Merge branch 'master' of git://projects.parabolagnulinux.org/abslibre

author: Drtan Samos <lashdu@drtan.twilightparadox.com> 2014-03-03 18:49:15 +0100
committer: Drtan Samos <lashdu@drtan.twilightparadox.com> 2014-03-03 18:49:15 +0100
commit: 926e54e67433d33d75b19b21544c5b8303389aa0 (patch)
tree: 6177f2e93611ffba8ef822da12850bf3565d7766 /kernels
parent: c850156e865805296b73eee01caa4b4469191437 (diff)
parent: 535ef7c5859bc88ca3a0d382261632ec8d8df066 (diff)
download: abslibre-926e54e67433d33d75b19b21544c5b8303389aa0.tar.gz
abslibre-926e54e67433d33d75b19b21544c5b8303389aa0.tar.bz2
abslibre-926e54e67433d33d75b19b21544c5b8303389aa0.zip
36 files changed, 598 insertions, 1604 deletions
diff --git a/kernels/gradm/PKGBUILD b/kernels/gradm/PKGBUILD
index 52e0582b7..6ca4aacd9 100644
--- a/kernels/gradm/PKGBUILD
+++ b/kernels/gradm/PKGBUILD
@@ -5,8 +5,8 @@
 
 pkgname=gradm
 pkgver=3.0
-_timestamp=201311242038
-pkgrel=2
+_timestamp=201401291757
+pkgrel=4
 pkgdesc='Administrative interface for the grsecurity Role Based Access Control system'
 arch=(i686 x86_64 mips64el)
 url=http://grsecurity.net/
@@ -14,14 +14,12 @@ license=(GPL2)
 depends=(pam)
 source=(
   http://grsecurity.net/stable/$pkgname-$pkgver-$_timestamp.tar.gz
-  usr.patch
   learn_config
   policy
 )
 
 build() {
   cd "$srcdir/$pkgname"
-  patch -Np1 < ../usr.patch
   sed -i -e 's/^CFLAGS :=/CFLAGS +=/' -e 's:sbin:usr/bin:' Makefile
   make
 }
@@ -33,7 +31,6 @@ package() {
   rm -rf "$pkgdir/dev"
 }
 
-sha256sums=('9d9040ef2be90b6a4db5b68ba5b7bc658cbbcdb8c71c643b8f95373e4a892e55'
-            '7342323d2da3724afe745506690a1a5b194f3f0e959811ca320d820bf74c9ffa'
+sha256sums=('9c99714e6d10797a7348c6ffe2561dfcfe5e7659c9d86118d381b8bdb09ae7a6'
             'ec8e824e8a29a67be76bf853814ee85e80c4063009e5693d5db8cdb45bd45813'
             '61c0e84098e8386e5496dafce559558adef32e2a4a1241a9fa3bd56eab192dcd')
diff --git a/kernels/gradm/usr.patch b/kernels/gradm/usr.patch
deleted file mode 100644
index b3e5e77ab..000000000
--- a/kernels/gradm/usr.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-diff --git a/gradm_adm.c b/gradm_adm.c
-index bdcfd7d..9681b3c 100644
---- a/gradm_adm.c
-+++ b/gradm_adm.c
-@@ -72,12 +72,13 @@ add_gradm_acl(struct role_acl *role)
- 
- 	gradm_name = gr_strdup(gradm_realpath);
- 	if (gr_enable && strcmp(gradm_name, GRADM_PATH)) {
--		printf("You are attempting to use a gradm binary other "
--		       "than the installed version.  Depending on your "
-+		printf("You are attempting to use a gradm binary (%s) other "
-+		       "than the installed version (%s).  Depending on your "
- 		       "policy, you could be locking yourself out of "
- 		       "your machine by enabling the RBAC system with "
- 		       "this binary.  Press \'y\' if you wish to ignore "
--		       "this warning, or any other key to cancel.\n>");
-+		       "this warning, or any other key to cancel.\n>",
-+		       gradm_name, GRADM_PATH);
- 		if (getchar() != 'y')
- 			exit(EXIT_FAILURE);
- 	}
-@@ -259,11 +260,6 @@ static void add_fulllearn_shutdown_acl(void)
- 	ADD_OBJ("/dev/urandom", "r");
- 	ADD_OBJ("/dev/random", "r");
- 	ADD_OBJ("/etc", "r");
--	ADD_OBJ("/bin", "rx");
--	ADD_OBJ("/sbin", "rx");
--	ADD_OBJ("/lib", "rx");
--	ADD_OBJ("/lib32", "rx");
--	ADD_OBJ("/lib64", "rx");
- 	ADD_OBJ("/usr", "rx");
- 	ADD_OBJ("/proc", "r");
- 	ADD_OBJ("/boot", "h");
-@@ -276,9 +272,9 @@ static void add_fulllearn_shutdown_acl(void)
- 	ADD_OBJ("/proc/slabinfo", "h");
- 	ADD_OBJ("/proc/modules", "h");
- 	ADD_OBJ("/proc/kallsyms", "h");
--	ADD_OBJ("/lib/modules", "hs");
--	ADD_OBJ("/lib32/modules", "hs");
--	ADD_OBJ("/lib64/modules", "hs");
-+	ADD_OBJ("/usr/lib/modules", "hs");
-+	ADD_OBJ("/usr/lib32/modules", "hs");
-+	ADD_OBJ("/usr/lib64/modules", "hs");
- 	ADD_OBJ("/etc/ssh", "h");
- 	add_cap_acl(current_subject, "-CAP_ALL", NULL);
- 
-diff --git a/gradm_analyze.c b/gradm_analyze.c
-index 74ec86f..da365a4 100644
---- a/gradm_analyze.c
-+++ b/gradm_analyze.c
-@@ -778,17 +778,17 @@ analyze_acls(void)
- 			errs_found++;
- 		}
- 
--		if (!stat("/lib/modules", &fstat) && !check_permission(role, def_acl, "/lib/modules", &chk)) {
-+		if (!stat("/usr/lib/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib/modules", &chk)) {
- 			fprintf(stderr,
--				"Writing access is allowed by role %s to /lib/modules, the directory which "
-+				"Writing access is allowed by role %s to /usr/lib/modules, the directory which "
- 				"holds kernel modules.\n\n",
- 				role->rolename);
- 			errs_found++;
- 		}
- 
--		if (!stat("/lib64/modules", &fstat) && !check_permission(role, def_acl, "/lib64/modules", &chk)) {
-+		if (!stat("/usr/lib64/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib64/modules", &chk)) {
- 			fprintf(stderr,
--				"Writing access is allowed by role %s to /lib64/modules, the directory which "
-+				"Writing access is allowed by role %s to /usr/lib64/modules, the directory which "
- 				"holds kernel modules.\n\n",
- 				role->rolename);
- 			errs_found++;
-diff --git a/gradm_defs.h b/gradm_defs.h
-index 961a7b9..56d6378 100644
---- a/gradm_defs.h
-+++ b/gradm_defs.h
-@@ -4,9 +4,9 @@
- #ifndef GRSEC_DIR
- #define GRSEC_DIR		"/etc/grsec"
- #endif
--#define GRLEARN_PATH		"/sbin/grlearn"
--#define GRADM_PATH		"/sbin/gradm"
--#define GRPAM_PATH		"/sbin/gradm_pam"
-+#define GRLEARN_PATH	"/usr/bin/grlearn"
-+#define GRADM_PATH		"/usr/bin/gradm"
-+#define GRPAM_PATH		"/usr/bin/gradm_pam"
- #define GRDEV_PATH		"/dev/grsec"
- #define GR_POLICY_PATH 		GRSEC_DIR "/policy"
- #define GR_PW_PATH 		GRSEC_DIR "/pw"
-diff --git a/gradm_fulllearn.c b/gradm_fulllearn.c
-index 4d10060..6ce744d 100644
---- a/gradm_fulllearn.c
-+++ b/gradm_fulllearn.c
-@@ -449,8 +449,8 @@ static const char *initial_roles_str =
- "\t/proc/slabinfo\th\n"
- "\t/proc/modules\th\n"
- "\t/proc/kallsyms\th\n"
--"\t/lib/modules\ths\n"
--"\t/lib64/modules\ths\n"
-+"\t/usr/lib/modules\ths\n"
-+"\t/usr/lib64/modules\ths\n"
- "\t/etc/ssh\th\n"
- "}\n\n"
- "role admin sA\n"
-@@ -463,10 +463,6 @@ static const char *initial_roles_str =
- "\t/dev/urandom r\n"
- "\t/dev/random r\n"
- "\t/etc r\n"
--"\t/bin rx\n"
--"\t/sbin rx\n"
--"\t/lib rx\n"
--"\t/lib64 rx\n"
- "\t/usr rx\n"
- "\t/proc r\n"
- "\t$grsec_denied\n"
diff --git a/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch b/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch
deleted file mode 100644
index 93803d2e6..000000000
--- a/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 2bd7c7b5f011b3d57e4f5625b561a6f3f2f34a81 Mon Sep 17 00:00:00 2001
-From: Trond Myklebust <trond.myklebust@primarydata.com>
-Date: Sun, 16 Feb 2014 12:14:13 -0500
-Subject: [PATCH] SUNRPC: Ensure that gss_auth isn't freed before its upcall
- messages
-
-Fix a race in which the RPC client is shutting down while the
-gss daemon is processing a downcall. If the RPC client manages to
-shut down before the gss daemon is done, then the struct gss_auth
-used in gss_release_msg() may have already been freed.
-
-Link: http://lkml.kernel.org/r/1392494917.71728.YahooMailNeo@web140002.mail.bf1.yahoo.com
-Reported-by: John <da_audiophile@yahoo.com>
-Reported-by: Borislav Petkov <bp@alien8.de>
-Cc: stable@vger.kernel.org # 3.12+
-Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
----
- net/sunrpc/auth_gss/auth_gss.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
-index 42fdfc6..a642fd616 100644
---- a/net/sunrpc/auth_gss/auth_gss.c
-+++ b/net/sunrpc/auth_gss/auth_gss.c
-@@ -108,6 +108,7 @@ struct gss_auth {
- static DEFINE_SPINLOCK(pipe_version_lock);
- static struct rpc_wait_queue pipe_version_rpc_waitqueue;
- static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
-+static void gss_put_auth(struct gss_auth *gss_auth);
- 
- static void gss_free_ctx(struct gss_cl_ctx *);
- static const struct rpc_pipe_ops gss_upcall_ops_v0;
-@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
- 	if (gss_msg->ctx != NULL)
- 		gss_put_ctx(gss_msg->ctx);
- 	rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
-+	gss_put_auth(gss_msg->auth);
- 	kfree(gss_msg);
- }
- 
-@@ -500,6 +502,7 @@ gss_alloc_msg(struct gss_auth *gss_auth,
- 		if (err)
- 			goto err_free_msg;
- 	};
-+	kref_get(&gss_auth->kref);
- 	return gss_msg;
- err_free_msg:
- 	kfree(gss_msg);
-@@ -1071,6 +1074,12 @@ gss_free_callback(struct kref *kref)
- }
- 
- static void
-+gss_put_auth(struct gss_auth *gss_auth)
-+{
-+	kref_put(&gss_auth->kref, gss_free_callback);
-+}
-+
-+static void
- gss_destroy(struct rpc_auth *auth)
- {
- 	struct gss_auth *gss_auth = container_of(auth,
-@@ -1091,7 +1100,7 @@ gss_destroy(struct rpc_auth *auth)
- 	gss_auth->gss_pipe[1] = NULL;
- 	rpcauth_destroy_credcache(auth);
- 
--	kref_put(&gss_auth->kref, gss_free_callback);
-+	gss_put_auth(gss_auth);
- }
- 
- /*
-@@ -1262,7 +1271,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
- 	call_rcu(&cred->cr_rcu, gss_free_cred_callback);
- 	if (ctx)
- 		gss_put_ctx(ctx);
--	kref_put(&gss_auth->kref, gss_free_callback);
-+	gss_put_auth(gss_auth);
- }
- 
- static void
--- 
-1.9.0
-
diff --git a/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch
deleted file mode 100644
index c9ee40400..000000000
--- a/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001
-From: Steven Noonan <steven@uplinklabs.net>
-Date: Thu, 13 Feb 2014 07:01:07 +0000
-Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
-
-I started noticing problems with KVM guest destruction on Linux
-3.12+, where guest memory wasn't being cleaned up. I bisected it
-down to the commit introducing the new 'asm goto'-based atomics,
-and found this quirk was later applied to those.
-
-Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the
-known 'asm goto' bug) I am still getting some kind of
-miscompilation. If I enable the asm_volatile_goto quirk for my
-compiler, KVM guests are destroyed correctly and the memory is
-cleaned up.
-
-So make the quirk unconditional for now, until bug is found
-and fixed.
-
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Steven Noonan <steven@uplinklabs.net>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt <rostedt@goodmis.org>
-Cc: Jakub Jelinek <jakub@redhat.com>
-Cc: Richard Henderson <rth@twiddle.net>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Oleg Nesterov <oleg@redhat.com>
-Cc: <stable@vger.kernel.org>
-Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net
-Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
-diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..2507fd2 100644
---- a/include/linux/compiler-gcc4.h
-+++ b/include/linux/compiler-gcc4.h
-@@ -75,11 +75,7 @@
-  *
-  * (asm goto is automatically volatile - the naming reflects this.)
-  */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...)	do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
- 
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
---
-cgit v0.9.2
diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD
index b5aad3bbb..8f83b01e3 100644
--- a/kernels/linux-libre-grsec/PKGBUILD
+++ b/kernels/linux-libre-grsec/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $
+# $Id: PKGBUILD 206252 2014-02-22 22:54:25Z thomas $
 # Maintainer: Tobias Powalowski <tpowa@archlinux.org>
 # Maintainer: Thomas Baechler <thomas@archlinux.org>
 # Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -10,12 +10,12 @@
 pkgbase=linux-libre-grsec   # Build stock -LIBRE-GRSEC kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
 _basekernel=3.13
-_sublevel=4
+_sublevel=5
 _grsecver=3.0
-_timestamp=201402201908
+_timestamp=201402241943
 pkgver=${_basekernel}.${_sublevel}
 pkgrel=1
-_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.5 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="http://linux-libre.fsfla.org/"
 license=('GPL2')
@@ -39,16 +39,17 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         '0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch'
         '0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch'
         '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch'
-        '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch'
         '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch'
-        '0001-quirk-asm_volatile_goto.patch'
         'i8042-fix-aliases.patch'
+        'module-blacklist.conf'
+        'sysctl.conf'
+        'known-exploit-detection.patch'
         "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
 md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
-         '3659d30b1d06dd5b7874ae04c946863b'
-         '98bb51189e0fe96a10362ddcbb79a134'
-         'a2718a1b47c6c3b0774ce786488d22c3'
-         'cbe58a543b96ae282c674875b1940e59'
+         '6e59a1e4b891ca5fa8b03d488fa64e04'
+         '810f3caa18b89eda5b41a2cff5821a4a'
+         '21da34d98cc007a78a11660863537c0d'
+         'd4b95575b9cc32b7ba4ad8624972ddf9'
          '5f66bed97a5c37e48eb2f71b2d354b9a'
          '2967cecc3af9f954ccc822fd63dca6ff'
          '8267264d9a8966e57fdacd1fa1fc65c4'
@@ -61,11 +62,12 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
          '10dbaf863e22b2437e68f9190d65c861'
          'd5907a721b97299f0685c583499f7820'
          'a724515b350b29c53f20e631c6cf9a14'
-         '1ae4ec847f41fa1b6d488f956e94c893'
          'e6fa278c092ad83780e2dd0568e24ca6'
-         '6baa312bc166681f48e972824f3f6649'
          '93dbf73af819b77f03453a9c6de2bb47'
-         'ac92b702b8497d2be14f96e077a7f48f')
+         'f93ef6157fbb23820bd5ae08fd3f451e'
+         '0db7629711f4ed76bd1f9da9f97bc4ea'
+         'cb789bf97bc65fd4cf240d99df9c24c0'
+         '5fcb6203b54aaf7dcbdf6e2c6f159b14')
 if [ "$CARCH" != "mips64el" ]; then
     # don't use the Loongson-specific patches on non-mips64el arches.
     unset source[${#source[@]}-1]
@@ -116,18 +118,15 @@ prepare() {
   # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=23e66ba97127ff3b064d4c6c5138aa34eafc492f
   patch -p1 -i "${srcdir}/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch"
 
-  # Fix FS#38921
-  # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9eb2ddb48ce3a7bd745c14a933112994647fa3cd
-  patch -p1 -i "${srcdir}/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch"
-
   # Fix symbols: Revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83460ec8dcac14142e7860a01fa59c267ac4657c
   patch -Rp1 -i "${srcdir}/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch"
 
   # Fix i8042 aliases
   patch -p1 -i "${srcdir}/i8042-fix-aliases.patch"
-  # Fix compile issues
-  # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859
-  patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch"
+
+  # add known exploit detection patch
+  # http://lkml.org/lkml/2013/12/12/358
+  patch -Np1 -i "${srcdir}/known-exploit-detection.patch"
 
   if [ "$CARCH" == "mips64el" ]; then
     sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile
diff --git a/kernels/linux-libre-grsec/config.i686 b/kernels/linux-libre-grsec/config.i686
index 3d48a9b03..07840923d 100644
--- a/kernels/linux-libre-grsec/config.i686
+++ b/kernels/linux-libre-grsec/config.i686
@@ -497,7 +497,7 @@ CONFIG_KEXEC=y
 CONFIG_PHYSICAL_START=0x1000000
 CONFIG_RELOCATABLE=y
 CONFIG_X86_NEED_RELOCS=y
-CONFIG_PHYSICAL_ALIGN=0x100000
+CONFIG_PHYSICAL_ALIGN=0x1000000
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
@@ -5874,7 +5874,9 @@ CONFIG_JFFS2_FS_DEBUG=0
 CONFIG_JFFS2_FS_WRITEBUFFER=y
 # CONFIG_JFFS2_FS_WBUF_VERIFY is not set
 # CONFIG_JFFS2_SUMMARY is not set
-# CONFIG_JFFS2_FS_XATTR is not set
+CONFIG_JFFS2_FS_XATTR=y
+CONFIG_JFFS2_FS_POSIX_ACL=y
+CONFIG_JFFS2_FS_SECURITY=y
 # CONFIG_JFFS2_COMPRESSION_OPTIONS is not set
 CONFIG_JFFS2_ZLIB=y
 # CONFIG_JFFS2_LZO is not set
diff --git a/kernels/linux-libre-grsec/config.x86_64 b/kernels/linux-libre-grsec/config.x86_64
index 0269c67cc..f89860f78 100644
--- a/kernels/linux-libre-grsec/config.x86_64
+++ b/kernels/linux-libre-grsec/config.x86_64
@@ -5662,7 +5662,9 @@ CONFIG_JFFS2_FS_DEBUG=0
 CONFIG_JFFS2_FS_WRITEBUFFER=y
 # CONFIG_JFFS2_FS_WBUF_VERIFY is not set
 # CONFIG_JFFS2_SUMMARY is not set
-# CONFIG_JFFS2_FS_XATTR is not set
+CONFIG_JFFS2_FS_XATTR=y
+CONFIG_JFFS2_FS_POSIX_ACL=y
+CONFIG_JFFS2_FS_SECURITY=y
 # CONFIG_JFFS2_COMPRESSION_OPTIONS is not set
 CONFIG_JFFS2_ZLIB=y
 # CONFIG_JFFS2_LZO is not set
diff --git a/kernels/linux-libre-grsec/known-exploit-detection.patch b/kernels/linux-libre-grsec/known-exploit-detection.patch
index 4837a9ce5..7629b4d85 100644
--- a/kernels/linux-libre-grsec/known-exploit-detection.patch
+++ b/kernels/linux-libre-grsec/known-exploit-detection.patch
@@ -1,147 +1,29 @@
-diff --git a/include/linux/exploit.h b/include/linux/exploit.h
-new file mode 100644
-index 0000000..a8df72a
---- /dev/null
-+++ b/include/linux/exploit.h
-@@ -0,0 +1,23 @@
-+#ifndef _LINUX_EXPLOIT_H
-+#define _LINUX_EXPLOIT_H
-+
-+#ifdef CONFIG_EXPLOIT_DETECTION
-+extern void _exploit(const char *id);
-+
-+#define exploit_on(cond, id) \
-+	do { \
-+		if (unlikely(cond)) \
-+			_exploit(id); \
-+	} while (0)
-+
-+#else
-+
-+#define exploit_on(cond, id) \
-+	do { \
-+	} while (0)
-+
-+#endif
-+
-+#define exploit(id) exploit_on(true, id)
-+
-+#endif
-diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..a828dfb 100644
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -167,5 +167,17 @@ config DEFAULT_SECURITY
- 	default "yama" if DEFAULT_SECURITY_YAMA
- 	default "" if DEFAULT_SECURITY_DAC
- 
--endmenu
-+config EXPLOIT_DETECTION
-+	bool "Known exploit detection"
-+	depends on PRINTK
-+	default y
-+	help
-+	  This option enables the detection of users/programs who attempt to
-+	  break into the kernel using publicly known (past) exploits.
-+
-+	  Upon detection, a message will be printed in the kernel log.
- 
-+	  The runtime overhead of enabling this option is extremely small, so
-+	  you are recommended to say Y.
-+
-+endmenu
-diff --git a/security/Makefile b/security/Makefile
-index c26c81e..d152a1d 100644
---- a/security/Makefile
-+++ b/security/Makefile
-@@ -28,3 +28,5 @@ obj-$(CONFIG_CGROUP_DEVICE)		+= device_cgroup.o
- # Object integrity file lists
- subdir-$(CONFIG_INTEGRITY)		+= integrity
- obj-$(CONFIG_INTEGRITY)			+= integrity/built-in.o
-+
-+obj-$(CONFIG_EXPLOIT_DETECTION)		+= exploit.o
-diff --git a/security/exploit.c b/security/exploit.c
-new file mode 100644
-index 0000000..a732613
---- /dev/null
-+++ b/security/exploit.c
-@@ -0,0 +1,28 @@
-+#include <linux/cred.h>
+diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
+index 3432443..f5af562 100644
+--- a/arch/x86/kernel/msr.c
++++ b/arch/x86/kernel/msr.c
+@@ -38,6 +38,7 @@
+ #include <linux/uaccess.h>
+ #include <linux/gfp.h>
+ #include <linux/grsecurity.h>
 +#include <linux/exploit.h>
-+#include <linux/printk.h>
-+#include <linux/ratelimit.h>
-+#include <linux/sched.h>
-+
-+void _exploit(const char *id)
-+{
-+	/*
-+	 * This function needs to be super defensive/conservative, since
-+	 * userspace can easily get to it from several different contexts.
-+	 * We don't want it to become an attack vector in itself!
-+	 *
-+	 * We can assume that we're in process context, but spinlocks may
-+	 * be held, etc.
-+	 */
-+
-+	struct task_struct *task = current;
-+	pid_t pid = task_pid_nr(task);
-+	uid_t uid = from_kuid(&init_user_ns, current_uid());
-+	char comm[sizeof(task->comm)];
-+
-+	get_task_comm(comm, task);
-+
-+	pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n",
-+		id, pid, uid, comm);
-+}
-+EXPORT_SYMBOL(_exploit);
-diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
-index 75cef3f..65811d4 100644
---- a/include/uapi/linux/audit.h
-+++ b/include/uapi/linux/audit.h
-@@ -131,6 +131,7 @@
- #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
- #define AUDIT_ANOM_ABEND            1701 /* Process ended abnormally */
- #define AUDIT_ANOM_LINK		    1702 /* Suspicious use of file links */
-+#define AUDIT_ANOM_EXPLOIT          1703 /* Known exploit attempt */
- #define AUDIT_INTEGRITY_DATA	    1800 /* Data integrity verification */
- #define AUDIT_INTEGRITY_METADATA    1801 /* Metadata integrity verification */
- #define AUDIT_INTEGRITY_STATUS	    1802 /* Integrity enable status */
-diff --git a/security/exploit.c b/security/exploit.c
-index a732613..3d8ee5b 100644
---- a/security/exploit.c
-+++ b/security/exploit.c
-@@ -1,3 +1,4 @@
-+#include <linux/audit.h>
- #include <linux/cred.h>
- #include <linux/exploit.h>
- #include <linux/printk.h>
-@@ -19,9 +20,24 @@ void _exploit(const char *id)
- 	pid_t pid = task_pid_nr(task);
- 	uid_t uid = from_kuid(&init_user_ns, current_uid());
- 	char comm[sizeof(task->comm)];
-+#ifdef CONFIG_AUDIT
-+	struct audit_buffer *ab;
-+#endif
  
