev); +- if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) ++ if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) + return true; + else + return false; From 38fa9496d38a3b3d7271092ffb8037f9857a779a Mon Sep 17 00:00:00 2001 From: OrpheeGT Date: Sat, 26 Feb 2022 14:38:59 +0100 Subject: [PATCH 09/10] Build 7.1-10 script --- build/proxmox/build7.1-10.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 build/proxmox/build7.1-10.sh diff --git a/build/proxmox/build7.1-10.sh b/build/proxmox/build7.1-10.sh new file mode 100644 index 0000000..e3c15f3 --- /dev/null +++ b/build/proxmox/build7.1-10.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +set -e + +export PVE_KERNEL_BRANCH=pve-kernel-5.13 +export RELAX_INTEL_GIT_REPO="https://github.com/OrpheeGT/relax-intel-rmrr.git" +export RELAX_PATCH="add-relaxable-rmrr-5_13.patch" +export PROXMOX_PATCH="proxmox7.patch" + +./build.sh From 3fc331b6584d7c55ed83bf3176475066f3c4d949 Mon Sep 17 00:00:00 2001 From: OrpheeGT Date: Sun, 27 Feb 2022 12:11:08 +0100 Subject: [PATCH 10/10] Create add-relaxable-rmrr-5_15.patch --- patches/add-relaxable-rmrr-5_15.patch | 29 +++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 patches/add-relaxable-rmrr-5_15.patch diff --git a/patches/add-relaxable-rmrr-5_15.patch b/patches/add-relaxable-rmrr-5_15.patch new file mode 100644 index 0000000..365061d --- /dev/null +++ b/patches/add-relaxable-rmrr-5_15.patch @@ -0,0 +1,29 @@ +--- a/drivers/iommu/intel/iommu.c 2022-02-27 12:02:53.958814198 +0100 ++++ b/drivers/iommu/intel/iommu.c 2022-02-27 12:03:07.402842983 +0100 +@@ -338,6 +338,7 @@ + static int intel_iommu_superpage = 1; + static int iommu_identity_mapping; + static int iommu_skip_te_disable; ++static int intel_relaxable_rmrr = 0; + + #define IDENTMAP_GFX 2 + #define IDENTMAP_AZALIA 4 +@@ -442,6 +443,9 @@ + } else if (!strncmp(str, "tboot_noforce", 13)) { + pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n"); + intel_iommu_tboot_noforce = 1; ++ } else if (!strncmp(str, "relax_rmrr", 10)) { ++ pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n"); ++ intel_relaxable_rmrr = 1; + } else { + pr_notice("Unknown option - '%s'\n", str); + } +@@ -2824,7 +2828,7 @@ + return false; + + pdev = to_pci_dev(dev); +- if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) ++ if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) + return true; + else + return false;