- 	get_task_comm(comm, task);
+ #include <asm/processor.h>
+ #include <asm/msr.h>
+@@ -184,8 +185,10 @@ static int msr_open(struct inode *inode, struct file *file)
+ 	unsigned int cpu = iminor(file_inode(file));
+ 	struct cpuinfo_x86 *c;
  
-+#ifdef CONFIG_AUDIT
-+	ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_ANOM_EXPLOIT);
-+	if (ab) {
-+		audit_log_format(ab, "exploit id=%s pid=%u uid=%u auid=%u ses=%u comm=",
-+			id, pid, uid,
-+			from_kuid(&init_user_ns, audit_get_loginuid(task)),
-+			audit_get_sessionid(task));
-+		audit_log_untrustedstring(ab, comm);
-+		audit_log_end(ab);
+-	if (!capable(CAP_SYS_RAWIO))
++	if (!capable(CAP_SYS_RAWIO)) {
++		exploit("CVE-2013-0268");
+ 		return -EPERM;
 +	}
-+#endif
-+
- 	pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n",
- 		id, pid, uid, comm);
- }
+ 
+ 	if (cpu >= nr_cpu_ids || !cpu_online(cpu))
+ 		return -ENXIO;	/* No such CPU */
 diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index bf34577..48490c1 100644
+index ee52ddd..be4c296 100644
 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
 +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
 @@ -32,6 +32,7 @@
@@ -150,9 +32,9 @@ index bf34577..48490c1 100644
  #include <linux/dma_remapping.h>
 +#include <linux/exploit.h>
  
- struct eb_objects {
- 	struct list_head objects;
-@@ -785,8 +786,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
+ #define  __EXEC_OBJECT_HAS_PIN (1<<31)
+ #define  __EXEC_OBJECT_HAS_FENCE (1<<30)
+@@ -878,8 +879,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
  		 * the worst case where we need to allocate the entire
  		 * relocation tree as a single array.
  		 */
@@ -164,30 +46,6 @@ index bf34577..48490c1 100644
  		relocs_total += exec[i].relocation_count;
  
  		length = exec[i].relocation_count *
-diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 88458fa..fad04f1 100644
---- a/arch/x86/kernel/msr.c
-+++ b/arch/x86/kernel/msr.c
-@@ -37,6 +37,7 @@
- #include <linux/notifier.h>
- #include <linux/uaccess.h>
- #include <linux/gfp.h>
-+#include <linux/exploit.h>
- 
- #include <asm/processor.h>
- #include <asm/msr.h>
-@@ -174,8 +175,10 @@ static int msr_open(struct inode *inode, struct file *file)
- 	unsigned int cpu = iminor(file_inode(file));
- 	struct cpuinfo_x86 *c;
- 
--	if (!capable(CAP_SYS_RAWIO))
-+	if (!capable(CAP_SYS_RAWIO)) {
-+		exploit("CVE-2013-0268");
- 		return -EPERM;
-+	}
- 
- 	if (cpu >= nr_cpu_ids || !cpu_online(cpu))
- 		return -ENXIO;	/* No such CPU */
 diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c
 index b1ce4c7..2fe83f0 100644
 --- a/fs/hfs/trans.c
@@ -212,50 +70,6 @@ index b1ce4c7..2fe83f0 100644
  	dst = out;
  	dstlen = HFS_MAX_NAMELEN;
  	if (nls_io) {
-diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index 13fb113..df7a51a 100644
---- a/kernel/user_namespace.c
-+++ b/kernel/user_namespace.c
-@@ -22,6 +22,7 @@
- #include <linux/ctype.h>
- #include <linux/projid.h>
- #include <linux/fs_struct.h>
-+#include <linux/exploit.h>
- 
- static struct kmem_cache *user_ns_cachep __read_mostly;
- 
-@@ -806,11 +807,15 @@ static bool new_idmap_permitted(const struct file *file,
- 			kuid_t uid = make_kuid(ns->parent, id);
- 			if (uid_eq(uid, file->f_cred->fsuid))
- 				return true;
-+
-+			exploit_on(uid_eq(uid, current_fsuid()), "CVE-2013-1959");
- 		}
- 		else if (cap_setid == CAP_SETGID) {
- 			kgid_t gid = make_kgid(ns->parent, id);
- 			if (gid_eq(gid, file->f_cred->fsgid))
- 				return true;
-+
-+			exploit_on(gid_eq(gid, current_fsgid()), "CVE-2013-1959");
- 		}
- 	}
- 
-@@ -822,9 +827,12 @@ static bool new_idmap_permitted(const struct file *file,
- 	 * (CAP_SETUID or CAP_SETGID) over the parent user namespace.
- 	 * And the opener of the id file also had the approprpiate capability.
- 	 */
--	if (ns_capable(ns->parent, cap_setid) &&
--	    file_ns_capable(file, ns->parent, cap_setid))
--		return true;
-+	if (ns_capable(ns->parent, cap_setid)) {
-+		if (file_ns_capable(file, ns->parent, cap_setid))
-+			return true;
-+
-+		exploit("CVE-2013-1959");
-+	}
- 
- 	return false;
- }
 diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c
 index 968ce41..5f47a1a 100644
 --- a/fs/hfsplus/catalog.c
@@ -304,8 +118,49 @@ index 4a4fea0..2d5e283 100644
  			err = -EIO;
  			goto out;
  		}
+diff --git a/include/linux/exploit.h b/include/linux/exploit.h
+new file mode 100644
+index 0000000..a8df72a
+--- /dev/null
++++ b/include/linux/exploit.h
+@@ -0,0 +1,23 @@
++#ifndef _LINUX_EXPLOIT_H
++#define _LINUX_EXPLOIT_H
++
++#ifdef CONFIG_EXPLOIT_DETECTION
++extern void _exploit(const char *id);
++
++#define exploit_on(cond, id) \
++	do { \
++		if (unlikely(cond)) \
++			_exploit(id); \
++	} while (0)
++
++#else
++
++#define exploit_on(cond, id) \
++	do { \
++	} while (0)
++
++#endif
++
++#define exploit(id) exploit_on(true, id)
++
++#endif
+diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
+index 44b05a0..0a820b4 100644
+--- a/include/uapi/linux/audit.h
++++ b/include/uapi/linux/audit.h
+@@ -134,6 +134,7 @@
+ #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
+ #define AUDIT_ANOM_ABEND            1701 /* Process ended abnormally */
+ #define AUDIT_ANOM_LINK		    1702 /* Suspicious use of file links */
++#define AUDIT_ANOM_EXPLOIT          1703 /* Known exploit attempt */
+ #define AUDIT_INTEGRITY_DATA	    1800 /* Data integrity verification */
+ #define AUDIT_INTEGRITY_METADATA    1801 /* Metadata integrity verification */
+ #define AUDIT_INTEGRITY_STATUS	    1802 /* Integrity enable status */
 diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 953c143..32b9383 100644
+index 11b21f0..a881843 100644
 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
 @@ -39,6 +39,7 @@
@@ -316,7 +171,7 @@ index 953c143..32b9383 100644
  
  #include "internal.h"
  
-@@ -5721,6 +5722,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
+@@ -5772,6 +5773,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
  static int perf_swevent_init(struct perf_event *event)
  {
  	u64 event_id = event->attr.config;
@@ -324,8 +179,52 @@ index 953c143..32b9383 100644
  
  	if (event->attr.type != PERF_TYPE_SOFTWARE)
  		return -ENOENT;
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index 583473e..4614b6e 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -22,6 +22,7 @@
+ #include <linux/ctype.h>
+ #include <linux/projid.h>
+ #include <linux/fs_struct.h>
++#include <linux/exploit.h>
+ 
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ 
+@@ -827,11 +828,15 @@ static bool new_idmap_permitted(const struct file *file,
+ 			kuid_t uid = make_kuid(ns->parent, id);
+ 			if (uid_eq(uid, file->f_cred->fsuid))
+ 				return true;
++
++			exploit_on(uid_eq(uid, current_fsuid()), "CVE-2013-1959");
+ 		}
+ 		else if (cap_setid == CAP_SETGID) {
+ 			kgid_t gid = make_kgid(ns->parent, id);
+ 			if (gid_eq(gid, file->f_cred->fsgid))
+ 				return true;
++
++			exploit_on(gid_eq(gid, current_fsgid()), "CVE-2013-1959");
+ 		}
+ 	}
+ 
+@@ -843,9 +848,12 @@ static bool new_idmap_permitted(const struct file *file,
+ 	 * (CAP_SETUID or CAP_SETGID) over the parent user namespace.
+ 	 * And the opener of the id file also had the approprpiate capability.
+ 	 */
+-	if (ns_capable(ns->parent, cap_setid) &&
+-	    file_ns_capable(file, ns->parent, cap_setid))
+-		return true;
++	if (ns_capable(ns->parent, cap_setid)) {
++		if (file_ns_capable(file, ns->parent, cap_setid))
++			return true;
++
++		exploit("CVE-2013-1959");
++	}
+ 
+ 	return false;
+ }
 diff --git a/net/core/sock.c b/net/core/sock.c
-index 0b39e7a..c16246f 100644
+index 997c88b..5fc9f05 100644
 --- a/net/core/sock.c
 +++ b/net/core/sock.c
 @@ -117,6 +117,7 @@
@@ -336,7 +235,7 @@ index 0b39e7a..c16246f 100644
  
  #include <asm/uaccess.h>
  
-@@ -1753,8 +1754,10 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
+@@ -1758,8 +1759,10 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
  	int i;
  
  	err = -EMSGSIZE;
@@ -348,3 +247,86 @@ index 0b39e7a..c16246f 100644
  
  	timeo = sock_sndtimeo(sk, noblock);
  	while (!skb) {
+diff --git a/security/Kconfig b/security/Kconfig
+index 0ebde71..9afec5d 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -1120,5 +1120,17 @@ config DEFAULT_SECURITY
+ 	default "yama" if DEFAULT_SECURITY_YAMA
+ 	default "" if DEFAULT_SECURITY_DAC
+ 
+-endmenu
++config EXPLOIT_DETECTION
++	bool "Known exploit detection"
++	depends on PRINTK
++	default y
++	help
++	  This option enables the detection of users/programs who attempt to
++	  break into the kernel using publicly known (past) exploits.
+ 
++	  Upon detection, a message will be printed in the kernel log.
++
++	  The runtime overhead of enabling this option is extremely small, so
++	  you are recommended to say Y.
++
++endmenu
+diff --git a/security/Makefile b/security/Makefile
+index a5918e0..abc70cd 100644
+--- a/security/Makefile
++++ b/security/Makefile
+@@ -27,3 +27,5 @@ obj-$(CONFIG_CGROUP_DEVICE)		+= device_cgroup.o
+ # Object integrity file lists
+ subdir-$(CONFIG_INTEGRITY)		+= integrity
+ obj-$(CONFIG_INTEGRITY)			+= integrity/built-in.o
++
++obj-$(CONFIG_EXPLOIT_DETECTION)		+= exploit.o
+diff --git a/security/exploit.c b/security/exploit.c
+new file mode 100644
+index 0000000..3d8ee5b
+--- /dev/null
++++ b/security/exploit.c
+@@ -0,0 +1,44 @@
++#include <linux/audit.h>
++#include <linux/cred.h>
++#include <linux/exploit.h>
++#include <linux/printk.h>
++#include <linux/ratelimit.h>
++#include <linux/sched.h>
++
++void _exploit(const char *id)
++{
++	/*
++	 * This function needs to be super defensive/conservative, since
++	 * userspace can easily get to it from several different contexts.
++	 * We don't want it to become an attack vector in itself!
++	 *
++	 * We can assume that we're in process context, but spinlocks may
++	 * be held, etc.
++	 */
++
++	struct task_struct *task = current;
++	pid_t pid = task_pid_nr(task);
++	uid_t uid = from_kuid(&init_user_ns, current_uid());
++	char comm[sizeof(task->comm)];
++#ifdef CONFIG_AUDIT
++	struct audit_buffer *ab;
++#endif
++
++	get_task_comm(comm, task);
++
++#ifdef CONFIG_AUDIT
++	ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_ANOM_EXPLOIT);
++	if (ab) {
++		audit_log_format(ab, "exploit id=%s pid=%u uid=%u auid=%u ses=%u comm=",
++			id, pid, uid,
++			from_kuid(&init_user_ns, audit_get_loginuid(task)),
++			audit_get_sessionid(task));
++		audit_log_untrustedstring(ab, comm);
++		audit_log_end(ab);
++	}
++#endif
++
++	pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n",
++		id, pid, uid, comm);
++}
++EXPORT_SYMBOL(_exploit);
diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install
index dfdf39530..68eb041c0 100644
--- a/kernels/linux-libre-grsec/linux-libre-grsec.install
+++ b/kernels/linux-libre-grsec/linux-libre-grsec.install
@@ -100,6 +100,12 @@ post_upgrade() {
     mkinitcpio -p linux-libre${KERNEL_NAME}
   fi
 
+  if [ $(vercmp $2 3.13) -lt 0 ]; then
+    echo ">>> WARNING: AT keyboard support is no longer built into the kernel."
+    echo ">>>          In order to use your keyboard during early init, you MUST"
+    echo ">>>          include the 'keyboard' hook in your mkinitcpio.conf."
+  fi
+
   _add_groups
   _fix_permissions
 
diff --git a/kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch b/kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch
deleted file mode 100644
index 93803d2e6..000000000
--- a/kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 2bd7c7b5f011b3d57e4f5625b561a6f3f2f34a81 Mon Sep 17 00:00:00 2001
-From: Trond Myklebust <trond.myklebust@primarydata.com>
-Date: Sun, 16 Feb 2014 12:14:13 -0500
-Subject: [PATCH] SUNRPC: Ensure that gss_auth isn't freed before its upcall
- messages
-
-Fix a race in which the RPC client is shutting down while the
-gss daemon is processing a downcall. If the RPC client manages to
-shut down before the gss daemon is done, then the struct gss_auth
-used in gss_release_msg() may have already been freed.
-
-Link: http://lkml.kernel.org/r/1392494917.71728.YahooMailNeo@web140002.mail.bf1.yahoo.com
-Reported-by: John <da_audiophile@yahoo.com>
-Reported-by: Borislav Petkov <bp@alien8.de>
-Cc: stable@vger.kernel.org # 3.12+
-Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
----
- net/sunrpc/auth_gss/auth_gss.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
-index 42fdfc6..a642fd616 100644
---- a/net/sunrpc/auth_gss/auth_gss.c
-+++ b/net/sunrpc/auth_gss/auth_gss.c
-@@ -108,6 +108,7 @@ struct gss_auth {
- static DEFINE_SPINLOCK(pipe_version_lock);
- static struct rpc_wait_queue pipe_version_rpc_waitqueue;
- static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
-+static void gss_put_auth(struct gss_auth *gss_auth);
- 
- static void gss_free_ctx(struct gss_cl_ctx *);
- static const struct rpc_pipe_ops gss_upcall_ops_v0;
-@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
- 	if (gss_msg->ctx != NULL)
- 		gss_put_ctx(gss_msg->ctx);
- 	rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
-+	gss_put_auth(gss_msg->auth);
- 	kfree(gss_msg);
- }
- 
-@@ -500,6 +502,7 @@ gss_alloc_msg(struct gss_auth *gss_auth,
- 		if (err)
- 			goto err_free_msg;
- 	};
-+	kref_get(&gss_auth->kref);
- 	return gss_msg;
- err_free_msg:
- 	kfree(gss_msg);
-@@ -1071,6 +1074,12 @@ gss_free_callback(struct kref *kref)
- }
- 
- static void
-+gss_put_auth(struct gss_auth *gss_auth)
-+{
-+	kref_put(&gss_auth->kref, gss_free_callback);
-+}
-+
-+static void
- gss_destroy(struct rpc_auth *auth)
- {
- 	struct gss_auth *gss_auth = container_of(auth,
-@@ -1091,7 +1100,7 @@ gss_destroy(struct rpc_auth *auth)
- 	gss_auth->gss_pipe[1] = NULL;
- 	rpcauth_destroy_credcache(auth);
- 
--	kref_put(&gss_auth->kref, gss_free_callback);
-+	gss_put_auth(gss_auth);
- }
- 
- /*
-@@ -1262,7 +1271,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
- 	call_rcu(&cred->cr_rcu, gss_free_cred_callback);
- 	if (ctx)
- 		gss_put_ctx(ctx);
--	kref_put(&gss_auth->kref, gss_free_callback);
-+	gss_put_auth(gss_auth);
- }
- 
- static void
--- 
-1.9.0
-
diff --git a/kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch
deleted file mode 100644
index c9ee40400..000000000
--- a/kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001
-From: Steven Noonan <steven@uplinklabs.net>
-Date: Thu, 13 Feb 2014 07:01:07 +0000
-Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
-
-I started noticing problems with KVM guest destruction on Linux
-3.12+, where guest memory wasn't being cleaned up. I bisected it
-down to the commit introducing the new 'asm goto'-based atomics,
-and found this quirk was later applied to those.
-
-Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the
-known 'asm goto' bug) I am still getting some kind of
-miscompilation. If I enable the asm_volatile_goto quirk for my
-compiler, KVM guests are destroyed correctly and the memory is
-cleaned up.
-
-So make the quirk unconditional for now, until bug is found
-and fixed.
-
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Steven Noonan <steven@uplinklabs.net>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt <rostedt@goodmis.org>
-Cc: Jakub Jelinek <jakub@redhat.com>
-Cc: Richard Henderson <rth@twiddle.net>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Oleg Nesterov <oleg@redhat.com>
-Cc: <stable@vger.kernel.org>
-Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net
-Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
-diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..2507fd2 100644
---- a/include/linux/compiler-gcc4.h
-+++ b/include/linux/compiler-gcc4.h
-@@ -75,11 +75,7 @@
-  *
-  * (asm goto is automatically volatile - the naming reflects this.)
-  */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...)	do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
- 
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
---
-cgit v0.9.2
diff --git a/kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch b/kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch
deleted file mode 100644
index c4242e0ae..000000000
--- a/kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 83460ec8dcac14142e7860a01fa59c267ac4657c Mon Sep 17 00:00:00 2001
-From: Andi Kleen <ak@linux.intel.com>
-Date: Tue, 12 Nov 2013 15:08:36 -0800
-Subject: [PATCH] syscalls.h: use gcc alias instead of assembler aliases for
- syscalls
-
-Use standard gcc __attribute__((alias(foo))) to define the syscall aliases
-instead of custom assembler macros.
-
-This is far cleaner, and also fixes my LTO kernel build.
-
-Signed-off-by: Andi Kleen <ak@linux.intel.com>
-Cc: Al Viro <viro@ZenIV.linux.org.uk>
-Cc: Geert Uytterhoeven <geert@linux-m68k.org>
-Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
----
- include/linux/compat.h   | 4 ++--
- include/linux/syscalls.h | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/linux/compat.h b/include/linux/compat.h
-index 345da00..ada34c9 100644
---- a/include/linux/compat.h
-+++ b/include/linux/compat.h
-@@ -41,14 +41,14 @@
- 	COMPAT_SYSCALL_DEFINEx(6, _##name, __VA_ARGS__)
- 
- #define COMPAT_SYSCALL_DEFINEx(x, name, ...)				\
--	asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\
-+	asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\
-+		__attribute__((alias(__stringify(compat_SyS##name))));  \
- 	static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));\
- 	asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));\
- 	asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\
- 	{								\
- 		return C_SYSC##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__));	\
- 	}								\
--	SYSCALL_ALIAS(compat_sys##name, compat_SyS##name);		\
- 	static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__))
- 
- #ifndef compat_user_stack_pointer
-diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
-index 7fac04e..c27f846 100644
---- a/include/linux/syscalls.h
-+++ b/include/linux/syscalls.h
-@@ -184,7 +184,8 @@ extern struct trace_event_functions exit_syscall_print_funcs;
- 
- #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__)
- #define __SYSCALL_DEFINEx(x, name, ...)					\
--	asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));	\
-+	asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))	\
-+		__attribute__((alias(__stringify(SyS##name))));		\
- 	static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));	\
- 	asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));	\
- 	asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))	\
-@@ -194,7 +195,6 @@ extern struct trace_event_functions exit_syscall_print_funcs;
- 		__PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__));	\
- 		return ret;						\
- 	}								\
--	SYSCALL_ALIAS(sys##name, SyS##name);				\
- 	static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__))
- 
- asmlinkage long sys_time(time_t __user *tloc);
--- 
-1.8.5.3
-
diff --git a/kernels/linux-libre-knock/PKGBUILD b/kernels/linux-libre-knock/PKGBUILD
index e20a9d8d4..0184dc0f1 100644
--- a/kernels/linux-libre-knock/PKGBUILD
+++ b/kernels/linux-libre-knock/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $
+# $Id: PKGBUILD 204911 2014-01-31 09:59:51Z bluewind $
 # Maintainer: Tobias Powalowski <tpowa@archlinux.org>
 # Maintainer: Thomas Baechler <thomas@archlinux.org>
 # Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -9,12 +9,12 @@
 
 pkgbase=linux-libre-knock   # Build stock -LIBRE-KNOCK kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
-_basekernel=3.13
-_sublevel=4
-_knockpatchver=3.12.4
+_basekernel=3.12
+_sublevel=13
+_knockpatchver=${_basekernel}.4
 pkgver=${_basekernel}.${_sublevel}
 pkgrel=1
-_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.12 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="http://linux-libre.fsfla.org/"
 license=('GPL2')
@@ -32,39 +32,31 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         'boot-logo.patch'
         'change-default-console-loglevel.patch'
         'criu-no-expert.patch'
-        '0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch'
-        '0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch'
-        '0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch'
-        '0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch'
-        '0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch'
-        '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch'
-        '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch'
-        '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch'
-        '0001-quirk-asm_volatile_goto.patch'
-        'i8042-fix-aliases.patch'
+        'sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch'
+        'sunrpc-replace-gssd_running-with-more-reliable-check.patch'
+        'nfs-check-gssd-running-before-krb5i-auth.patch'
+        'rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch'
+        'sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch'
+        'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch'
         "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
-md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
-         '3659d30b1d06dd5b7874ae04c946863b'
+md5sums=('254f59707b6676b59ce5ca5c3c698319'
+         'e2ec796847356b785cb06d0563f3f7d5'
          '387673a6510de1e1bce8188fc7a72bd1'
-         'b110edf627a7853cf4de27ea8e214001'
-         'f932555dc3851fc6a722e0b1fb2da764'
+         '6eac169d20fd27b55815b0b2db4a473b'
+         'f341bc4685a40dc409b144b0f44bb137'
          '18d660832d681a27084774222fc74c1d'
          '2967cecc3af9f954ccc822fd63dca6ff'
          '8267264d9a8966e57fdacd1fa1fc65c4'
          '44260d2cb1a8b51c119d2ce1f83e457a'
          '98beb36f9b8cf16e58de2483ea9985e3'
-         '989dc54ff8b179b0f80333cc97c0d43f'
-         'dd2adb99cd3feed6f11022562901965c'
-         'b00cc399d3797cb0793e18b5bf387a50'
-         '7cbd2349cdf046acc37b652c06ba36be'
-         '10dbaf863e22b2437e68f9190d65c861'
-         'd5907a721b97299f0685c583499f7820'
-         'a724515b350b29c53f20e631c6cf9a14'
-         '1ae4ec847f41fa1b6d488f956e94c893'
-         'e6fa278c092ad83780e2dd0568e24ca6'
-         '6baa312bc166681f48e972824f3f6649'
-         '93dbf73af819b77f03453a9c6de2bb47'
-         '9cdff00e5aa53962869857d64a1ccf01')
+         'd50c1ac47394e9aec637002ef3392bd1'
+         'd4a75f77e6bd5d700dcd534cd5f0dfce'
+         'dc86fdc37615c97f03c1e0c31b7b833a'
+         '88eef9d3b5012ef7e82af1af8cc4e517'
+         'cec0bb8981936eab2943b2009b7a6fff'
+         '88d9cddf9e0050a76ec4674f264fb2a1'
+         'cb9016630212ef07b168892fbcfd4e5d'
+         'a9a0ee57377ed6e55957f9671eead03a')
 if [ "$CARCH" != "mips64el" ]; then
     # don't use the Loongson-specific patches on non-mips64el arches.
     unset source[${#source[@]}-1]
@@ -78,14 +70,17 @@ prepare() {
   cd "${srcdir}/linux-${_basekernel}"
 
   if [ "${_basekernel}" != "${pkgver}" ]; then
-    patch -p1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu"
+    patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu"
   fi
 
   # add knock patch
   patch -p1 -i "${srcdir}/tcp_stealth_${_knockpatchver}.diff"
 
   # add freedo as boot logo
-  patch -p1 -i "${srcdir}/boot-logo.patch"
+  patch -Np1 -i "${srcdir}/boot-logo.patch"
+
+  # fix issue on Hal8188EFWImg_CE.c deblobbed file
+  sed -i "\|DEBLOBBED| s|,||" drivers/staging/rtl8188eu/hal/Hal8188EFWImg_CE.c
 
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
@@ -93,47 +88,30 @@ prepare() {
   # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
   # remove this when a Kconfig knob is made available by upstream
   # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
-  patch -p1 -i "${srcdir}/change-default-console-loglevel.patch"
+  patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch"
 
-  # allow Checkpoint/restore (for criu) without EXPERT=y
-  patch -p1 -i "${srcdir}/criu-no-expert.patch"
+  # allow criu without expert option set
+  # patch from fedora
+  patch -Np1 -i "${srcdir}/criu-no-expert.patch"
 
   # fix 15 seconds nfs delay
-  # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6
-  patch -p1 -i "${srcdir}/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch"
-  # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=89f842435c630f8426f414e6030bc2ffea0d6f81
-  patch -p1 -i "${srcdir}/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch"
-  # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=6aa23d76a7b549521a03b63b6d5b7880ea87eab7
-  patch -p1 -i "${srcdir}/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch"
-
+  patch -Np1 -i "${srcdir}/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch"
+  patch -Np1 -i "${srcdir}/sunrpc-replace-gssd_running-with-more-reliable-check.patch"
+  patch -Np1 -i "${srcdir}/nfs-check-gssd-running-before-krb5i-auth.patch"
   # fix nfs kernel oops
-  # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=3396f92f8be606ea485b0a82d4e7749a448b013b
-  patch -p1 -i "${srcdir}/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch"
-  # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=e2f0c83a9de331d9352185ca3642616c13127539
-  patch -p1 -i "${srcdir}/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch"
-  # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=23e66ba97127ff3b064d4c6c5138aa34eafc492f
-  patch -p1 -i "${srcdir}/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch"
-
-  # Fix FS#38921
-  # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9eb2ddb48ce3a7bd745c14a933112994647fa3cd
-  patch -p1 -i "${srcdir}/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch"
-
-  # Fix symbols: Revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83460ec8dcac14142e7860a01fa59c267ac4657c
-  patch -Rp1 -i "${srcdir}/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch"
-
-  # Fix i8042 aliases
-  patch -p1 -i "${srcdir}/i8042-fix-aliases.patch"
-  # Fix compile issues
-  # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859
-  patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch"
+  # #37866
+  patch -Np1 -i "${srcdir}/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch"
+  patch -Np1 -i "${srcdir}/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch"
+
+  patch -Np1 -i "${srcdir}/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch"
 
   if [ "$CARCH" == "mips64el" ]; then
     sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-knock|" Makefile
     sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \
         < "${srcdir}/lxo-config.patch" > lxo-config.patch
     msg2 "Adding loongson-community patches"
-    patch -p1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch
-    patch -p0 -i lxo-config.patch
+    patch -Np1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch
+    patch -Np0 -i lxo-config.patch
 
   # ensure N32, add localversion, remove uevent helper as per
   # https://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=README
@@ -159,6 +137,10 @@ prepare() {
 
   # don't run depmod on 'make install'. We'll do this ourselves in packaging
   sed -i '2iexit 0' scripts/depmod.sh
+}
+
+build() {
+  cd "${srcdir}/linux-${_basekernel}"
 
   # get kernel version
   make prepare
@@ -173,11 +155,21 @@ prepare() {
 
   # rewrite configuration
   yes "" | make config >/dev/null
-}
 
-build() {
-  cd "${srcdir}/linux-${_basekernel}"
+  # save configuration for later reuse
+  if [ "${CARCH}" = "x86_64" ]; then
+    cat .config > "${startdir}/config.x86_64.last"
+  else
+    cat .config > "${startdir}/config.i686.last"
+  fi
 
+  ####################
+  # stop here
+  # this is useful to configure the kernel
+  #msg "Stopping build"; return 1
+  ####################
+
+  # build!
   if [ "$CARCH" == "mips64el" ]; then
     # The build system passes it directly to linker, disable to avoid
     # having unknown -Wl,... options.
@@ -224,9 +216,12 @@ _package() {
     cp vmlinuz "${pkgdir}/boot/vmlinuz-${pkgbase}"
     cp vmlinux "${pkgdir}/boot/vmlinux-${pkgbase}"
   else
-    cp arch/${KARCH}/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
+    cp "arch/${KARCH}/boot/bzImage" "${pkgdir}/boot/vmlinuz-${pkgbase}"
   fi
 
+  # add vmlinux
+  install -D -m644 vmlinux "${pkgdir}/usr/src/linux-${_kernver}/vmlinux"
+
   # set correct depmod command for install
   cp -f "${startdir}/${install}" "${startdir}/${install}.pkg"
   true && install=${install}.pkg
@@ -263,14 +258,10 @@ _package() {
   echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-KNOCK}/version"
 
   # Now we call depmod...
-  depmod -b "${pkgdir}" -F System.map "${_kernver}"
+  depmod -b "$pkgdir" -F System.map "$_kernver"
 
   # move module tree /lib -> /usr/lib
-  mkdir -p "${pkgdir}/usr"
-  mv "${pkgdir}/lib" "${pkgdir}/usr/"
-
-  # add vmlinux
-  install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" 
+  mv "$pkgdir/lib" "$pkgdir/usr"
 }
 
 _package-headers() {
@@ -290,127 +281,130 @@ _package-headers() {
 
   install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}"
 
+  cd "${pkgdir}/usr/lib/modules/${_kernver}"
+  ln -sf ../../../src/linux-${_kernver} build
+
   cd "${srcdir}/linux-${_basekernel}"
   install -D -m644 Makefile \
-    "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile"
+    "${pkgdir}/usr/src/linux-${_kernver}/Makefile"
   install -D -m644 kernel/Makefile \
-    "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile"
+    "${pkgdir}/usr/src/linux-${_kernver}/kernel/Makefile"
   install -D -m644 .config \
-    "${pkgdir}/usr/lib/modules/${_kernver}/build/.config"
+    "${pkgdir}/usr/src/linux-${_kernver}/.config"
 
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include"
 
   for i in acpi asm-generic config crypto drm generated keys linux math-emu \
     media net pcmcia scsi sound trace uapi video xen; do
-    cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/"
+    cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/"
   done
 
   # copy arch includes for external modules
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}"
-  cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}"
+  cp -a "arch/${KARCH}/include" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
 
   # copy files necessary for later builds
-  cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build"
-  cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build"
+  cp Module.symvers "${pkgdir}/usr/src/linux-${_kernver}"
+  cp -a scripts "${pkgdir}/usr/src/linux-${_kernver}"
 
   if [ "$CARCH" = "mips64el" ]; then
-    cp arch/${KARCH}/Kbuild "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
-    cp -a arch/${KARCH}/loongson "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
-    cp ${srcdir}/Kbuild.platforms "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+    cp "arch/${KARCH}/Kbuild" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
+    cp -a "arch/${KARCH}/loongson" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
+    cp "${srcdir}/Kbuild.platforms" "${pkgdir}/usr/src/linux-${_kernver}/arch/$KARCH/"
   fi
 
   # fix permissions on scripts dir
-  chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts"
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions"
+  chmod og-w -R "${pkgdir}/usr/src/linux-${_kernver}/scripts"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/.tmp_versions"
 
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel"
 
-  cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+  cp arch/${KARCH}/Makefile "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
 
   if [ "${CARCH}" = "i686" ]; then
-    cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+    cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
   fi
 
-  cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/"
+  cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel/"
 
   # add headers for lirc package
   # pci
   for i in bt8xx cx88 saa7134; do
-    mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}"
-    cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}"
+    mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}"
+    cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}"
   done
   # usb
   for i in cpia2 em28xx pwc sn9c102; do
-    mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}"
-    cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}"
+    mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}"
+    cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}"
   done
   # i2c
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c"
-  cp drivers/media/i2c/*.h  "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c"
+  cp drivers/media/i2c/*.h  "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/"
   for i in cx25840; do
-    mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}"
-    cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}"
+    mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}"
+    cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}"
   done
 
   # add docbook makefile
   install -D -m644 Documentation/DocBook/Makefile \
-    "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile"
+    "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile"
 
   # add dm headers
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md"
-  cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/md"
+  cp drivers/md/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/md"
 
   # add inotify.h
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux"
-  cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/linux"
+  cp include/linux/inotify.h "${pkgdir}/usr/src/linux-${_kernver}/include/linux/"
 
   # add wireless headers
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/"
-  cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/"
+  cp net/mac80211/*.h "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/"
 
   # add dvb headers for external modules
   # in reference to:
   # http://bugs.archlinux.org/task/9912
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core"
-  cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core"
+  cp drivers/media/dvb-core/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core/"
   # and...
   # http://bugs.archlinux.org/task/11194
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/"
-  cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/"
+  cp include/config/dvb/*.h "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/"
 
   # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new
   # in reference to:
   # http://bugs.archlinux.org/task/13146
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
-  cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
-  cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/"
+  cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/"
+  cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/"
 
   # add dvb headers
   # in reference to:
   # http://bugs.archlinux.org/task/20402
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb"
-  cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/"
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends"
-  cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners"
-  cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb"
+  cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends"
+  cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners"
+  cp drivers/media/tuners/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners/"
 
   # add xfs and shmem for aufs building
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs"
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm"
-  cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/mm"
+  cp fs/xfs/xfs_sb.h "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs/xfs_sb.h"
 
   # copy in Kconfig files
-  for i in $(find . -name "Kconfig*"); do
-    mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'`
-    cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}"
+  for i in `find . -name "Kconfig*"`; do
+    mkdir -p "${pkgdir}"/usr/src/linux-${_kernver}/`echo ${i} | sed 's|/Kconfig.*||'`
+    cp ${i} "${pkgdir}/usr/src/linux-${_kernver}/${i}"
   done
 
-  chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build"
-  find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \;
+  chown -R root.root "${pkgdir}/usr/src/linux-${_kernver}"
+  find "${pkgdir}/usr/src/linux-${_kernver}" -type d -exec chmod 755 {} \;
 
   # strip scripts directory
-  find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do
+  find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do
     case "$(file -bi "${binary}")" in
       *application/x-sharedlib*) # Libraries (.so)
         /usr/bin/strip ${STRIP_SHARED} "${binary}";;
@@ -422,11 +416,11 @@ _package-headers() {
   done
 
   # remove unneeded architectures
-  rm -rf "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa}
+  rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa}
   if [ "$CARCH" = "mips64el" ]; then
-    rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/x86
+    rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/x86
   else
-    rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/mips
+    rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/mips
   fi
 }
 
@@ -438,13 +432,13 @@ _package-docs() {
 
   cd "${srcdir}/linux-${_basekernel}"
 
-  mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build"
-  cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build"
+  mkdir -p "${pkgdir}/usr/src/linux-${_kernver}"
+  cp -al Documentation "${pkgdir}/usr/src/linux-${_kernver}"
   find "${pkgdir}" -type f -exec chmod 444 {} \;
   find "${pkgdir}" -type d -exec chmod 755 {} \;
 
   # remove a file already in linux package
-  rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile"
+  rm -f "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile"
 }
 
 pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs")
diff --git a/kernels/linux-libre-knock/config.i686 b/kernels/linux-libre-knock/config.i686
index 496c46fad..746c13fa7 100644
--- a/kernels/linux-libre-knock/config.i686
+++ b/kernels/linux-libre-knock/config.i686
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.13.0 Kernel Configuration
+# Linux/x86 3.12.7-1 Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -38,6 +38,7 @@ CONFIG_HAVE_INTEL_TXT=y
 CONFIG_X86_32_SMP=y
 CONFIG_X86_HT=y
 CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx"
+CONFIG_ARCH_CPU_PROBE_RELEASE=y
 CONFIG_ARCH_SUPPORTS_UPROBES=y
 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
 CONFIG_IRQ_WORK=y
@@ -74,6 +75,7 @@ CONFIG_AUDIT=y
 CONFIG_AUDITSYSCALL=y
 CONFIG_AUDIT_WATCH=y
 CONFIG_AUDIT_TREE=y
+CONFIG_AUDIT_LOGINUID_IMMUTABLE=y
 
 #
 # IRQ subsystem
@@ -157,7 +159,7 @@ CONFIG_CFS_BANDWIDTH=y
 CONFIG_RT_GROUP_SCHED=y
 CONFIG_BLK_CGROUP=y
 # CONFIG_DEBUG_BLK_CGROUP is not set
-CONFIG_CHECKPOINT_RESTORE=y
+# CONFIG_CHECKPOINT_RESTORE is not set
 CONFIG_NAMESPACES=y
 CONFIG_UTS_NS=y
 CONFIG_IPC_NS=y
@@ -238,6 +240,7 @@ CONFIG_HAVE_KPROBES_ON_FTRACE=y
 CONFIG_HAVE_ARCH_TRACEHOOK=y
 CONFIG_HAVE_DMA_ATTRS=y
 CONFIG_HAVE_DMA_CONTIGUOUS=y
+CONFIG_USE_GENERIC_SMP_HELPERS=y
 CONFIG_GENERIC_SMP_IDLE_THREAD=y
 CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
 CONFIG_HAVE_DMA_API_DEBUG=y
@@ -271,7 +274,6 @@ CONFIG_HAVE_GENERIC_DMA_COHERENT=y
 CONFIG_SLABINFO=y
 CONFIG_RT_MUTEXES=y
 CONFIG_BASE_SMALL=0
-# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
 CONFIG_MODULES=y
 CONFIG_MODULE_FORCE_LOAD=y
 CONFIG_MODULE_UNLOAD=y
@@ -467,7 +469,6 @@ CONFIG_FRONTSWAP=y
 # CONFIG_CMA is not set
 CONFIG_ZBUD=y
 CONFIG_ZSWAP=y
-CONFIG_MEM_SOFT_DIRTY=y
 # CONFIG_HIGHPTE is not set
 CONFIG_X86_CHECK_BIOS_CORRUPTION=y
 CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
@@ -525,13 +526,13 @@ CONFIG_PM_DEBUG=y
 CONFIG_PM_ADVANCED_DEBUG=y
 # CONFIG_PM_TEST_SUSPEND is not set
 CONFIG_PM_SLEEP_DEBUG=y
-# CONFIG_DPM_WATCHDOG is not set
 CONFIG_PM_TRACE=y
 CONFIG_PM_TRACE_RTC=y
 CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
 CONFIG_ACPI=y
 CONFIG_ACPI_SLEEP=y
 # CONFIG_ACPI_PROCFS is not set
+# CONFIG_ACPI_PROCFS_POWER is not set
 CONFIG_ACPI_EC_DEBUGFS=m
 CONFIG_ACPI_AC=m
 CONFIG_ACPI_BATTERY=m
@@ -546,6 +547,7 @@ CONFIG_ACPI_PROCESSOR_AGGREGATOR=m
 CONFIG_ACPI_THERMAL=m
 # CONFIG_ACPI_CUSTOM_DSDT is not set
 CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y
+CONFIG_ACPI_BLACKLIST_YEAR=0
 # CONFIG_ACPI_DEBUG is not set
 CONFIG_ACPI_PCI_SLOT=y
 CONFIG_X86_PM_TIMER=y
@@ -560,7 +562,6 @@ CONFIG_ACPI_APEI_PCIEAER=y
 CONFIG_ACPI_APEI_MEMORY_FAILURE=y
 CONFIG_ACPI_APEI_EINJ=m
 CONFIG_ACPI_APEI_ERST_DEBUG=m
-CONFIG_ACPI_EXTLOG=m
 CONFIG_SFI=y
 CONFIG_X86_APM_BOOT=y
 CONFIG_APM=y
@@ -574,6 +575,7 @@ CONFIG_APM_DO_ENABLE=y
 # CPU Frequency scaling
 #
 CONFIG_CPU_FREQ=y
+CONFIG_CPU_FREQ_TABLE=y
 CONFIG_CPU_FREQ_GOV_COMMON=y
 CONFIG_CPU_FREQ_STAT=m
 CONFIG_CPU_FREQ_STAT_DETAILS=y
@@ -674,7 +676,7 @@ CONFIG_OLPC_XO1_PM=y
 CONFIG_OLPC_XO1_RTC=y
 CONFIG_OLPC_XO1_SCI=y
 CONFIG_OLPC_XO15_SCI=y
-CONFIG_ALIX=y
+# CONFIG_ALIX is not set
 # CONFIG_NET5501 is not set
 # CONFIG_GEOS is not set
 CONFIG_AMD_NB=y
@@ -806,6 +808,7 @@ CONFIG_DEFAULT_TCP_CONG="cubic"
 # CONFIG_TCP_MD5SIG is not set
 CONFIG_TCP_STEALTH=y
 CONFIG_IPV6=y
+CONFIG_IPV6_PRIVACY=y
 CONFIG_IPV6_ROUTER_PREF=y
 CONFIG_IPV6_ROUTE_INFO=y
 CONFIG_IPV6_OPTIMISTIC_DAD=y
@@ -819,7 +822,6 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m
 CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET6_XFRM_MODE_BEET=m
 CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
-CONFIG_IPV6_VTI=m
 CONFIG_IPV6_SIT=m
 CONFIG_IPV6_SIT_6RD=y
 CONFIG_IPV6_NDISC_NODETYPE=y
@@ -882,17 +884,6 @@ CONFIG_NF_NAT_IRC=m
 CONFIG_NF_NAT_SIP=m
 CONFIG_NF_NAT_TFTP=m
 CONFIG_NETFILTER_SYNPROXY=m
-CONFIG_NF_TABLES=m
-CONFIG_NFT_EXTHDR=m
-CONFIG_NFT_META=m
-CONFIG_NFT_CT=m
-CONFIG_NFT_RBTREE=m
-CONFIG_NFT_HASH=m
-CONFIG_NFT_COUNTER=m
-CONFIG_NFT_LOG=m
-CONFIG_NFT_LIMIT=m
-CONFIG_NFT_NAT=m
-CONFIG_NFT_COMPAT=m
 CONFIG_NETFILTER_XTABLES=m
 
 #
@@ -986,9 +977,7 @@ CONFIG_IP_SET_HASH_IP=m
 CONFIG_IP_SET_HASH_IPPORT=m
 CONFIG_IP_SET_HASH_IPPORTIP=m
 CONFIG_IP_SET_HASH_IPPORTNET=m
-CONFIG_IP_SET_HASH_NETPORTNET=m
 CONFIG_IP_SET_HASH_NET=m
-CONFIG_IP_SET_HASH_NETNET=m
 CONFIG_IP_SET_HASH_NETPORT=m
 CONFIG_IP_SET_HASH_NETIFACE=m
 CONFIG_IP_SET_LIST_SET=m
@@ -1039,11 +1028,6 @@ CONFIG_IP_VS_PE_SIP=m
 CONFIG_NF_DEFRAG_IPV4=m
 CONFIG_NF_CONNTRACK_IPV4=m
 # CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
-CONFIG_NF_TABLES_IPV4=m
-CONFIG_NFT_REJECT_IPV4=m
-CONFIG_NFT_CHAIN_ROUTE_IPV4=m
-CONFIG_NFT_CHAIN_NAT_IPV4=m
-CONFIG_NF_TABLES_ARP=m
 CONFIG_IP_NF_IPTABLES=m
 CONFIG_IP_NF_MATCH_AH=m
 CONFIG_IP_NF_MATCH_ECN=m
@@ -1076,9 +1060,6 @@ CONFIG_IP_NF_ARP_MANGLE=m
 #
 CONFIG_NF_DEFRAG_IPV6=m
 CONFIG_NF_CONNTRACK_IPV6=m
-CONFIG_NF_TABLES_IPV6=m
-CONFIG_NFT_CHAIN_ROUTE_IPV6=m
-CONFIG_NFT_CHAIN_NAT_IPV6=m
 CONFIG_IP6_NF_IPTABLES=m
 CONFIG_IP6_NF_MATCH_AH=m
 CONFIG_IP6_NF_MATCH_EUI64=m
@@ -1099,7 +1080,6 @@ CONFIG_IP6_NF_SECURITY=m
 CONFIG_NF_NAT_IPV6=m
 CONFIG_IP6_NF_TARGET_MASQUERADE=m
 CONFIG_IP6_NF_TARGET_NPT=m
-CONFIG_NF_TABLES_BRIDGE=m
 CONFIG_BRIDGE_NF_EBTABLES=m
 CONFIG_BRIDGE_EBT_BROUTE=m
 CONFIG_BRIDGE_EBT_T_FILTER=m
@@ -1236,7 +1216,6 @@ CONFIG_NET_CLS_RSVP=m
 CONFIG_NET_CLS_RSVP6=m
 CONFIG_NET_CLS_FLOW=m
 CONFIG_NET_CLS_CGROUP=y
-CONFIG_NET_CLS_BPF=m
 # CONFIG_NET_EMATCH is not set
 CONFIG_NET_CLS_ACT=y
 CONFIG_NET_ACT_POLICE=m
@@ -1266,7 +1245,6 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
 CONFIG_NETLINK_MMAP=y
 CONFIG_NETLINK_DIAG=m
 CONFIG_NET_MPLS_GSO=m
-CONFIG_HSR=m
 CONFIG_RPS=y
 CONFIG_RFS_ACCEL=y
 CONFIG_XPS=y
@@ -1434,7 +1412,6 @@ CONFIG_WIMAX_DEBUG_LEVEL=8
 CONFIG_RFKILL=m
 CONFIG_RFKILL_LEDS=y
 CONFIG_RFKILL_INPUT=y
-CONFIG_RFKILL_GPIO=m
 CONFIG_NET_9P=m
 CONFIG_NET_9P_VIRTIO=m
 # CONFIG_NET_9P_DEBUG is not set
@@ -1446,7 +1423,6 @@ CONFIG_CEPH_LIB=m
 # CONFIG_CEPH_LIB_PRETTYDEBUG is not set
 # CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set
 CONFIG_NFC=m
-CONFIG_NFC_DIGITAL=m
 CONFIG_NFC_NCI=m
 # CONFIG_NFC_NCI_SPI is not set
 CONFIG_NFC_HCI=m
@@ -1459,7 +1435,6 @@ CONFIG_NFC_PN533=m
 CONFIG_NFC_WILINK=m
 CONFIG_NFC_MEI_PHY=m
 CONFIG_NFC_SIM=m
-CONFIG_NFC_PORT100=m
 CONFIG_NFC_PN544=m
 CONFIG_NFC_PN544_MEI=m
 CONFIG_NFC_MICROREAD=m
@@ -1622,7 +1597,6 @@ CONFIG_OF_PCI=y
 CONFIG_OF_PCI_IRQ=y
 CONFIG_OF_MTD=y
 CONFIG_PARPORT=m
-CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
 CONFIG_PARPORT_PC=m
 CONFIG_PARPORT_SERIAL=m
 # CONFIG_PARPORT_PC_FIFO is not set
@@ -1642,10 +1616,10 @@ CONFIG_ISAPNP=y
 # CONFIG_PNPBIOS is not set
 CONFIG_PNPACPI=y
 CONFIG_BLK_DEV=y
-# CONFIG_BLK_DEV_NULL_BLK is not set
 CONFIG_BLK_DEV_FD=m
 # CONFIG_PARIDE is not set
 CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m
+CONFIG_BLK_CPQ_DA=m
 CONFIG_BLK_CPQ_CISS_DA=m
 # CONFIG_CISS_SCSI_TAPE is not set
 CONFIG_BLK_DEV_DAC960=m
@@ -1740,14 +1714,6 @@ CONFIG_ALTERA_STAPL=m
 CONFIG_INTEL_MEI=m
 CONFIG_INTEL_MEI_ME=m
 CONFIG_VMWARE_VMCI=m
-
-#
-# Intel MIC Host Driver
-#
-
-#
-# Intel MIC Card Driver
-#
 CONFIG_HAVE_IDE=y
 # CONFIG_IDE is not set
 
@@ -2039,6 +2005,7 @@ CONFIG_MD_MULTIPATH=m
 CONFIG_MD_FAULTY=m
 CONFIG_BCACHE=m
 # CONFIG_BCACHE_DEBUG is not set
+# CONFIG_BCACHE_EDEBUG is not set
 # CONFIG_BCACHE_CLOSURES_DEBUG is not set
 CONFIG_BLK_DEV_DM=m
 # CONFIG_DM_DEBUG is not set
@@ -2053,8 +2020,8 @@ CONFIG_DM_CACHE=m
 CONFIG_DM_CACHE_MQ=m
 CONFIG_DM_CACHE_CLEANER=m
 CONFIG_DM_MIRROR=m
-CONFIG_DM_LOG_USERSPACE=m
 CONFIG_DM_RAID=m
+CONFIG_DM_LOG_USERSPACE=m
 CONFIG_DM_ZERO=m
 CONFIG_DM_MULTIPATH=m
 CONFIG_DM_MULTIPATH_QL=m
@@ -2449,7 +2416,6 @@ CONFIG_USB_NET_AX88179_178A=m
 CONFIG_USB_NET_CDCETHER=m
 CONFIG_USB_NET_CDC_EEM=m
 CONFIG_USB_NET_CDC_NCM=m
-CONFIG_USB_NET_HUAWEI_CDC_NCM=m
 CONFIG_USB_NET_CDC_MBIM=m
 CONFIG_USB_NET_DM9601=m
 CONFIG_USB_NET_SR9700=m
@@ -2534,8 +2500,6 @@ CONFIG_ATH10K_PCI=m
 # CONFIG_ATH10K_DEBUG is not set
 CONFIG_ATH10K_DEBUGFS=y
 # CONFIG_ATH10K_TRACING is not set
-CONFIG_WCN36XX=m
-# CONFIG_WCN36XX_DEBUGFS is not set
 CONFIG_B43=m
 CONFIG_B43_BCMA=y
 CONFIG_B43_SSB=y
@@ -2636,7 +2600,6 @@ CONFIG_RT2800USB_RT53XX=y
 CONFIG_RT2800USB_RT55XX=y
 CONFIG_RT2800USB_UNKNOWN=y
 CONFIG_RT2800_LIB=m
-CONFIG_RT2800_LIB_MMIO=m
 CONFIG_RT2X00_LIB_MMIO=m
 CONFIG_RT2X00_LIB_PCI=m
 CONFIG_RT2X00_LIB_USB=m
@@ -2850,7 +2813,7 @@ CONFIG_INPUT_MATRIXKMAP=m
 #
 # Userland interfaces
 #
-CONFIG_INPUT_MOUSEDEV=m
+CONFIG_INPUT_MOUSEDEV=y
 CONFIG_INPUT_MOUSEDEV_PSAUX=y
 CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
@@ -2864,7 +2827,7 @@ CONFIG_INPUT_EVDEV=m
 CONFIG_INPUT_KEYBOARD=y
 CONFIG_KEYBOARD_ADP5588=m
 CONFIG_KEYBOARD_ADP5589=m
-CONFIG_KEYBOARD_ATKBD=m
+CONFIG_KEYBOARD_ATKBD=y
 CONFIG_KEYBOARD_QT1070=m
 CONFIG_KEYBOARD_QT2160=m
 # CONFIG_KEYBOARD_LKKBD is not set
@@ -2895,7 +2858,7 @@ CONFIG_MOUSE_PS2_ELANTECH=y
 CONFIG_MOUSE_PS2_SENTELIC=y
 # CONFIG_MOUSE_PS2_TOUCHKIT is not set
 CONFIG_MOUSE_PS2_OLPC=y
-CONFIG_MOUSE_SERIAL=m
+CONFIG_MOUSE_SERIAL=y
 CONFIG_MOUSE_APPLETOUCH=m
 CONFIG_MOUSE_BCM5974=m
 CONFIG_MOUSE_CYAPA=m
@@ -3014,9 +2977,7 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m
 # CONFIG_TOUCHSCREEN_TSC2005 is not set
 CONFIG_TOUCHSCREEN_TSC2007=m
 CONFIG_TOUCHSCREEN_ST1232=m
-CONFIG_TOUCHSCREEN_SUR40=m
 CONFIG_TOUCHSCREEN_TPS6507X=m
-CONFIG_TOUCHSCREEN_ZFORCE=m
 CONFIG_INPUT_MISC=y
 CONFIG_INPUT_AD714X=m
 CONFIG_INPUT_AD714X_I2C=m
@@ -3042,6 +3003,7 @@ CONFIG_INPUT_RETU_PWRBUTTON=m
 CONFIG_INPUT_UINPUT=m
 CONFIG_INPUT_PCF50633_PMU=m
 CONFIG_INPUT_PCF8574=m
+# CONFIG_INPUT_PWM_BEEPER is not set
 CONFIG_INPUT_GPIO_ROTARY_ENCODER=m
 CONFIG_INPUT_ADXL34X=m
 CONFIG_INPUT_ADXL34X_I2C=m
@@ -3054,20 +3016,19 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m
 #
 # Hardware I/O ports
 #
-CONFIG_SERIO=m
-CONFIG_SERIO_I8042=m
+CONFIG_SERIO=y
+CONFIG_SERIO_I8042=y
 CONFIG_SERIO_SERPORT=m
 CONFIG_SERIO_CT82C710=m
 CONFIG_SERIO_PARKBD=m
 CONFIG_SERIO_PCIPS2=m
-CONFIG_SERIO_LIBPS2=m
+CONFIG_SERIO_LIBPS2=y
 CONFIG_SERIO_RAW=m
 CONFIG_SERIO_ALTERA_PS2=m
 CONFIG_SERIO_PS2MULT=m
 CONFIG_SERIO_ARC_PS2=m
 CONFIG_SERIO_APBPS2=m
 CONFIG_SERIO_OLPC_APSP=m
-CONFIG_HYPERV_KEYBOARD=m
 CONFIG_GAMEPORT=m
 CONFIG_GAMEPORT_NS558=m
 CONFIG_GAMEPORT_L4=m
@@ -3144,6 +3105,7 @@ CONFIG_SERIAL_ARC_NR_PORTS=1
 CONFIG_SERIAL_RP2=m
 CONFIG_SERIAL_RP2_NR_UARTS=32
 CONFIG_SERIAL_FSL_LPUART=m
+CONFIG_SERIAL_ST_ASC=m
 CONFIG_PRINTER=m
 # CONFIG_LP_CONSOLE is not set
 CONFIG_PPDEV=m
@@ -3182,13 +3144,10 @@ CONFIG_NSC_GPIO=m
 # CONFIG_RAW_DRIVER is not set
 CONFIG_HPET=y
 CONFIG_HPET_MMAP=y
-CONFIG_HPET_MMAP_DEFAULT=y
 CONFIG_HANGCHECK_TIMER=m
 CONFIG_TCG_TPM=m
 CONFIG_TCG_TIS=m
-CONFIG_TCG_TIS_I2C_ATMEL=m
 CONFIG_TCG_TIS_I2C_INFINEON=m
-CONFIG_TCG_TIS_I2C_NUVOTON=m
 CONFIG_TCG_NSC=m
 CONFIG_TCG_ATMEL=m
 CONFIG_TCG_INFINEON=m
@@ -3290,6 +3249,7 @@ CONFIG_SPI_MASTER=y
 # CONFIG_SPI_GPIO is not set
 # CONFIG_SPI_LM70_LLP is not set
 # CONFIG_SPI_FSL_SPI is not set
+# CONFIG_SPI_FSL_DSPI is not set
 # CONFIG_SPI_OC_TINY is not set
 # CONFIG_SPI_PXA2XX is not set
 # CONFIG_SPI_PXA2XX_PCI is not set
@@ -3331,8 +3291,8 @@ CONFIG_PTP_1588_CLOCK=m
 CONFIG_DP83640_PHY=m
 CONFIG_PTP_1588_CLOCK_PCH=m
 CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
-CONFIG_GPIOLIB=y
 CONFIG_GPIO_DEVRES=y
+CONFIG_GPIOLIB=y
 CONFIG_OF_GPIO=y
 CONFIG_GPIO_ACPI=y
 # CONFIG_DEBUG_GPIO is not set
@@ -3367,7 +3327,7 @@ CONFIG_GPIO_ARIZONA=m
 #
 CONFIG_GPIO_CS5535=y
 CONFIG_GPIO_AMD8111=m
-# CONFIG_GPIO_INTEL_MID is not set
+# CONFIG_GPIO_LANGWELL is not set
 # CONFIG_GPIO_PCH is not set
 # CONFIG_GPIO_ML_IOH is not set
 # CONFIG_GPIO_SODAVILLE is not set
@@ -3384,7 +3344,7 @@ CONFIG_GPIO_AMD8111=m
 #
 # AC97 GPIO expanders:
 #
-CONFIG_GPIO_UCB1400=m
+CONFIG_GPIO_UCB1400=y
 
 #
 # LPC GPIO expanders:
@@ -3393,7 +3353,6 @@ CONFIG_GPIO_UCB1400=m
 #
 # MODULbus GPIO expanders:
 #
-# CONFIG_GPIO_BCM_KONA is not set
 
 #
 # USB GPIO expanders:
@@ -3419,7 +3378,6 @@ CONFIG_BATTERY_OLPC=m
 # CONFIG_CHARGER_GPIO is not set
 # CONFIG_CHARGER_BQ2415X is not set
 # CONFIG_CHARGER_BQ24190 is not set
-CONFIG_CHARGER_BQ24735=m
 # CONFIG_CHARGER_SMB347 is not set
 CONFIG_POWER_RESET=y
 CONFIG_POWER_RESET_GPIO=y
@@ -4151,7 +4109,7 @@ CONFIG_VIDEO_UPD64031A=m
 CONFIG_VIDEO_UPD64083=m
 
 #
-# Miscellaneous helper chips
+# Miscelaneous helper chips
 #
 CONFIG_VIDEO_M52790=m
 
@@ -4227,7 +4185,6 @@ CONFIG_DVB_TUNER_CX24113=m
 CONFIG_DVB_TDA826X=m
 CONFIG_DVB_TUA6100=m
 CONFIG_DVB_CX24116=m
-CONFIG_DVB_CX24117=m
 CONFIG_DVB_SI21XX=m
 CONFIG_DVB_TS2020=m
 CONFIG_DVB_DS3000=m
@@ -4339,7 +4296,6 @@ CONFIG_VGA_SWITCHEROO=y
 CONFIG_DRM=m
 CONFIG_DRM_USB=m
 CONFIG_DRM_KMS_HELPER=m
-CONFIG_DRM_KMS_FB_HELPER=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_TTM=m
 
@@ -4359,7 +4315,6 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_I915=m
 CONFIG_DRM_I915_KMS=y
-CONFIG_DRM_I915_FBDEV=y
 # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
 CONFIG_DRM_MGA=m
 CONFIG_DRM_SIS=m
@@ -4478,7 +4433,7 @@ CONFIG_BACKLIGHT_APPLE=m
 # CONFIG_BACKLIGHT_ADP8860 is not set
 # CONFIG_BACKLIGHT_ADP8870 is not set
 CONFIG_BACKLIGHT_PCF50633=m
-CONFIG_BACKLIGHT_LM3630A=m
+# CONFIG_BACKLIGHT_LM3630 is not set
 # CONFIG_BACKLIGHT_LM3639 is not set
 # CONFIG_BACKLIGHT_LP855X is not set
 # CONFIG_BACKLIGHT_OT200 is not set
@@ -4697,7 +4652,6 @@ CONFIG_SND_USB_6FIRE=m
 CONFIG_SND_USB_HIFACE=m
 CONFIG_SND_FIREWIRE=y
 CONFIG_SND_FIREWIRE_LIB=m
-CONFIG_SND_DICE=m
 CONFIG_SND_FIREWIRE_SPEAKERS=m
 CONFIG_SND_ISIGHT=m
 CONFIG_SND_SCS1X=m
@@ -4775,7 +4729,6 @@ CONFIG_HID_ROCCAT=m
 CONFIG_HID_SAITEK=m
 CONFIG_HID_SAMSUNG=m
 CONFIG_HID_SONY=m
-CONFIG_SONY_FF=y
 CONFIG_HID_SPEEDLINK=m
 CONFIG_HID_STEELSERIES=m
 CONFIG_HID_SUNPLUS=m
@@ -5008,6 +4961,7 @@ CONFIG_USB_XUSBATM=m
 #
 CONFIG_USB_PHY=y
 CONFIG_NOP_USB_XCEIV=m
+# CONFIG_AM335X_PHY_USB is not set
 CONFIG_SAMSUNG_USBPHY=m
 CONFIG_SAMSUNG_USB2PHY=m
 CONFIG_SAMSUNG_USB3PHY=m
@@ -5050,7 +5004,6 @@ CONFIG_USB_F_NCM=m
 CONFIG_USB_F_ECM=m
 CONFIG_USB_F_SUBSET=m
 CONFIG_USB_F_RNDIS=m
-CONFIG_USB_F_MASS_STORAGE=m
 # CONFIG_USB_CONFIGFS is not set
 # CONFIG_USB_ZERO is not set
 CONFIG_USB_AUDIO=m
@@ -5150,7 +5103,6 @@ CONFIG_LEDS_LP5562=m
 CONFIG_LEDS_CLEVO_MAIL=m
 CONFIG_LEDS_PCA955X=m
 # CONFIG_LEDS_PCA963X is not set
-CONFIG_LEDS_PCA9685=m
 # CONFIG_LEDS_DAC124S085 is not set
 # CONFIG_LEDS_PWM is not set
 CONFIG_LEDS_BD2802=m
@@ -5312,7 +5264,6 @@ CONFIG_DMA_OF=y
 #
 CONFIG_ASYNC_TX_DMA=y
 # CONFIG_DMATEST is not set
-CONFIG_DMA_ENGINE_RAID=y
 CONFIG_DCA=m
 CONFIG_AUXDISPLAY=y
 CONFIG_KS0108=m
@@ -5613,6 +5564,7 @@ CONFIG_X86_PLATFORM_DEVICES=y
 CONFIG_ACER_WMI=m
 CONFIG_ACERHDF=m
 CONFIG_ASUS_LAPTOP=m
+CONFIG_CHROMEOS_LAPTOP=m
 CONFIG_DELL_LAPTOP=m
 CONFIG_DELL_WMI=m
 CONFIG_DELL_WMI_AIO=m
@@ -5660,8 +5612,6 @@ CONFIG_APPLE_GMUX=m
 CONFIG_INTEL_RST=y
 CONFIG_INTEL_SMARTCONNECT=y
 CONFIG_PVPANIC=m
-CONFIG_CHROME_PLATFORMS=y
-CONFIG_CHROMEOS_LAPTOP=m
 
 #
 # Hardware Spinlock drivers
@@ -5715,15 +5665,6 @@ CONFIG_FMC_WRITE_EEPROM=m
 CONFIG_FMC_CHARDEV=m
 
 #
-# PHY Subsystem
-#
-CONFIG_GENERIC_PHY=m
-CONFIG_PHY_EXYNOS_MIPI_VIDEO=m
-CONFIG_PHY_EXYNOS_DP_VIDEO=m
-CONFIG_POWERCAP=y
-CONFIG_INTEL_RAPL=m
-
-#
 # Firmware Drivers
 #
 CONFIG_EDD=m
@@ -5741,7 +5682,6 @@ CONFIG_ISCSI_IBFT=m
 # EFI (Extensible Firmware Interface) Support
 #
 # CONFIG_EFI_VARS is not set
-CONFIG_UEFI_CPER=y
 
 #
 # File systems
@@ -5887,11 +5827,6 @@ CONFIG_UBIFS_FS_ZLIB=y
 CONFIG_LOGFS=m
 CONFIG_CRAMFS=m
 CONFIG_SQUASHFS=m
-# CONFIG_SQUASHFS_FILE_CACHE is not set
-CONFIG_SQUASHFS_FILE_DIRECT=y
-# CONFIG_SQUASHFS_DECOMP_SINGLE is not set
-# CONFIG_SQUASHFS_DECOMP_MULTI is not set
-CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y
 CONFIG_SQUASHFS_XATTR=y
 CONFIG_SQUASHFS_ZLIB=y
 CONFIG_SQUASHFS_LZO=y
@@ -5921,7 +5856,6 @@ CONFIG_F2FS_STAT_FS=y
 CONFIG_F2FS_FS_XATTR=y
 CONFIG_F2FS_FS_POSIX_ACL=y
 CONFIG_F2FS_FS_SECURITY=y
-CONFIG_F2FS_CHECK_FS=y
 CONFIG_EFIVAR_FS=y
 CONFIG_ORE=m
 CONFIG_NETWORK_FILESYSTEMS=y
@@ -5937,7 +5871,6 @@ CONFIG_PNFS_FILE_LAYOUT=m
 CONFIG_PNFS_BLOCK=m
 CONFIG_PNFS_OBJLAYOUT=m
 CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org"
-CONFIG_NFS_V4_1_MIGRATION=y
 CONFIG_NFS_V4_SECURITY_LABEL=y
 CONFIG_NFS_FSCACHE=y
 # CONFIG_NFS_USE_LEGACY_DNS is not set
@@ -6075,7 +6008,6 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y
 CONFIG_FRAME_POINTER=y
 # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
 CONFIG_MAGIC_SYSRQ=y
-CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
 CONFIG_DEBUG_KERNEL=y
 
 #
@@ -6212,7 +6144,6 @@ CONFIG_LKDTM=m
 # CONFIG_BACKTRACE_SELF_TEST is not set
 # CONFIG_RBTREE_TEST is not set
 # CONFIG_INTERVAL_TREE_TEST is not set
-CONFIG_PERCPU_TEST=m
 # CONFIG_ATOMIC64_SELFTEST is not set
 CONFIG_ASYNC_RAID6_TEST=m
 # CONFIG_TEST_STRING_HELPERS is not set
@@ -6227,7 +6158,6 @@ CONFIG_STRICT_DEVMEM=y
 CONFIG_X86_VERBOSE_BOOTUP=y
 CONFIG_EARLY_PRINTK=y
 # CONFIG_EARLY_PRINTK_DBGP is not set
-CONFIG_EARLY_PRINTK_EFI=y
 # CONFIG_X86_PTDUMP is not set
 CONFIG_DEBUG_RODATA=y
 # CONFIG_DEBUG_RODATA_TEST is not set
@@ -6257,8 +6187,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0
 # Security options
 #
 CONFIG_KEYS=y
-CONFIG_PERSISTENT_KEYRINGS=y
-CONFIG_BIG_KEYS=y
 CONFIG_TRUSTED_KEYS=m
 CONFIG_ENCRYPTED_KEYS=m
 # CONFIG_KEYS_DEBUG_PROC_KEYS is not set
@@ -6269,16 +6197,8 @@ CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_NETWORK_XFRM is not set
 CONFIG_SECURITY_PATH=y
 # CONFIG_INTEL_TXT is not set
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-# CONFIG_SECURITY_SELINUX_DISABLE is not set
-CONFIG_SECURITY_SELINUX_DEVELOP=y
-CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
-# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
-CONFIG_SECURITY_SMACK=y
+# CONFIG_SECURITY_SELINUX is not set
+# CONFIG_SECURITY_SMACK is not set
 CONFIG_SECURITY_TOMOYO=y
 CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
@@ -6291,8 +6211,6 @@ CONFIG_SECURITY_APPARMOR_HASH=y
 CONFIG_SECURITY_YAMA=y
 CONFIG_SECURITY_YAMA_STACKED=y
 # CONFIG_IMA is not set
-# CONFIG_DEFAULT_SECURITY_SELINUX is not set
-# CONFIG_DEFAULT_SECURITY_SMACK is not set
 # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 # CONFIG_DEFAULT_SECURITY_YAMA is not set
@@ -6332,7 +6250,7 @@ CONFIG_CRYPTO_WORKQUEUE=y
 CONFIG_CRYPTO_CRYPTD=m
 CONFIG_CRYPTO_AUTHENC=m
 CONFIG_CRYPTO_TEST=m
-CONFIG_CRYPTO_ABLK_HELPER=m
+CONFIG_CRYPTO_ABLK_HELPER_X86=m
 CONFIG_CRYPTO_GLUE_HELPER_X86=m
 
 #
@@ -6426,7 +6344,6 @@ CONFIG_CRYPTO_ANSI_CPRNG=m
 CONFIG_CRYPTO_USER_API=m
 CONFIG_CRYPTO_USER_API_HASH=m
 CONFIG_CRYPTO_USER_API_SKCIPHER=m
-CONFIG_CRYPTO_HASH_INFO=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_DEV_PADLOCK=m
 CONFIG_CRYPTO_DEV_PADLOCK_AES=m
@@ -6447,7 +6364,6 @@ CONFIG_KVM_MMIO=y
 CONFIG_KVM_ASYNC_PF=y
 CONFIG_HAVE_KVM_MSI=y
 CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
-CONFIG_KVM_VFIO=y
 CONFIG_VIRTUALIZATION=y
 CONFIG_KVM=m
 CONFIG_KVM_INTEL=m
@@ -6484,7 +6400,6 @@ CONFIG_CRC7=m
 CONFIG_LIBCRC32C=m
 CONFIG_CRC8=m
 CONFIG_AUDIT_GENERIC=y
-# CONFIG_RANDOM32_SELFTEST is not set
 CONFIG_ZLIB_INFLATE=y
 CONFIG_ZLIB_DEFLATE=y
 CONFIG_LZO_COMPRESS=y
@@ -6518,7 +6433,6 @@ CONFIG_TEXTSEARCH_KMP=m
 CONFIG_TEXTSEARCH_BM=m
 CONFIG_TEXTSEARCH_FSM=m
 CONFIG_BTREE=y
-CONFIG_ASSOCIATIVE_ARRAY=y
 CONFIG_HAS_IOMEM=y
 CONFIG_HAS_IOPORT=y
 CONFIG_HAS_DMA=y
diff --git a/kernels/linux-libre-knock/config.x86_64 b/kernels/linux-libre-knock/config.x86_64
index 9152ab01a..0d06a2842 100644
--- a/kernels/linux-libre-knock/config.x86_64
+++ b/kernels/linux-libre-knock/config.x86_64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.13.0 Kernel Configuration
+# Linux/x86 3.12.7-1 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -39,6 +39,7 @@ CONFIG_HAVE_INTEL_TXT=y
 CONFIG_X86_64_SMP=y
 CONFIG_X86_HT=y
 CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
+CONFIG_ARCH_CPU_PROBE_RELEASE=y
 CONFIG_ARCH_SUPPORTS_UPROBES=y
 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
 CONFIG_IRQ_WORK=y
@@ -75,6 +76,7 @@ CONFIG_AUDIT=y
 CONFIG_AUDITSYSCALL=y
 CONFIG_AUDIT_WATCH=y
 CONFIG_AUDIT_TREE=y
+CONFIG_AUDIT_LOGINUID_IMMUTABLE=y
 
 #
 # IRQ subsystem
@@ -141,7 +143,6 @@ CONFIG_IKCONFIG_PROC=y
 CONFIG_LOG_BUF_SHIFT=19
 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
 CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
-CONFIG_ARCH_SUPPORTS_INT128=y
 CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y
 CONFIG_ARCH_USES_NUMA_PROT_NONE=y
 CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y
@@ -246,6 +247,7 @@ CONFIG_HAVE_OPTPROBES=y
 CONFIG_HAVE_KPROBES_ON_FTRACE=y
 CONFIG_HAVE_ARCH_TRACEHOOK=y
 CONFIG_HAVE_DMA_ATTRS=y
+CONFIG_USE_GENERIC_SMP_HELPERS=y
 CONFIG_GENERIC_SMP_IDLE_THREAD=y
 CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
 CONFIG_HAVE_DMA_API_DEBUG=y
@@ -265,12 +267,10 @@ CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
 CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
 CONFIG_SECCOMP_FILTER=y
 CONFIG_HAVE_CONTEXT_TRACKING=y
-CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
 CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
 CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
 CONFIG_HAVE_ARCH_SOFT_DIRTY=y
 CONFIG_MODULES_USE_ELF_RELA=y
-CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
 CONFIG_OLD_SIGSUSPEND3=y
 CONFIG_COMPAT_OLD_SIGACTION=y
 
@@ -282,7 +282,6 @@ CONFIG_COMPAT_OLD_SIGACTION=y
 CONFIG_SLABINFO=y
 CONFIG_RT_MUTEXES=y
 CONFIG_BASE_SMALL=0
-# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
 CONFIG_MODULES=y
 CONFIG_MODULE_FORCE_LOAD=y
 CONFIG_MODULE_UNLOAD=y
@@ -451,7 +450,6 @@ CONFIG_MEMORY_HOTPLUG_SPARSE=y
 CONFIG_MEMORY_HOTREMOVE=y
 CONFIG_PAGEFLAGS_EXTENDED=y
 CONFIG_SPLIT_PTLOCK_CPUS=4
-CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
 CONFIG_BALLOON_COMPACTION=y
 CONFIG_COMPACTION=y
 CONFIG_MIGRATION=y
@@ -532,13 +530,13 @@ CONFIG_PM_DEBUG=y
 CONFIG_PM_ADVANCED_DEBUG=y
 # CONFIG_PM_TEST_SUSPEND is not set
 CONFIG_PM_SLEEP_DEBUG=y
-# CONFIG_DPM_WATCHDOG is not set
 CONFIG_PM_TRACE=y
 CONFIG_PM_TRACE_RTC=y
 # CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
 CONFIG_ACPI=y
 CONFIG_ACPI_SLEEP=y
 # CONFIG_ACPI_PROCFS is not set
+# CONFIG_ACPI_PROCFS_POWER is not set
 CONFIG_ACPI_EC_DEBUGFS=m
 CONFIG_ACPI_AC=m
 CONFIG_ACPI_BATTERY=m
@@ -554,6 +552,7 @@ CONFIG_ACPI_THERMAL=m
 CONFIG_ACPI_NUMA=y
 # CONFIG_ACPI_CUSTOM_DSDT is not set
 CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y
+CONFIG_ACPI_BLACKLIST_YEAR=0
 # CONFIG_ACPI_DEBUG is not set
 CONFIG_ACPI_PCI_SLOT=y
 CONFIG_X86_PM_TIMER=y
@@ -569,13 +568,13 @@ CONFIG_ACPI_APEI_PCIEAER=y
 CONFIG_ACPI_APEI_MEMORY_FAILURE=y
 CONFIG_ACPI_APEI_EINJ=m
 CONFIG_ACPI_APEI_ERST_DEBUG=m
-CONFIG_ACPI_EXTLOG=m
 CONFIG_SFI=y
 
 #
 # CPU Frequency scaling
 #
 CONFIG_CPU_FREQ=y
+CONFIG_CPU_FREQ_TABLE=y
 CONFIG_CPU_FREQ_GOV_COMMON=y
 CONFIG_CPU_FREQ_STAT=m
 CONFIG_CPU_FREQ_STAT_DETAILS=y
@@ -789,6 +788,7 @@ CONFIG_DEFAULT_TCP_CONG="cubic"
 # CONFIG_TCP_MD5SIG is not set
 CONFIG_TCP_STEALTH=y
 CONFIG_IPV6=y
+CONFIG_IPV6_PRIVACY=y
 CONFIG_IPV6_ROUTER_PREF=y
 CONFIG_IPV6_ROUTE_INFO=y
 CONFIG_IPV6_OPTIMISTIC_DAD=y
@@ -802,7 +802,6 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m
 CONFIG_INET6_XFRM_MODE_TUNNEL=m
 CONFIG_INET6_XFRM_MODE_BEET=m
 CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
-CONFIG_IPV6_VTI=m
 CONFIG_IPV6_SIT=m
 CONFIG_IPV6_SIT_6RD=y
 CONFIG_IPV6_NDISC_NODETYPE=y
@@ -865,17 +864,6 @@ CONFIG_NF_NAT_IRC=m
 CONFIG_NF_NAT_SIP=m
 CONFIG_NF_NAT_TFTP=m
 CONFIG_NETFILTER_SYNPROXY=m
-CONFIG_NF_TABLES=m
-CONFIG_NFT_EXTHDR=m
-CONFIG_NFT_META=m
-CONFIG_NFT_CT=m
-CONFIG_NFT_RBTREE=m
-CONFIG_NFT_HASH=m
-CONFIG_NFT_COUNTER=m
-CONFIG_NFT_LOG=m
-CONFIG_NFT_LIMIT=m
-CONFIG_NFT_NAT=m
-CONFIG_NFT_COMPAT=m
 CONFIG_NETFILTER_XTABLES=m
 
 #
@@ -969,9 +957,7 @@ CONFIG_IP_SET_HASH_IP=m
 CONFIG_IP_SET_HASH_IPPORT=m
 CONFIG_IP_SET_HASH_IPPORTIP=m
 CONFIG_IP_SET_HASH_IPPORTNET=m
-CONFIG_IP_SET_HASH_NETPORTNET=m
 CONFIG_IP_SET_HASH_NET=m
-CONFIG_IP_SET_HASH_NETNET=m
 CONFIG_IP_SET_HASH_NETPORT=m
 CONFIG_IP_SET_HASH_NETIFACE=m
 CONFIG_IP_SET_LIST_SET=m
@@ -1022,11 +1008,6 @@ CONFIG_IP_VS_PE_SIP=m
 CONFIG_NF_DEFRAG_IPV4=m
 CONFIG_NF_CONNTRACK_IPV4=m
 # CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
-CONFIG_NF_TABLES_IPV4=m
-CONFIG_NFT_REJECT_IPV4=m
-CONFIG_NFT_CHAIN_ROUTE_IPV4=m
-CONFIG_NFT_CHAIN_NAT_IPV4=m
-CONFIG_NF_TABLES_ARP=m
 CONFIG_IP_NF_IPTABLES=m
 CONFIG_IP_NF_MATCH_AH=m
 CONFIG_IP_NF_MATCH_ECN=m
@@ -1059,9 +1040,6 @@ CONFIG_IP_NF_ARP_MANGLE=m
 #
 CONFIG_NF_DEFRAG_IPV6=m
 CONFIG_NF_CONNTRACK_IPV6=m
-CONFIG_NF_TABLES_IPV6=m
-CONFIG_NFT_CHAIN_ROUTE_IPV6=m
-CONFIG_NFT_CHAIN_NAT_IPV6=m
 CONFIG_IP6_NF_IPTABLES=m
 CONFIG_IP6_NF_MATCH_AH=m
 CONFIG_IP6_NF_MATCH_EUI64=m
@@ -1082,7 +1060,6 @@ CONFIG_IP6_NF_SECURITY=m
 CONFIG_NF_NAT_IPV6=m
 CONFIG_IP6_NF_TARGET_MASQUERADE=m
 CONFIG_IP6_NF_TARGET_NPT=m
-CONFIG_NF_TABLES_BRIDGE=m
 CONFIG_BRIDGE_NF_EBTABLES=m
 CONFIG_BRIDGE_EBT_BROUTE=m
 CONFIG_BRIDGE_EBT_T_FILTER=m
@@ -1215,7 +1192,6 @@ CONFIG_NET_CLS_RSVP=m
 CONFIG_NET_CLS_RSVP6=m
 CONFIG_NET_CLS_FLOW=m
 CONFIG_NET_CLS_CGROUP=y
-CONFIG_NET_CLS_BPF=m
 # CONFIG_NET_EMATCH is not set
 CONFIG_NET_CLS_ACT=y
 CONFIG_NET_ACT_POLICE=m
@@ -1245,7 +1221,6 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
 CONFIG_NETLINK_MMAP=y
 CONFIG_NETLINK_DIAG=m
 CONFIG_NET_MPLS_GSO=m
-CONFIG_HSR=m
 CONFIG_RPS=y
 CONFIG_RFS_ACCEL=y
 CONFIG_XPS=y
@@ -1409,7 +1384,6 @@ CONFIG_WIMAX_DEBUG_LEVEL=8
 CONFIG_RFKILL=m
 CONFIG_RFKILL_LEDS=y
 CONFIG_RFKILL_INPUT=y
-CONFIG_RFKILL_GPIO=m
 CONFIG_NET_9P=m
 CONFIG_NET_9P_VIRTIO=m
 # CONFIG_NET_9P_DEBUG is not set
@@ -1421,7 +1395,6 @@ CONFIG_CEPH_LIB=m
 # CONFIG_CEPH_LIB_PRETTYDEBUG is not set
 # CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set
 CONFIG_NFC=m
-CONFIG_NFC_DIGITAL=m
 CONFIG_NFC_NCI=m
 # CONFIG_NFC_NCI_SPI is not set
 CONFIG_NFC_HCI=m
@@ -1434,7 +1407,6 @@ CONFIG_NFC_PN533=m
 CONFIG_NFC_WILINK=m
 CONFIG_NFC_MEI_PHY=m
 CONFIG_NFC_SIM=m
-CONFIG_NFC_PORT100=m
 CONFIG_NFC_PN544=m
 CONFIG_NFC_PN544_MEI=m
 CONFIG_NFC_MICROREAD=m
@@ -1581,7 +1553,6 @@ CONFIG_MTD_UBI_BEB_LIMIT=20
 # CONFIG_MTD_UBI_FASTMAP is not set
 # CONFIG_MTD_UBI_GLUEBI is not set
 CONFIG_PARPORT=m
-CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
 CONFIG_PARPORT_PC=m
 CONFIG_PARPORT_SERIAL=m
 # CONFIG_PARPORT_PC_FIFO is not set
@@ -1599,10 +1570,10 @@ CONFIG_PNP=y
 #
 CONFIG_PNPACPI=y
 CONFIG_BLK_DEV=y
-# CONFIG_BLK_DEV_NULL_BLK is not set
 CONFIG_BLK_DEV_FD=m
 # CONFIG_PARIDE is not set
 CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m
+CONFIG_BLK_CPQ_DA=m
 CONFIG_BLK_CPQ_CISS_DA=m
 # CONFIG_CISS_SCSI_TAPE is not set
 CONFIG_BLK_DEV_DAC960=m
@@ -1615,7 +1586,6 @@ CONFIG_BLK_DEV_DRBD=m
 # CONFIG_DRBD_FAULT_INJECTION is not set
 CONFIG_BLK_DEV_NBD=m
 CONFIG_BLK_DEV_NVME=m
-CONFIG_BLK_DEV_SKD=m
 CONFIG_BLK_DEV_OSD=m
 CONFIG_BLK_DEV_SX8=m
 CONFIG_BLK_DEV_RAM=m
@@ -1700,16 +1670,6 @@ CONFIG_ALTERA_STAPL=m
 CONFIG_INTEL_MEI=m
 CONFIG_INTEL_MEI_ME=m
 CONFIG_VMWARE_VMCI=m
-
-#
-# Intel MIC Host Driver
-#
-CONFIG_INTEL_MIC_HOST=m
-
-#
-# Intel MIC Card Driver
-#
-CONFIG_INTEL_MIC_CARD=m
 CONFIG_HAVE_IDE=y
 # CONFIG_IDE is not set
 
@@ -1977,6 +1937,7 @@ CONFIG_MD_MULTIPATH=m
 CONFIG_MD_FAULTY=m
 CONFIG_BCACHE=m
 # CONFIG_BCACHE_DEBUG is not set
+# CONFIG_BCACHE_EDEBUG is not set
 # CONFIG_BCACHE_CLOSURES_DEBUG is not set
 CONFIG_BLK_DEV_DM=m
 # CONFIG_DM_DEBUG is not set
@@ -1991,8 +1952,8 @@ CONFIG_DM_CACHE=m
 CONFIG_DM_CACHE_MQ=m
 CONFIG_DM_CACHE_CLEANER=m
 CONFIG_DM_MIRROR=m
-CONFIG_DM_LOG_USERSPACE=m
 CONFIG_DM_RAID=m
+CONFIG_DM_LOG_USERSPACE=m
 CONFIG_DM_ZERO=m
 CONFIG_DM_MULTIPATH=m
 CONFIG_DM_MULTIPATH_QL=m
@@ -2373,7 +2334,6 @@ CONFIG_USB_NET_AX88179_178A=m
 CONFIG_USB_NET_CDCETHER=m
 CONFIG_USB_NET_CDC_EEM=m
 CONFIG_USB_NET_CDC_NCM=m
-CONFIG_USB_NET_HUAWEI_CDC_NCM=m
 CONFIG_USB_NET_CDC_MBIM=m
 CONFIG_USB_NET_DM9601=m
 CONFIG_USB_NET_SR9700=m
@@ -2458,8 +2418,6 @@ CONFIG_ATH10K_PCI=m
 # CONFIG_ATH10K_DEBUG is not set
 CONFIG_ATH10K_DEBUGFS=y
 # CONFIG_ATH10K_TRACING is not set
-CONFIG_WCN36XX=m
-# CONFIG_WCN36XX_DEBUGFS is not set
 CONFIG_B43=m
 CONFIG_B43_BCMA=y
 CONFIG_B43_SSB=y
@@ -2560,7 +2518,6 @@ CONFIG_RT2800USB_RT53XX=y
 CONFIG_RT2800USB_RT55XX=y
 CONFIG_RT2800USB_UNKNOWN=y
 CONFIG_RT2800_LIB=m
-CONFIG_RT2800_LIB_MMIO=m
 CONFIG_RT2X00_LIB_MMIO=m
 CONFIG_RT2X00_LIB_PCI=m
 CONFIG_RT2X00_LIB_USB=m
@@ -2760,7 +2717,7 @@ CONFIG_INPUT_MATRIXKMAP=m
 #
 # Userland interfaces
 #
-CONFIG_INPUT_MOUSEDEV=m
+CONFIG_INPUT_MOUSEDEV=y
 CONFIG_INPUT_MOUSEDEV_PSAUX=y
 CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
@@ -2774,7 +2731,7 @@ CONFIG_INPUT_EVDEV=m
 CONFIG_INPUT_KEYBOARD=y
 CONFIG_KEYBOARD_ADP5588=m
 CONFIG_KEYBOARD_ADP5589=m
-CONFIG_KEYBOARD_ATKBD=m
+CONFIG_KEYBOARD_ATKBD=y
 CONFIG_KEYBOARD_QT1070=m
 CONFIG_KEYBOARD_QT2160=m
 # CONFIG_KEYBOARD_LKKBD is not set
@@ -2803,8 +2760,8 @@ CONFIG_MOUSE_PS2_LIFEBOOK=y
 CONFIG_MOUSE_PS2_TRACKPOINT=y
 CONFIG_MOUSE_PS2_ELANTECH=y
 CONFIG_MOUSE_PS2_SENTELIC=y
-CONFIG_MOUSE_PS2_TOUCHKIT=y
-CONFIG_MOUSE_SERIAL=m
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+CONFIG_MOUSE_SERIAL=y
 CONFIG_MOUSE_APPLETOUCH=m
 CONFIG_MOUSE_BCM5974=m
 CONFIG_MOUSE_CYAPA=m
@@ -2917,9 +2874,7 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m
 # CONFIG_TOUCHSCREEN_TSC2005 is not set
 CONFIG_TOUCHSCREEN_TSC2007=m
 CONFIG_TOUCHSCREEN_ST1232=m
-CONFIG_TOUCHSCREEN_SUR40=m
 CONFIG_TOUCHSCREEN_TPS6507X=m
-CONFIG_TOUCHSCREEN_ZFORCE=m
 CONFIG_INPUT_MISC=y
 CONFIG_INPUT_AD714X=m
 CONFIG_INPUT_AD714X_I2C=m
@@ -2957,18 +2912,17 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m
 #
 # Hardware I/O ports
 #
-CONFIG_SERIO=m
-CONFIG_SERIO_I8042=m
+CONFIG_SERIO=y
+CONFIG_SERIO_I8042=y
 CONFIG_SERIO_SERPORT=m
 CONFIG_SERIO_CT82C710=m
 CONFIG_SERIO_PARKBD=m
 CONFIG_SERIO_PCIPS2=m
-CONFIG_SERIO_LIBPS2=m
+CONFIG_SERIO_LIBPS2=y
 CONFIG_SERIO_RAW=m
 CONFIG_SERIO_ALTERA_PS2=m
 CONFIG_SERIO_PS2MULT=m
 CONFIG_SERIO_ARC_PS2=m
-CONFIG_HYPERV_KEYBOARD=m
 CONFIG_GAMEPORT=m
 CONFIG_GAMEPORT_NS558=m
 CONFIG_GAMEPORT_L4=m
@@ -3043,6 +2997,7 @@ CONFIG_SERIAL_ARC_NR_PORTS=1
 CONFIG_SERIAL_RP2=m
 CONFIG_SERIAL_RP2_NR_UARTS=32
 CONFIG_SERIAL_FSL_LPUART=m
+CONFIG_SERIAL_ST_ASC=m
 CONFIG_PRINTER=m
 # CONFIG_LP_CONSOLE is not set
 CONFIG_PPDEV=m
@@ -3079,13 +3034,10 @@ CONFIG_MWAVE=m
 # CONFIG_RAW_DRIVER is not set
 CONFIG_HPET=y
 CONFIG_HPET_MMAP=y
-CONFIG_HPET_MMAP_DEFAULT=y
 CONFIG_HANGCHECK_TIMER=m
 CONFIG_TCG_TPM=m
 CONFIG_TCG_TIS=m
-CONFIG_TCG_TIS_I2C_ATMEL=m
 CONFIG_TCG_TIS_I2C_INFINEON=m
-CONFIG_TCG_TIS_I2C_NUVOTON=m
 CONFIG_TCG_NSC=m
 CONFIG_TCG_ATMEL=m
 CONFIG_TCG_INFINEON=m
@@ -3183,6 +3135,7 @@ CONFIG_SPI_MASTER=y
 # CONFIG_SPI_BUTTERFLY is not set
 # CONFIG_SPI_GPIO is not set
 # CONFIG_SPI_LM70_LLP is not set
+# CONFIG_SPI_FSL_DSPI is not set
 # CONFIG_SPI_OC_TINY is not set
 CONFIG_SPI_PXA2XX_DMA=y
 CONFIG_SPI_PXA2XX=m
@@ -3225,8 +3178,8 @@ CONFIG_PTP_1588_CLOCK=m
 CONFIG_DP83640_PHY=m
 CONFIG_PTP_1588_CLOCK_PCH=m
 CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
-CONFIG_GPIOLIB=y
 CONFIG_GPIO_DEVRES=y
+CONFIG_GPIOLIB=y
 CONFIG_GPIO_ACPI=y
 # CONFIG_DEBUG_GPIO is not set
 CONFIG_GPIO_SYSFS=y
@@ -3258,7 +3211,7 @@ CONFIG_GPIO_ARIZONA=m
 #
 CONFIG_GPIO_CS5535=m
 CONFIG_GPIO_AMD8111=m
-# CONFIG_GPIO_INTEL_MID is not set
+CONFIG_GPIO_LANGWELL=y
 # CONFIG_GPIO_PCH is not set
 # CONFIG_GPIO_ML_IOH is not set
 # CONFIG_GPIO_RDC321X is not set
@@ -3274,7 +3227,7 @@ CONFIG_GPIO_AMD8111=m
 #
 # AC97 GPIO expanders:
 #
-CONFIG_GPIO_UCB1400=m
+CONFIG_GPIO_UCB1400=y
 
 #
 # LPC GPIO expanders:
@@ -3307,7 +3260,6 @@ CONFIG_TEST_POWER=m
 # CONFIG_CHARGER_GPIO is not set
 # CONFIG_CHARGER_BQ2415X is not set
 # CONFIG_CHARGER_BQ24190 is not set
-CONFIG_CHARGER_BQ24735=m
 # CONFIG_CHARGER_SMB347 is not set
 CONFIG_POWER_RESET=y
 CONFIG_POWER_AVS=y
@@ -4030,7 +3982,7 @@ CONFIG_VIDEO_UPD64031A=m
 CONFIG_VIDEO_UPD64083=m
 
 #
-# Miscellaneous helper chips
+# Miscelaneous helper chips
 #
 CONFIG_VIDEO_M52790=m
 
@@ -4106,7 +4058,6 @@ CONFIG_DVB_TUNER_CX24113=m
 CONFIG_DVB_TDA826X=m
 CONFIG_DVB_TUA6100=m
 CONFIG_DVB_CX24116=m
-CONFIG_DVB_CX24117=m
 CONFIG_DVB_SI21XX=m
 CONFIG_DVB_TS2020=m
 CONFIG_DVB_DS3000=m
@@ -4212,7 +4163,6 @@ CONFIG_VGA_SWITCHEROO=y
 CONFIG_DRM=m
 CONFIG_DRM_USB=m
 CONFIG_DRM_KMS_HELPER=m
-CONFIG_DRM_KMS_FB_HELPER=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_TTM=m
 
@@ -4232,7 +4182,6 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_I915=m
 CONFIG_DRM_I915_KMS=y
-CONFIG_DRM_I915_FBDEV=y
 # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
 CONFIG_DRM_MGA=m
 CONFIG_DRM_SIS=m
@@ -4347,7 +4296,7 @@ CONFIG_BACKLIGHT_APPLE=m
 # CONFIG_BACKLIGHT_ADP8860 is not set
 # CONFIG_BACKLIGHT_ADP8870 is not set
 CONFIG_BACKLIGHT_PCF50633=m
-CONFIG_BACKLIGHT_LM3630A=m
+# CONFIG_BACKLIGHT_LM3630 is not set
 # CONFIG_BACKLIGHT_LM3639 is not set
 # CONFIG_BACKLIGHT_LP855X is not set
 # CONFIG_BACKLIGHT_OT200 is not set
@@ -4526,7 +4475,6 @@ CONFIG_SND_USB_6FIRE=m
 CONFIG_SND_USB_HIFACE=m
 CONFIG_SND_FIREWIRE=y
 CONFIG_SND_FIREWIRE_LIB=m
-CONFIG_SND_DICE=m
 CONFIG_SND_FIREWIRE_SPEAKERS=m
 CONFIG_SND_ISIGHT=m
 CONFIG_SND_SCS1X=m
@@ -4604,7 +4552,6 @@ CONFIG_HID_ROCCAT=m
 CONFIG_HID_SAITEK=m
 CONFIG_HID_SAMSUNG=m
 CONFIG_HID_SONY=m
-CONFIG_SONY_FF=y
 CONFIG_HID_SPEEDLINK=m
 CONFIG_HID_STEELSERIES=m
 CONFIG_HID_SUNPLUS=m
@@ -4835,6 +4782,7 @@ CONFIG_USB_XUSBATM=m
 #
 CONFIG_USB_PHY=y
 CONFIG_NOP_USB_XCEIV=m
+# CONFIG_AM335X_PHY_USB is not set
 CONFIG_SAMSUNG_USBPHY=m
 CONFIG_SAMSUNG_USB2PHY=m
 CONFIG_SAMSUNG_USB3PHY=m
@@ -4876,7 +4824,6 @@ CONFIG_USB_F_NCM=m
 CONFIG_USB_F_ECM=m
 CONFIG_USB_F_SUBSET=m
 CONFIG_USB_F_RNDIS=m
-CONFIG_USB_F_MASS_STORAGE=m
 # CONFIG_USB_CONFIGFS is not set
 # CONFIG_USB_ZERO is not set
 CONFIG_USB_AUDIO=m
@@ -4977,7 +4924,6 @@ CONFIG_LEDS_LP5562=m
 CONFIG_LEDS_CLEVO_MAIL=m
 CONFIG_LEDS_PCA955X=m
 # CONFIG_LEDS_PCA963X is not set
-CONFIG_LEDS_PCA9685=m
 # CONFIG_LEDS_DAC124S085 is not set
 CONFIG_LEDS_BD2802=m
 CONFIG_LEDS_INTEL_SS4200=m
@@ -5134,7 +5080,6 @@ CONFIG_DMA_ACPI=y
 #
 CONFIG_ASYNC_TX_DMA=y
 # CONFIG_DMATEST is not set
-CONFIG_DMA_ENGINE_RAID=y
 CONFIG_DCA=m
 CONFIG_AUXDISPLAY=y
 CONFIG_KS0108=m
@@ -5335,11 +5280,15 @@ CONFIG_FT1000_PCMCIA=m
 #
 CONFIG_SPEAKUP=m
 CONFIG_SPEAKUP_SYNTH_ACNTSA=m
+CONFIG_SPEAKUP_SYNTH_ACNTPC=m
 CONFIG_SPEAKUP_SYNTH_APOLLO=m
 CONFIG_SPEAKUP_SYNTH_AUDPTR=m
 CONFIG_SPEAKUP_SYNTH_BNS=m
 CONFIG_SPEAKUP_SYNTH_DECTLK=m
 CONFIG_SPEAKUP_SYNTH_DECEXT=m
+CONFIG_SPEAKUP_SYNTH_DECPC=m
+CONFIG_SPEAKUP_SYNTH_DTLK=m
+CONFIG_SPEAKUP_SYNTH_KEYPC=m
 CONFIG_SPEAKUP_SYNTH_LTLK=m
 CONFIG_SPEAKUP_SYNTH_SOFT=m
 CONFIG_SPEAKUP_SYNTH_SPKOUT=m
@@ -5405,6 +5354,7 @@ CONFIG_X86_PLATFORM_DEVICES=y
 CONFIG_ACER_WMI=m
 CONFIG_ACERHDF=m
 CONFIG_ASUS_LAPTOP=m
+CONFIG_CHROMEOS_LAPTOP=m
 CONFIG_DELL_LAPTOP=m
 CONFIG_DELL_WMI=m
 CONFIG_DELL_WMI_AIO=m
@@ -5450,8 +5400,6 @@ CONFIG_APPLE_GMUX=m
 CONFIG_INTEL_RST=m
 CONFIG_INTEL_SMARTCONNECT=y
 CONFIG_PVPANIC=m
-CONFIG_CHROME_PLATFORMS=y
-CONFIG_CHROMEOS_LAPTOP=m
 
 #
 # Hardware Spinlock drivers
@@ -5503,14 +5451,6 @@ CONFIG_FMC_WRITE_EEPROM=m
 CONFIG_FMC_CHARDEV=m
 
 #
-# PHY Subsystem
-#
-CONFIG_GENERIC_PHY=m
-CONFIG_PHY_EXYNOS_MIPI_VIDEO=m
-CONFIG_POWERCAP=y
-CONFIG_INTEL_RAPL=m
-
-#
 # Firmware Drivers
 #
 CONFIG_EDD=m
@@ -5528,7 +5468,6 @@ CONFIG_ISCSI_IBFT=m
 # EFI (Extensible Firmware Interface) Support
 #
 # CONFIG_EFI_VARS is not set
-CONFIG_UEFI_CPER=y
 
 #
 # File systems
@@ -5675,11 +5614,6 @@ CONFIG_UBIFS_FS_ZLIB=y
 CONFIG_LOGFS=m
 CONFIG_CRAMFS=m
 CONFIG_SQUASHFS=m
-# CONFIG_SQUASHFS_FILE_CACHE is not set
-CONFIG_SQUASHFS_FILE_DIRECT=y
-# CONFIG_SQUASHFS_DECOMP_SINGLE is not set
-# CONFIG_SQUASHFS_DECOMP_MULTI is not set
-CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y
 CONFIG_SQUASHFS_XATTR=y
 CONFIG_SQUASHFS_ZLIB=y
 CONFIG_SQUASHFS_LZO=y
@@ -5709,7 +5643,6 @@ CONFIG_F2FS_STAT_FS=y
 CONFIG_F2FS_FS_XATTR=y
 CONFIG_F2FS_FS_POSIX_ACL=y
 CONFIG_F2FS_FS_SECURITY=y
-CONFIG_F2FS_CHECK_FS=y
 CONFIG_EFIVAR_FS=y
 CONFIG_ORE=m
 CONFIG_NETWORK_FILESYSTEMS=y
@@ -5725,7 +5658,6 @@ CONFIG_PNFS_FILE_LAYOUT=m
 CONFIG_PNFS_BLOCK=m
 CONFIG_PNFS_OBJLAYOUT=m
 CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org"
-CONFIG_NFS_V4_1_MIGRATION=y
 CONFIG_NFS_V4_SECURITY_LABEL=y
 CONFIG_NFS_FSCACHE=y
 # CONFIG_NFS_USE_LEGACY_DNS is not set
@@ -5863,7 +5795,6 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y
 CONFIG_FRAME_POINTER=y
 # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
 CONFIG_MAGIC_SYSRQ=y
-CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
 CONFIG_DEBUG_KERNEL=y
 
 #
@@ -6000,7 +5931,6 @@ CONFIG_LKDTM=m
 # CONFIG_BACKTRACE_SELF_TEST is not set
 # CONFIG_RBTREE_TEST is not set
 # CONFIG_INTERVAL_TREE_TEST is not set
-CONFIG_PERCPU_TEST=m
 # CONFIG_ATOMIC64_SELFTEST is not set
 CONFIG_ASYNC_RAID6_TEST=m
 # CONFIG_TEST_STRING_HELPERS is not set
@@ -6015,7 +5945,6 @@ CONFIG_STRICT_DEVMEM=y
 CONFIG_X86_VERBOSE_BOOTUP=y
 CONFIG_EARLY_PRINTK=y
 # CONFIG_EARLY_PRINTK_DBGP is not set
-CONFIG_EARLY_PRINTK_EFI=y
 # CONFIG_X86_PTDUMP is not set
 CONFIG_DEBUG_RODATA=y
 # CONFIG_DEBUG_RODATA_TEST is not set
@@ -6046,8 +5975,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0
 # Security options
 #
 CONFIG_KEYS=y
-CONFIG_PERSISTENT_KEYRINGS=y
-CONFIG_BIG_KEYS=y
 CONFIG_TRUSTED_KEYS=m
 CONFIG_ENCRYPTED_KEYS=m
 # CONFIG_KEYS_DEBUG_PROC_KEYS is not set
@@ -6058,16 +5985,8 @@ CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_NETWORK_XFRM is not set
 CONFIG_SECURITY_PATH=y
 # CONFIG_INTEL_TXT is not set
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-# CONFIG_SECURITY_SELINUX_DISABLE is not set
-CONFIG_SECURITY_SELINUX_DEVELOP=y
-CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
-# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
-CONFIG_SECURITY_SMACK=y
+# CONFIG_SECURITY_SELINUX is not set
+# CONFIG_SECURITY_SMACK is not set
 CONFIG_SECURITY_TOMOYO=y
 CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
@@ -6080,8 +5999,6 @@ CONFIG_SECURITY_APPARMOR_HASH=y
 CONFIG_SECURITY_YAMA=y
 CONFIG_SECURITY_YAMA_STACKED=y
 # CONFIG_IMA is not set
-# CONFIG_DEFAULT_SECURITY_SELINUX is not set
-# CONFIG_DEFAULT_SECURITY_SMACK is not set
 # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 # CONFIG_DEFAULT_SECURITY_YAMA is not set
@@ -6121,7 +6038,7 @@ CONFIG_CRYPTO_WORKQUEUE=y
 CONFIG_CRYPTO_CRYPTD=m
 CONFIG_CRYPTO_AUTHENC=m
 CONFIG_CRYPTO_TEST=m
-CONFIG_CRYPTO_ABLK_HELPER=m
+CONFIG_CRYPTO_ABLK_HELPER_X86=m
 CONFIG_CRYPTO_GLUE_HELPER_X86=m
 
 #
@@ -6230,7 +6147,6 @@ CONFIG_CRYPTO_ANSI_CPRNG=m
 CONFIG_CRYPTO_USER_API=m
 CONFIG_CRYPTO_USER_API_HASH=m
 CONFIG_CRYPTO_USER_API_SKCIPHER=m
-CONFIG_CRYPTO_HASH_INFO=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_DEV_PADLOCK=m
 CONFIG_CRYPTO_DEV_PADLOCK_AES=m
@@ -6248,7 +6164,6 @@ CONFIG_KVM_MMIO=y
 CONFIG_KVM_ASYNC_PF=y
 CONFIG_HAVE_KVM_MSI=y
 CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
-CONFIG_KVM_VFIO=y
 CONFIG_VIRTUALIZATION=y
 CONFIG_KVM=m
 CONFIG_KVM_INTEL=m
@@ -6271,6 +6186,7 @@ CONFIG_GENERIC_IOMAP=y
 CONFIG_GENERIC_IO=y
 CONFIG_PERCPU_RWSEM=y
 CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_CMPXCHG_LOCKREF=y
 CONFIG_CRC_CCITT=m
 CONFIG_CRC16=m
 CONFIG_CRC_T10DIF=m
@@ -6284,7 +6200,6 @@ CONFIG_CRC32_SLICEBY8=y
 CONFIG_CRC7=m
 CONFIG_LIBCRC32C=m
 CONFIG_CRC8=m
-# CONFIG_RANDOM32_SELFTEST is not set
 CONFIG_ZLIB_INFLATE=y
 CONFIG_ZLIB_DEFLATE=y
 CONFIG_LZO_COMPRESS=y
@@ -6318,7 +6233,6 @@ CONFIG_TEXTSEARCH_KMP=m
 CONFIG_TEXTSEARCH_BM=m
 CONFIG_TEXTSEARCH_FSM=m
 CONFIG_BTREE=y
-CONFIG_ASSOCIATIVE_ARRAY=y
 CONFIG_HAS_IOMEM=y
 CONFIG_HAS_IOPORT=y
 CONFIG_HAS_DMA=y
diff --git a/kernels/linux-libre-knock/criu-no-expert.patch b/kernels/linux-libre-knock/criu-no-expert.patch
index 9bbc02812..2124427e9 100644
--- a/kernels/linux-libre-knock/criu-no-expert.patch
+++ b/kernels/linux-libre-knock/criu-no-expert.patch
@@ -1,8 +1,8 @@
 diff --git a/init/Kconfig b/init/Kconfig
-index 4e5d96a..4b94ffe 100644
+index be8b7f5..7461760 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1078,7 +1078,7 @@ config DEBUG_BLK_CGROUP
+@@ -989,7 +989,7 @@ config DEBUG_BLK_CGROUP
  endif # CGROUPS
  
  config CHECKPOINT_RESTORE
@@ -11,3 +11,12 @@ index 4e5d96a..4b94ffe 100644
  	default n
  	help
  	  Enables additional kernel features in a sake of checkpoint/restore.
+@@ -1000,7 +1000,7 @@ config CHECKPOINT_RESTORE
+ 	  If unsure, say N here.
+ 
+ menuconfig NAMESPACES
+-	bool "Namespaces support" if EXPERT
++	bool "Namespaces support"
+ 	default !EXPERT
+ 	help
+ 	  Provides the way to make tasks work with different objects using
diff --git a/kernels/linux-libre-knock/i8042-fix-aliases.patch b/kernels/linux-libre-knock/i8042-fix-aliases.patch
deleted file mode 100644
index 961968c78..000000000
--- a/kernels/linux-libre-knock/i8042-fix-aliases.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-commit 5a420e61e39862c7c3356080eddb23dfe4ccadb7
-Author: Tom Gundersen <teg@jklm.no>
-Date:   Sun Jan 26 17:00:32 2014 +0100
-
-    Input: i8042 - fix PNP modaliases when both aux and kdb are enabled
-    
-    Commit 78551277e4 exposed the PNP modaliases for the i8042 module. However,
-    when both the aux and the kbd drivers are enabled the aux entries would
-    override the kdb ones.
-    
-    Refactor the device_id lists, and unconditionally attempt to load the driver
-    if either a kdb or aux devices is present.
-    
-    Signed-off-by: Tom Gundersen <teg@jklm.no>
-
-diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
-index 0ec9abb..dbc6958 100644
---- a/drivers/input/serio/i8042-x86ia64io.h
-+++ b/drivers/input/serio/i8042-x86ia64io.h
-@@ -747,25 +747,27 @@ static int i8042_pnp_aux_probe(struct pnp_dev *dev, const struct pnp_device_id *
- 	return 0;
- }
- 
--static struct pnp_device_id pnp_kbd_devids[] = {
--	{ .id = "PNP0300", .driver_data = 0 },
--	{ .id = "PNP0301", .driver_data = 0 },
--	{ .id = "PNP0302", .driver_data = 0 },
--	{ .id = "PNP0303", .driver_data = 0 },
--	{ .id = "PNP0304", .driver_data = 0 },
--	{ .id = "PNP0305", .driver_data = 0 },
--	{ .id = "PNP0306", .driver_data = 0 },
--	{ .id = "PNP0309", .driver_data = 0 },
--	{ .id = "PNP030a", .driver_data = 0 },
--	{ .id = "PNP030b", .driver_data = 0 },
--	{ .id = "PNP0320", .driver_data = 0 },
--	{ .id = "PNP0343", .driver_data = 0 },
--	{ .id = "PNP0344", .driver_data = 0 },
--	{ .id = "PNP0345", .driver_data = 0 },
-+#define KBD_DEVIDS \
-+	{ .id = "PNP0300", .driver_data = 0 }, \
-+	{ .id = "PNP0301", .driver_data = 0 }, \
-+	{ .id = "PNP0302", .driver_data = 0 }, \
-+	{ .id = "PNP0303", .driver_data = 0 }, \
-+	{ .id = "PNP0304", .driver_data = 0 }, \
-+	{ .id = "PNP0305", .driver_data = 0 }, \
-+	{ .id = "PNP0306", .driver_data = 0 }, \
-+	{ .id = "PNP0309", .driver_data = 0 }, \
-+	{ .id = "PNP030a", .driver_data = 0 }, \
-+	{ .id = "PNP030b", .driver_data = 0 }, \
-+	{ .id = "PNP0320", .driver_data = 0 }, \
-+	{ .id = "PNP0343", .driver_data = 0 }, \
-+	{ .id = "PNP0344", .driver_data = 0 }, \
-+	{ .id = "PNP0345", .driver_data = 0 }, \
- 	{ .id = "CPQA0D7", .driver_data = 0 },
-+
-+static struct pnp_device_id pnp_kbd_devids[] = {
-+	KBD_DEVIDS
- 	{ .id = "", },
- };
--MODULE_DEVICE_TABLE(pnp, pnp_kbd_devids);
- 
- static struct pnp_driver i8042_pnp_kbd_driver = {
- 	.name           = "i8042 kbd",
-@@ -773,21 +775,23 @@ static struct pnp_driver i8042_pnp_kbd_driver = {
- 	.probe          = i8042_pnp_kbd_probe,
- };
- 
--static struct pnp_device_id pnp_aux_devids[] = {
--	{ .id = "AUI0200", .driver_data = 0 },
--	{ .id = "FJC6000", .driver_data = 0 },
--	{ .id = "FJC6001", .driver_data = 0 },
--	{ .id = "PNP0f03", .driver_data = 0 },
--	{ .id = "PNP0f0b", .driver_data = 0 },
--	{ .id = "PNP0f0e", .driver_data = 0 },
--	{ .id = "PNP0f12", .driver_data = 0 },
--	{ .id = "PNP0f13", .driver_data = 0 },
--	{ .id = "PNP0f19", .driver_data = 0 },
--	{ .id = "PNP0f1c", .driver_data = 0 },
-+#define AUX_DEVIDS \
-+	{ .id = "AUI0200", .driver_data = 0 }, \
-+	{ .id = "FJC6000", .driver_data = 0 }, \
-+	{ .id = "FJC6001", .driver_data = 0 }, \
-+	{ .id = "PNP0f03", .driver_data = 0 }, \
-+	{ .id = "PNP0f0b", .driver_data = 0 }, \
-+	{ .id = "PNP0f0e", .driver_data = 0 }, \
-+	{ .id = "PNP0f12", .driver_data = 0 }, \
-+	{ .id = "PNP0f13", .driver_data = 0 }, \
-+	{ .id = "PNP0f19", .driver_data = 0 }, \
-+	{ .id = "PNP0f1c", .driver_data = 0 }, \
- 	{ .id = "SYN0801", .driver_data = 0 },
-+
-+static struct pnp_device_id pnp_aux_devids[] = {
-+	AUX_DEVIDS
- 	{ .id = "", },
- };
--MODULE_DEVICE_TABLE(pnp, pnp_aux_devids);
- 
- static struct pnp_driver i8042_pnp_aux_driver = {
- 	.name           = "i8042 aux",
-@@ -795,6 +799,13 @@ static struct pnp_driver i8042_pnp_aux_driver = {
- 	.probe          = i8042_pnp_aux_probe,
- };
- 
-+static struct pnp_device_id pnp_kdb_aux_devids[] = {
-+	KBD_DEVIDS
-+	AUX_DEVIDS
-+	{ .id = "", },
-+};
-+MODULE_DEVICE_TABLE(pnp, pnp_kdb_aux_devids);
-+
- static void i8042_pnp_exit(void)
- {
- 	if (i8042_pnp_kbd_registered) {
diff --git a/kernels/linux-libre-knock/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch b/kernels/linux-libre-knock/nfs-check-gssd-running-before-krb5i-auth.patch
index 87b54fc3e..be81fec76 100644
--- a/kernels/linux-libre-knock/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch
+++ b/kernels/linux-libre-knock/nfs-check-gssd-running-before-krb5i-auth.patch
@@ -1,8 +1,5 @@
-From 6aa23d76a7b549521a03b63b6d5b7880ea87eab7 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 14 Nov 2013 07:25:19 -0500
-Subject: [PATCH 3/6] nfs: check if gssd is running before attempting to use
- krb5i auth in SETCLIENTID call
+Bugzilla: N/A
+Upstream-status: queued in NFS git tree (for 3.13/3.14?)
 
 Currently, the client will attempt to use krb5i in the SETCLIENTID call
 even if rpc.gssd isn't running. When that fails, it'll then fall back to
@@ -17,13 +14,12 @@ fail at a later stage of the mount attempt.
 Signed-off-by: Jeff Layton <jlayton@redhat.com>
 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
 ---
- fs/nfs/nfs4client.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
+ fs/nfs/nfs4client.c |    7 ++++++-
+ 1 files changed, 6 insertions(+), 1 deletions(-)
 
-diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
-index b4a160a..c1b7a80 100644
---- a/fs/nfs/nfs4client.c
-+++ b/fs/nfs/nfs4client.c
+diff -up linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c
+--- linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig	2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c	2013-11-21 10:20:27.288286000 -0500
 @@ -10,6 +10,7 @@
  #include <linux/sunrpc/auth.h>
  #include <linux/sunrpc/xprt.h>
@@ -32,10 +28,10 @@ index b4a160a..c1b7a80 100644
  #include "internal.h"
  #include "callback.h"
  #include "delegation.h"
-@@ -370,7 +371,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp,
+@@ -206,7 +207,11 @@ struct nfs_client *nfs4_init_client(stru
+ 	if (clp->cl_minorversion != 0)
  		__set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags);
  	__set_bit(NFS_CS_DISCRTRY, &clp->cl_flags);
- 	__set_bit(NFS_CS_NO_RETRANS_TIMEOUT, &clp->cl_flags);
 -	error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I);
 +
 +	error = -EINVAL;
@@ -45,6 +41,8 @@ index b4a160a..c1b7a80 100644
  	if (error == -EINVAL)
  		error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX);
  	if (error < 0)
--- 
-1.8.5.3
 
+_______________________________________________
+kernel mailing list
+kernel@lists.fedoraproject.org
+https://admin.fedoraproject.org/mailman/listinfo/kernel
diff --git a/kernels/linux-libre-knock/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch b/kernels/linux-libre-knock/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch
index 75505c30d..ed03f34dd 100644
--- a/kernels/linux-libre-knock/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch
+++ b/kernels/linux-libre-knock/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch
@@ -1,14 +1,10 @@
-From 23e66ba97127ff3b064d4c6c5138aa34eafc492f Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Mon, 9 Dec 2013 09:38:00 -0500
-Subject: [PATCH 6/6] rpc_pipe: fix cleanup of dummy gssd directory when
- notification fails
+Bugzilla: 1037793
+Upstream-status: submitted for 3.14
 
 Currently, it could leak dentry references in some cases. Make sure
 we clean up properly.
 
 Signed-off-by: Jeff Layton <jlayton@redhat.com>
-Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
 ---
  net/sunrpc/rpc_pipe.c | 14 +++++++++++++-
  1 file changed, 13 insertions(+), 1 deletion(-)
@@ -46,5 +42,9 @@ index 5d973b2..b185548 100644
  					   RPC_PIPEFS_UMOUNT,
  					   sb);
 -- 
-1.8.5.3
+1.8.4.2
 
+--
+To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff --git a/kernels/linux-libre-knock/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch b/kernels/linux-libre-knock/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch
index 5f2c3dae8..e4b1a255f 100644
--- a/kernels/linux-libre-knock/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch
+++ b/kernels/linux-libre-knock/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch
@@ -1,15 +1,11 @@
-From 3396f92f8be606ea485b0a82d4e7749a448b013b Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 5 Dec 2013 07:33:49 -0500
-Subject: [PATCH 4/6] rpc_pipe: remove the clntXX dir if creating the pipe
- fails
+Bugzilla: 1037793
+Upstream-status: submitted for 3.14
 
 In the event that we create the gssd/clntXX dir, but the pipe creation
 subsequently fails, then we should remove the clntXX dir before
 returning.
 
 Signed-off-by: Jeff Layton <jlayton@redhat.com>
-Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
 ---
  net/sunrpc/rpc_pipe.c | 2 ++
  1 file changed, 2 insertions(+)
@@ -28,5 +24,9 @@ index 5cd7ad1..0b74c61 100644
  	dput(clnt_dentry);
  	dput(gssd_dentry);
 -- 
-1.8.5.3
+1.8.4.2
 
+--
+To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff --git a/kernels/linux-libre-knock/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch b/kernels/linux-libre-knock/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch
index 8ef6fe25c..dd3b5ba2f 100644
--- a/kernels/linux-libre-knock/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch
+++ b/kernels/linux-libre-knock/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch
@@ -1,7 +1,5 @@
-From e2f0c83a9de331d9352185ca3642616c13127539 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 5 Dec 2013 07:34:44 -0500
-Subject: [PATCH 5/6] sunrpc: add an "info" file for the dummy gssd pipe
+Bugzilla: 1037793
+Upstream-status: submitted for 3.14
 
 rpc.gssd expects to see an "info" file in each clntXX dir. Since adding
 the dummy gssd pipe, users that run rpc.gssd see a lot of these messages
@@ -13,7 +11,6 @@ spamming the logs:
 Add a dummy gssd/clntXX/info file to help silence these messages.
 
 Signed-off-by: Jeff Layton <jlayton@redhat.com>
-Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
 ---
  net/sunrpc/rpc_pipe.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++-
  1 file changed, 49 insertions(+), 1 deletion(-)
@@ -96,5 +93,4 @@ index 0b74c61..5d973b2 100644
  	dput(clnt_dentry);
  	dput(gssd_dentry);
 -- 
-1.8.5.3
-
+1.8.4.2
diff --git a/kernels/linux-libre-knock/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-knock/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
index 2d398315e..805498a70 100644
--- a/kernels/linux-libre-knock/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
+++ b/kernels/linux-libre-knock/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
@@ -1,7 +1,5 @@
-From 4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 14 Nov 2013 07:25:17 -0500
-Subject: [PATCH 1/6] sunrpc: create a new dummy pipe for gssd to hold open
+Bugzilla: N/A
+Upstream-status: queued in NFS git tree (for 3.13/3.14?)
 
 rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows
 up under rpc_pipefs. That behavior gives us a reliable mechanism to tell
@@ -17,17 +15,16 @@ it will just return -EINVAL.
 Signed-off-by: Jeff Layton <jlayton@redhat.com>
 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
 ---
- include/linux/sunrpc/rpc_pipe_fs.h |  3 +-
- net/sunrpc/netns.h                 |  1 +
- net/sunrpc/rpc_pipe.c              | 93 ++++++++++++++++++++++++++++++++++++--
- net/sunrpc/sunrpc_syms.c           |  8 +++-
+ include/linux/sunrpc/rpc_pipe_fs.h |    3 +-
+ net/sunrpc/netns.h                 |    1 +
+ net/sunrpc/rpc_pipe.c              |   93 ++++++++++++++++++++++++++++++++++-
+ net/sunrpc/sunrpc_syms.c           |    8 +++-
  4 files changed, 100 insertions(+), 5 deletions(-)
 
-diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
-index a353e03..85f1342 100644
---- a/include/linux/sunrpc/rpc_pipe_fs.h
-+++ b/include/linux/sunrpc/rpc_pipe_fs.h
-@@ -84,7 +84,8 @@ enum {
+diff -up linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h
+--- linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig	2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h	2013-11-21 10:11:17.893026000 -0500
+@@ -64,7 +64,8 @@ enum {
  
  extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb,
  				      const unsigned char *dir_name);
@@ -37,10 +34,9 @@ index a353e03..85f1342 100644
  extern struct super_block *rpc_get_sb_net(const struct net *net);
  extern void rpc_put_sb_net(const struct net *net);
  
-diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h
-index 779742c..8a8e841 100644
---- a/net/sunrpc/netns.h
-+++ b/net/sunrpc/netns.h
+diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h
+--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig	2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h	2013-11-21 10:11:17.897029000 -0500
 @@ -14,6 +14,7 @@ struct sunrpc_net {
  	struct cache_detail *rsi_cache;
  
@@ -49,10 +45,9 @@ index 779742c..8a8e841 100644
  	struct mutex pipefs_sb_lock;
  
  	struct list_head all_clients;
-diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
-index bf04b30..c23458b 100644
---- a/net/sunrpc/rpc_pipe.c
-+++ b/net/sunrpc/rpc_pipe.c
+diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c
+--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig	2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c	2013-11-21 10:11:17.903026000 -0500
 @@ -38,7 +38,7 @@
  #define NET_NAME(net)	((net == &init_net) ? " (init_net)" : "")
  
@@ -62,7 +57,7 @@ index bf04b30..c23458b 100644
  
  static struct kmem_cache *rpc_inode_cachep __read_mostly;
  
-@@ -1159,6 +1159,7 @@ enum {
+@@ -1019,6 +1019,7 @@ enum {
  	RPCAUTH_nfsd4_cb,
  	RPCAUTH_cache,
  	RPCAUTH_nfsd,
@@ -70,7 +65,7 @@ index bf04b30..c23458b 100644
  	RPCAUTH_RootEOF
  };
  
-@@ -1195,6 +1196,10 @@ static const struct rpc_filelist files[] = {
+@@ -1055,6 +1056,10 @@ static const struct rpc_filelist files[]
  		.name = "nfsd",
  		.mode = S_IFDIR | S_IRUGO | S_IXUGO,
  	},
@@ -81,7 +76,7 @@ index bf04b30..c23458b 100644
  };
  
  /*
-@@ -1208,13 +1213,25 @@ struct dentry *rpc_d_lookup_sb(const struct super_block *sb,
+@@ -1068,13 +1073,25 @@ struct dentry *rpc_d_lookup_sb(const str
  }
  EXPORT_SYMBOL_GPL(rpc_d_lookup_sb);
  
@@ -108,7 +103,7 @@ index bf04b30..c23458b 100644
  }
  
  /*
-@@ -1244,11 +1261,73 @@ void rpc_put_sb_net(const struct net *net)
+@@ -1104,11 +1121,73 @@ void rpc_put_sb_net(const struct net *ne
  }
  EXPORT_SYMBOL_GPL(rpc_put_sb_net);
  
@@ -183,7 +178,7 @@ index bf04b30..c23458b 100644
  	struct net *net = data;
  	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
  	int err;
-@@ -1266,6 +1345,13 @@ rpc_fill_super(struct super_block *sb, void *data, int silent)
+@@ -1126,6 +1205,13 @@ rpc_fill_super(struct super_block *sb, v
  		return -ENOMEM;
  	if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL))
  		return -ENOMEM;
@@ -197,7 +192,7 @@ index bf04b30..c23458b 100644
  	dprintk("RPC:       sending pipefs MOUNT notification for net %p%s\n",
  		net, NET_NAME(net));
  	mutex_lock(&sn->pipefs_sb_lock);
-@@ -1280,6 +1366,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent)
+@@ -1140,6 +1226,7 @@ rpc_fill_super(struct super_block *sb, v
  	return 0;
  
  err_depopulate:
@@ -205,11 +200,10 @@ index bf04b30..c23458b 100644
  	blocking_notifier_call_chain(&rpc_pipefs_notifier_list,
  					   RPC_PIPEFS_UMOUNT,
  					   sb);
-diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c
-index 3d6498a..cd30120 100644
---- a/net/sunrpc/sunrpc_syms.c
-+++ b/net/sunrpc/sunrpc_syms.c
-@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(struct net *net)
+diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c
+--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig	2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c	2013-11-21 10:11:17.908026000 -0500
+@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(st
  	if (err)
  		goto err_unixgid;
  
@@ -236,6 +230,4 @@ index 3d6498a..cd30120 100644
  	unix_gid_cache_destroy(net);
  	ip_map_cache_destroy(net);
  	rpc_proc_exit(net);
--- 
-1.8.5.3
 
diff --git a/kernels/linux-libre-knock/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch b/kernels/linux-libre-knock/sunrpc-replace-gssd_running-with-more-reliable-check.patch
index 19e04da5d..8cd5c0090 100644
--- a/kernels/linux-libre-knock/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch
+++ b/kernels/linux-libre-knock/sunrpc-replace-gssd_running-with-more-reliable-check.patch
@@ -1,8 +1,5 @@
-From 89f842435c630f8426f414e6030bc2ffea0d6f81 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 14 Nov 2013 07:25:18 -0500
-Subject: [PATCH 2/6] sunrpc: replace sunrpc_net->gssd_running flag with a more
- reliable check
+Bugzilla: N/A
+Upstream-status: queued in NFS git tree (for 3.13/3.14?)
 
 Now that we have a more reliable method to tell if gssd is running, we
 can replace the sn->gssd_running flag with a function that will query to
@@ -17,10 +14,12 @@ extraneous newline from the message.
 Signed-off-by: Jeff Layton <jlayton@redhat.com>
 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
 ---
- include/linux/sunrpc/rpc_pipe_fs.h |  2 ++
- net/sunrpc/auth_gss/auth_gss.c     | 17 +++++++----------
- net/sunrpc/netns.h                 |  2 --
- net/sunrpc/rpc_pipe.c              | 14 ++++++++++----
+ Fixed up to apply to 3.12.1 by Josh Boyer <jwboyer@fedoraproject.org>
+
+ include/linux/sunrpc/rpc_pipe_fs.h |    2 ++
+ net/sunrpc/auth_gss/auth_gss.c     |   17 +++++++----------
+ net/sunrpc/netns.h                 |    2 --
+ net/sunrpc/rpc_pipe.c              |   14 ++++++++++----
  4 files changed, 19 insertions(+), 16 deletions(-)
 
 diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
@@ -36,10 +35,10 @@ index 85f1342..7f490be 100644
  #endif
  #endif
 diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
-index 42fdfc6..0a2aee0 100644
+index 0846566..1ada878 100644
 --- a/net/sunrpc/auth_gss/auth_gss.c
 +++ b/net/sunrpc/auth_gss/auth_gss.c
-@@ -536,8 +536,7 @@ static void warn_gssd(void)
+@@ -517,8 +517,7 @@ static void warn_gssd(void)
  	unsigned long now = jiffies;
  
  	if (time_after(now, ratelimit)) {
@@ -49,7 +48,7 @@ index 42fdfc6..0a2aee0 100644
  		ratelimit = now + 15*HZ;
  	}
  }
-@@ -600,7 +599,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
+@@ -581,7 +580,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
  	struct rpc_pipe *pipe;
  	struct rpc_cred *cred = &gss_cred->gc_base;
  	struct gss_upcall_msg *gss_msg;
@@ -57,7 +56,7 @@ index 42fdfc6..0a2aee0 100644
  	DEFINE_WAIT(wait);
  	int err;
  
-@@ -608,17 +606,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
+@@ -589,17 +587,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
  		__func__, from_kuid(&init_user_ns, cred->cr_uid));
  retry:
  	err = 0;
@@ -95,7 +94,7 @@ index 8a8e841..94e506f 100644
  
  extern int sunrpc_net_id;
 diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
-index c23458b..5cd7ad1 100644
+index 40aef18..ad444f3 100644
 --- a/net/sunrpc/rpc_pipe.c
 +++ b/net/sunrpc/rpc_pipe.c
 @@ -216,14 +216,11 @@ rpc_destroy_inode(struct inode *inode)
@@ -113,7 +112,7 @@ index c23458b..5cd7ad1 100644
  	pipe = RPC_I(inode)->pipe;
  	if (pipe == NULL)
  		goto out;
-@@ -1222,7 +1219,6 @@ int rpc_pipefs_init_net(struct net *net)
+@@ -1231,7 +1228,6 @@ int rpc_pipefs_init_net(struct net *net)
  		return PTR_ERR(sn->gssd_dummy);
  
  	mutex_init(&sn->pipefs_sb_lock);
@@ -121,7 +120,7 @@ index c23458b..5cd7ad1 100644
  	sn->pipe_version = -1;
  	return 0;
  }
-@@ -1376,6 +1372,16 @@ err_depopulate:
+@@ -1385,6 +1381,16 @@ err_depopulate:
  	return err;
  }
  
@@ -138,6 +137,3 @@ index c23458b..5cd7ad1 100644
  static struct dentry *
  rpc_mount(struct file_system_type *fs_type,
  		int flags, const char *dev_name, void *data)
--- 
-1.8.5.3
-
diff --git a/kernels/linux-libre-lts-knock/PKGBUILD b/kernels/linux-libre-lts-knock/PKGBUILD
index bd7334688..83213341b 100644
--- a/kernels/linux-libre-lts-knock/PKGBUILD
+++ b/kernels/linux-libre-lts-knock/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206183 2014-02-21 10:15:31Z bpiotrowski $
+# $Id: PKGBUILD 206261 2014-02-23 10:06:10Z andyrtr $
 # Maintainer: Tobias Powalowski <tpowa@archlinux.org>
 # Maintainer: Thomas Baechler <thomas@archlinux.org>
 # Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -10,11 +10,11 @@
 pkgbase=linux-libre-lts-knock # Build stock -LIBRE-LTS-KNOCK kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
 _basekernel=3.10
-_sublevel=31
+_sublevel=32
 _knockpatchver=${_basekernel}
 pkgver=${_basekernel}.${_sublevel}
 pkgrel=1
-_lxopkgver=${_basekernel}.30 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.31 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="http://linux-libre.fsfla.org/"
 license=('GPL2')
@@ -34,7 +34,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         'criu-no-expert.patch'
         "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
 md5sums=('d562fd52580a3b6b18b6eeb5921d1d5c'
-         '36a430003252c2f5e7a6f8e3365871ca'
+         'e344eea547efba42562dd8ff16593116'
          '26380d6f05471ef8e065a77d87588009'
          'f22e0a6a7634902f5a00eb25ad677c65'
          '6550ba0e23b7729cd9db2475bde8fac2'
@@ -44,7 +44,7 @@ md5sums=('d562fd52580a3b6b18b6eeb5921d1d5c'
          '04b21c79df0a952c22d681dd4f4562df'
          'f3def2cefdcbb954c21d8505d23cc83c'
          'd50c1ac47394e9aec637002ef3392bd1'
-         '8e0bb5cbd34b0e7391049eba25d135be')
+         'bfac14a0d1a3a0b0fbf09ba3a0ff6e88')
 if [ "$CARCH" != "mips64el" ]; then
     # don't use the Loongson-specific patches on non-mips64el arches.
     unset source[${#source[@]}-1]
diff --git a/kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch
deleted file mode 100644
index c9ee40400..000000000
--- a/kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001
-From: Steven Noonan <steven@uplinklabs.net>
-Date: Thu, 13 Feb 2014 07:01:07 +0000
-Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
-
-I started noticing problems with KVM guest destruction on Linux
-3.12+, where guest memory wasn't being cleaned up. I bisected it
-down to the commit introducing the new 'asm goto'-based atomics,
-and found this quirk was later applied to those.
-
-Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the
-known 'asm goto' bug) I am still getting some kind of
-miscompilation. If I enable the asm_volatile_goto quirk for my
-compiler, KVM guests are destroyed correctly and the memory is
-cleaned up.
-
-So make the quirk unconditional for now, until bug is found
-and fixed.
-
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Steven Noonan <steven@uplinklabs.net>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt <rostedt@goodmis.org>
-Cc: Jakub Jelinek <jakub@redhat.com>
-Cc: Richard Henderson <rth@twiddle.net>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Oleg Nesterov <oleg@redhat.com>
-Cc: <stable@vger.kernel.org>
-Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net
-Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
-diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..2507fd2 100644
---- a/include/linux/compiler-gcc4.h
-+++ b/include/linux/compiler-gcc4.h
-@@ -75,11 +75,7 @@
-  *
-  * (asm goto is automatically volatile - the naming reflects this.)
-  */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...)	do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
- 
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
---
-cgit v0.9.2
diff --git a/kernels/linux-libre-pae/PKGBUILD b/kernels/linux-libre-pae/PKGBUILD
index b34766072..d672e376a 100644
--- a/kernels/linux-libre-pae/PKGBUILD
+++ b/kernels/linux-libre-pae/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $
+# $Id: PKGBUILD 206252 2014-02-22 22:54:25Z thomas $
 # Contributor: Tobias Powalowski <tpowa@archlinux.org>
 # Contributor: Thomas Baechler <thomas@archlinux.org>
 # Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -6,7 +6,7 @@
 pkgbase=linux-libre-pae     # Build stock -LIBRE-PAE kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
 _basekernel=3.13
-pkgver=${_basekernel}.4
+pkgver=${_basekernel}.5
 pkgrel=1
 arch=('i686')
 url="http://linux-libre.fsfla.org/"
@@ -30,10 +30,9 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch'
         '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch'
         '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch'
-        '0001-quirk-asm_volatile_goto.patch'
         'i8042-fix-aliases.patch')
 md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
-         '3659d30b1d06dd5b7874ae04c946863b'
+         '6e59a1e4b891ca5fa8b03d488fa64e04'
          '904835a7af0bc5e88007a94cad7c1d9c'
          'f302c931bd85309da9d9792b4cc96467'
          '44260d2cb1a8b51c119d2ce1f83e457a'
@@ -47,7 +46,6 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
          'a724515b350b29c53f20e631c6cf9a14'
          '1ae4ec847f41fa1b6d488f956e94c893'
          'e6fa278c092ad83780e2dd0568e24ca6'
-         '6baa312bc166681f48e972824f3f6649'
          '93dbf73af819b77f03453a9c6de2bb47')
 
 _kernelname=${pkgbase#linux-libre}
@@ -99,9 +97,6 @@ prepare() {
 
   # Fix i8042 aliases
   patch -p1 -i "${srcdir}/i8042-fix-aliases.patch"
-  # Fix compile issues
-  # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859
-  patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch"
 
   cat "${srcdir}/config" > ./.config # simpler
 
diff --git a/kernels/linux-libre-pae/linux-libre-pae.install b/kernels/linux-libre-pae/linux-libre-pae.install
index 079d1b7ab..6241e6ea2 100644
--- a/kernels/linux-libre-pae/linux-libre-pae.install
+++ b/kernels/linux-libre-pae/linux-libre-pae.install
@@ -26,6 +26,12 @@ post_upgrade() {
     echo ">>> Generating initial ramdisk, using mkinitcpio.  Please wait..."
     mkinitcpio -p linux-libre${KERNEL_NAME}
   fi
+
+  if [ $(vercmp $2 3.13) -lt 0 ]; then
+    echo ">>> WARNING: AT keyboard support is no longer built into the kernel."
+    echo ">>>          In order to use your keyboard during early init, you MUST"
+    echo ">>>          include the 'keyboard' hook in your mkinitcpio.conf."
+  fi
 }
 
 post_remove() {
diff --git a/kernels/linux-libre-rt/PKGBUILD b/kernels/linux-libre-rt/PKGBUILD
index 02863ff53..edb795663 100644
--- a/kernels/linux-libre-rt/PKGBUILD
+++ b/kernels/linux-libre-rt/PKGBUILD
@@ -9,12 +9,12 @@
 pkgbase=linux-libre-rt      # Build stock -LIBRE-RT kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
 _basekernel=3.12
-_releasever=11
-_rtpatchver=rt17
+_releasever=12
+_rtpatchver=rt19
 _pkgver=${_basekernel}.${_releasever}
 pkgver=${_basekernel}.${_releasever}_${_rtpatchver}
 pkgrel=1
-_lxopkgver=${_basekernel}.11 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.12 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="http://linux-libre.fsfla.org/"
 license=('GPL2')
@@ -40,8 +40,8 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch'
         "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
 md5sums=('254f59707b6676b59ce5ca5c3c698319'
-         '8d78b7fe81e226b022b331e8a1da74b7'
-         '5c46965799741357e7a48c2c32735929'
+         'a763ffc196d8ffa49c676a43448d75a4'
+         '97e5652f6039a48544897129c8adaf98'
          'e40789b1e59136235827a3b3bf40c121'
          'bf542c4038d3e7d0da4c92bac0466198'
          '82496e68851d1960543a07ba51cdb44a'
@@ -56,7 +56,7 @@ md5sums=('254f59707b6676b59ce5ca5c3c698319'
          'cec0bb8981936eab2943b2009b7a6fff'
          '88d9cddf9e0050a76ec4674f264fb2a1'
          'cb9016630212ef07b168892fbcfd4e5d'
-         '5a595801584a112426ccc0fe3753aa06')
+         'a9a0ee57377ed6e55957f9671eead03a')
 if [ "$CARCH" != "mips64el" ]; then
     # don't use the Loongson-specific patches on non-mips64el arches.
     unset source[${#source[@]}-1]
diff --git a/kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch
deleted file mode 100644
index c9ee40400..000000000
--- a/kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001
-From: Steven Noonan <steven@uplinklabs.net>
-Date: Thu, 13 Feb 2014 07:01:07 +0000
-Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
-
-I started noticing problems with KVM guest destruction on Linux
-3.12+, where guest memory wasn't being cleaned up. I bisected it
-down to the commit introducing the new 'asm goto'-based atomics,
-and found this quirk was later applied to those.
-
-Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the
-known 'asm goto' bug) I am still getting some kind of
-miscompilation. If I enable the asm_volatile_goto quirk for my
-compiler, KVM guests are destroyed correctly and the memory is
-cleaned up.
-
-So make the quirk unconditional for now, until bug is found
-and fixed.
-
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Steven Noonan <steven@uplinklabs.net>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt <rostedt@goodmis.org>
-Cc: Jakub Jelinek <jakub@redhat.com>
-Cc: Richard Henderson <rth@twiddle.net>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Oleg Nesterov <oleg@redhat.com>
-Cc: <stable@vger.kernel.org>
-Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net
-Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
-diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..2507fd2 100644
---- a/include/linux/compiler-gcc4.h
-+++ b/include/linux/compiler-gcc4.h
-@@ -75,11 +75,7 @@
-  *
-  * (asm goto is automatically volatile - the naming reflects this.)
-  */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...)	do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
- 
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
---
-cgit v0.9.2
diff --git a/kernels/linux-libre-xen/PKGBUILD b/kernels/linux-libre-xen/PKGBUILD
index 82edc6e05..557eedd2a 100644
--- a/kernels/linux-libre-xen/PKGBUILD
+++ b/kernels/linux-libre-xen/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $
+# $Id: PKGBUILD 206252 2014-02-22 22:54:25Z thomas $
 # Contributor: Tobias Powalowski <tpowa@archlinux.org>
 # Contributor: Thomas Baechler <thomas@archlinux.org>
 # Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -6,7 +6,7 @@
 pkgbase=linux-libre-xen     # Build stock -LIBRE-XEN kernel
 #pkgbase=linux-libre-custom # Build kernel with a different name
 _basekernel=3.13
-pkgver=${_basekernel}.4
+pkgver=${_basekernel}.5
 pkgrel=1
 arch=('i686')
 url="http://linux-libre.fsfla.org/"
@@ -30,10 +30,9 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch'
         '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch'
         '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch'
-        '0001-quirk-asm_volatile_goto.patch'
         'i8042-fix-aliases.patch')
 md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
-         '3659d30b1d06dd5b7874ae04c946863b'
+         '6e59a1e4b891ca5fa8b03d488fa64e04'
          'be059d4c29dfd9ac55183133938e9242'
          'b7c2805bb287a644c0a303bf7721e534'
          '44260d2cb1a8b51c119d2ce1f83e457a'
@@ -47,7 +46,6 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
          'a724515b350b29c53f20e631c6cf9a14'
          '1ae4ec847f41fa1b6d488f956e94c893'
          'e6fa278c092ad83780e2dd0568e24ca6'
-         '6baa312bc166681f48e972824f3f6649'
          '93dbf73af819b77f03453a9c6de2bb47')
 
 _kernelname=${pkgbase#linux-libre}
@@ -99,9 +97,6 @@ prepare() {
 
   # Fix i8042 aliases
   patch -p1 -i "${srcdir}/i8042-fix-aliases.patch"
-  # Fix compile issues
-  # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859
-  patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch"
 
   cat "${srcdir}/config" > ./.config # simpler
 
diff --git a/kernels/linux-libre-xen/linux-libre-xen.install b/kernels/linux-libre-xen/linux-libre-xen.install
index 0683dce3d..e8dc463b6 100644
--- a/kernels/linux-libre-xen/linux-libre-xen.install
+++ b/kernels/linux-libre-xen/linux-libre-xen.install
@@ -26,6 +26,12 @@ post_upgrade() {
     echo ">>> Generating initial ramdisk, using mkinitcpio.  Please wait..."
     mkinitcpio -p linux-libre${KERNEL_NAME}
   fi
+
+  if [ $(vercmp $2 3.13) -lt 0 ]; then
+    echo ">>> WARNING: AT keyboard support is no longer built into the kernel."
+    echo ">>>          In order to use your keyboard during early init, you MUST"
+    echo ">>>          include the 'keyboard' hook in your mkinitcpio.conf."
+  fi
 }
 
 post_remove() {
diff --git a/kernels/xen/ChangeLog b/kernels/xen/ChangeLog
index 63c33c223..8f9ef80fe 100644
--- a/kernels/xen/ChangeLog
+++ b/kernels/xen/ChangeLog
@@ -1,3 +1,10 @@
+2014-02-19 David Sutton <kantras - gmail.com>
+	* 4.3.2-1:
+	New upstream release
+	Removed unnecessary security patches (since now integrated into source)
+	Attempts to pull down additional required source file to ensure not corrupted
+	Added missing dependancy libseccomp
+
 2013-11-25 David Sutton <kantras - gmail.com>
 	* 4.3.1-2:
 	Changed bluez dependancy from bluez4 to bluez
diff --git a/kernels/xen/PKGBUILD b/kernels/xen/PKGBUILD
index 6ff16c8cd..e19b5c06f 100644
--- a/kernels/xen/PKGBUILD
+++ b/kernels/xen/PKGBUILD
@@ -5,8 +5,8 @@
 # Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
 
 pkgname=xen
-pkgver=4.3.1
-pkgrel=2
+pkgver=4.3.2
+pkgrel=1
 pkgdesc="Virtual Machine Hypervisor & Tools (Parabola rebranded)"
 arch=(i686 x86_64)
 url="http://www.xenproject.org/"
@@ -21,6 +21,15 @@ options=(!buildflags !strip)
 install=$pkgname.install
 changelog=ChangeLog
 source=(http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.gz
+    http://xenbits.xen.org/xen-extfiles/ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz
+    http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz
+    http://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz
+    http://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz
+    http://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2
+    http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz
+    http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz
+    http://xenbits.xen.org/xen-extfiles/tpm_emulator-0.7.4.tar.gz
+    http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2
     xen.install
     09_xen
     bios_workaround.patch
@@ -38,11 +47,27 @@ source=(http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
     conf.d-xenstored
     tmpfiles.d-$pkgname.conf
     grub.conf
-    xsa73-4.3-unstable.patch
-    xsa75-4.3-unstable.patch
-    xsa78.patch
     $pkgname.conf)
-sha256sums=('3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd'
+noextract=(lwip-1.3.0.tar.gz
+    zlib-1.2.3.tar.gz
+    newlib-1.16.0.tar.gz
+    pciutils-2.2.9.tar.bz2
+    polarssl-1.1.4-gpl.tgz
+    grub-0.97.tar.gz
+    tpm_emulator-0.7.4.tar.gz
+    gmp-4.3.2.tar.bz2
+    ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz)
+
+sha256sums=('17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69'
+            '632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c'
+            '772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f'
+            '1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e'
+            'db426394965c48c1d29023e1cc6d965ea6b9a9035d8a849be2750ca4659a3d07'
+            'f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24'
+            '2d29fd04a0d0ba29dae6bd29fb418944c08d3916665dcca74afb297ef37584b6'
+            '4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b'
+            '4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459'
+            '936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775'
             '0f6ebf3437974d1708c9e74005b976479ab8ff28adec394208153bf404b411f8'
             '74a957d783458b7481c7a09c3ed94ec2e07ee7943e4b7fa33d3684b8d585139e'
             '914cc983da1fe89ff125d751c979b4968f8952da21b19b900fcd4e6b33e14552'
@@ -60,11 +85,17 @@ sha256sums=('3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd'
             '0e1ad0a6a72b0c22025a556c23235a8f663427f1e769c45fe39d1c525bf82eff'
             '40e0760810a49f925f2ae9f986940b40eba477dc6d3e83a78baaae096513b3cf'
             '78398fb27edfedb432b5f4e4bf87b5dbee41f180c623d29f758234a49d8bf4b4'
-            '18f62049d714c3460df1f698663e42d0f8a16b9b4f62e66b40fdea635a348be5'
-            '4bac312d49a4a88633af652c09128ba1bba2ca97e2e56e5fe7da6e4671c56ccb'
-            'bb13b280bb456c1d7c8f468e23e336e6b2d06eb364c6823f1b426fcfe09f6ed3'
             '50a9b7fd19e8beb1dea09755f07318f36be0b7ec53d3c9e74f3266a63e682c0c')
-sha512sums=('f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf37835528aca33a0f9e04c82d5f8c4ba79c03a1780d2b72cbb90cc26f77275'
+sha512sums=('ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302'
+            'c5cb1cdff40d2d71fd3e692a9d0efadf2aa17290daf5195391a1c81ddd9dfc913a8e44d5be2b12be85b2a5565ea31631c99c7053564f2fb2225c80ea0bb0e4a4'
+            '1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d'
+            '021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e'
+            '40eb96bbc6736a16b6399e0cdb73e853d0d90b685c967e77899183446664d64570277a633fdafdefc351b46ce210a99115769a1d9f47ac749d7e82837d4d1ac3'
+            '2b3d98d027e46d8c08037366dde6f0781ca03c610ef2b380984639e4ef39899ed8d8b8e4cd9c9dc54df101279b95879bd66bfd4d04ad07fef41e847ea7ae32b5'
+            '88da614e4d3f4409c4fd3bb3e44c7587ba051e3fed4e33d526069a67e8180212e1ea22da984656f50e290049f60ddca65383e5983c0f8884f648d71f698303ad'
+            'c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb'
+            '4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35'
+            '2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf'
             '78bfb62166ffcf136e12985809b3f412e0145a7f17388a559071f644970ccdfd2a02fe9aa4a180069b923c2e4354b061a4057096de856497f10d9cac57eae4b3'
             '8667a97e10f09c5ce5ba604e38a073b7d7944f4d24c5c78a7235443b65a8cc7b6e7de90e40aa335bb17fda0858d6b517ba1e8b5a0bd6bba4ad75ad44b73f6c9c'
             '7118bf02ff5338e70b3f27f8ea390cd05ea37a4ceabb4adc9d32fc57329e35e98330f0e865261dd4e670436e1a725832598888d44b1e2b17b351f59318860878'
@@ -82,9 +113,6 @@ sha512sums=('f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf
             'c996d48737ad31528b0b2b1379e3ebae948d290de9ddc71f33c7c56f0634466bc7afb2eab847e851c19e3c13bb99468a0778d908606486959a40ff3272189bd3'
             '53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef'
             '04000a802e96c11929cb94c9a2bcafbb4307620192388441d979ea85836c3395954dea53d449c1cc25c3a0a30c49d318b8de59a053c6254f5a81e87864648a9c'
-            '78c94d3e473abaf857213754c7f0ef1a0dd06354cd137d1567a48d92b4106cbefd112f1dcecc90bc1f8c75d76a0e8a3425408f777044de8ec754bcda32bb7f97'
-            '4fb6f678dccc9f23f2c3b27617718bc6c0a87505f7483f4d07563b7b2cc37d57d3b5ef658ee5867258916c5c2695a5086cc7790196aed85357c6d3168c06749b'
-            'b55cb25f88acc348e6777063f241269730f06482fe430706ac500cbd7127bc7c70188f84a282dc8a0369cc838999d47a09afc33fc9f24b5c214bdf59352c414c'
             'ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b')
 
 prepare() {
@@ -101,14 +129,19 @@ prepare() {
     # Uncomment line below if you want to enable ATI Passthrough support (some reported successes)
     #patch -Np1 -i ../ati-passthrough.patch
 
-    # Add Security Patches
-    patch -Np1 -i ../xsa73-4.3-unstable.patch
-    patch -Np1 -i ../xsa75-4.3-unstable.patch
-    patch -Np1 -i ../xsa78.patch
-
     # Fix Install Paths
     sed -i 's:/sbin:/bin:' config/StdGNU.mk
 
+    # Copy supporting tarballs into place
+    cp ../lwip-1.3.0.tar.gz stubdom/
+    cp ../zlib-1.2.3.tar.gz stubdom/
+    cp ../newlib-1.16.0.tar.gz stubdom/
+    cp ../pciutils-2.2.9.tar.bz2 stubdom/
+    cp ../polarssl-1.1.4-gpl.tgz stubdom/
+    cp ../grub-0.97.tar.gz stubdom/
+    cp ../tpm_emulator-0.7.4.tar.gz stubdom/
+    cp ../gmp-4.3.2.tar.bz2 stubdom/
+
 }
 
 build() {
@@ -157,10 +190,8 @@ package() {
     fi
 
     # Compress and move syms file to a different directory
-    if [ "$CARCH" == "x86_64" ]; then
-      gzip boot/$pkgname-syms-$pkgver
-      mv boot/$pkgname-syms-$pkgver.gz usr/share/xen
-    fi
+    gzip boot/$pkgname-syms-$pkgver
+    mv boot/$pkgname-syms-$pkgver.gz usr/share/xen
 
     ##### Kill unwanted stuff #####
     # hypervisor symlinks
diff --git a/kernels/xen/xsa73-4.3-unstable.patch b/kernels/xen/xsa73-4.3-unstable.patch
deleted file mode 100644
index aa36b40a1..000000000
--- a/kernels/xen/xsa73-4.3-unstable.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From 068bfa76bbd52430e65853375e1d5db99d193e2f Mon Sep 17 00:00:00 2001
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Date: Thu, 31 Oct 2013 20:49:00 +0000
-Subject: [PATCH] gnttab: correct locking order reversal
-
-Coverity ID 1087189
-
-Correct a lock order reversal between a domains page allocation and grant
-table locks.
-
-This is CVE-2013-4494 / XSA-73.
-
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
-Consolidate error handling.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Keir Fraser <keir@xen.org>
-Tested-by: Matthew Daley <mattjd@gmail.com>
----
- xen/common/grant_table.c |   52 +++++++++++++++++++++++++++++++++++++++-------
- 1 file changed, 44 insertions(+), 8 deletions(-)
-
-diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
-index f42bc7a..48df928 100644
---- a/xen/common/grant_table.c
-+++ b/xen/common/grant_table.c
-@@ -1518,6 +1518,8 @@ gnttab_transfer(
- 
-     for ( i = 0; i < count; i++ )
-     {
-+        bool_t okay;
-+
-         if (i && hypercall_preempt_check())
-             return i;
- 
-@@ -1626,16 +1628,18 @@ gnttab_transfer(
-          * pages when it is dying.
-          */
-         if ( unlikely(e->is_dying) ||
--             unlikely(e->tot_pages >= e->max_pages) ||
--             unlikely(!gnttab_prepare_for_transfer(e, d, gop.ref)) )
-+             unlikely(e->tot_pages >= e->max_pages) )
-         {
--            if ( !e->is_dying )
--                gdprintk(XENLOG_INFO, "gnttab_transfer: "
--                        "Transferee has no reservation "
--                        "headroom (%d,%d) or provided a bad grant ref (%08x) "
--                        "or is dying (%d)\n",
--                        e->tot_pages, e->max_pages, gop.ref, e->is_dying);
-             spin_unlock(&e->page_alloc_lock);
-+
-+            if ( e->is_dying )
-+                gdprintk(XENLOG_INFO, "gnttab_transfer: "
-+                         "Transferee (d%d) is dying\n", e->domain_id);
-+            else
-+                gdprintk(XENLOG_INFO, "gnttab_transfer: "
-+                         "Transferee (d%d) has no headroom (tot %u, max %u)\n",
-+                         e->domain_id, e->tot_pages, e->max_pages);
-+
-             rcu_unlock_domain(e);
-             put_gfn(d, gop.mfn);
-             page->count_info &= ~(PGC_count_mask|PGC_allocated);
-@@ -1647,6 +1651,38 @@ gnttab_transfer(
-         /* Okay, add the page to 'e'. */
-         if ( unlikely(domain_adjust_tot_pages(e, 1) == 1) )
-             get_knownalive_domain(e);
-+
-+        /*
-+         * We must drop the lock to avoid a possible deadlock in
-+         * gnttab_prepare_for_transfer.  We have reserved a page in e so can
-+         * safely drop the lock and re-aquire it later to add page to the
-+         * pagelist.
-+         */
-+        spin_unlock(&e->page_alloc_lock);
-+        okay = gnttab_prepare_for_transfer(e, d, gop.ref);
-+        spin_lock(&e->page_alloc_lock);
-+
-+        if ( unlikely(!okay) || unlikely(e->is_dying) )
-+        {
-+            bool_t drop_dom_ref = (domain_adjust_tot_pages(e, -1) == 0);
-+
-+            spin_unlock(&e->page_alloc_lock);
-+
-+            if ( okay /* i.e. e->is_dying due to the surrounding if() */ )
-+                gdprintk(XENLOG_INFO, "gnttab_transfer: "
-+                         "Transferee (d%d) is now dying\n", e->domain_id);
-+
-+            if ( drop_dom_ref )
-+                put_domain(e);
-+            rcu_unlock_domain(e);
-+
-+            put_gfn(d, gop.mfn);
-+            page->count_info &= ~(PGC_count_mask|PGC_allocated);
-+            free_domheap_page(page);
-+            gop.status = GNTST_general_error;
-+            goto copyback;
-+        }
-+
-         page_list_add_tail(page, &e->page_list);
-         page_set_owner(page, e);
- 
--- 
-1.7.10.4
-
diff --git a/kernels/xen/xsa75-4.3-unstable.patch b/kernels/xen/xsa75-4.3-unstable.patch
deleted file mode 100644
index 6c0c5bca1..000000000
--- a/kernels/xen/xsa75-4.3-unstable.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing
-
-Otherwise uninitialized data may be used, leading to crashes.
-
-This is XSA-75.
-
-Reported-and-tested-by: Jeff Zimmerman <Jeff_Zimmerman@McAfee.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-and-tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/hvm/vmx/vvmx.c
-+++ b/xen/arch/x86/hvm/vmx/vvmx.c
-@@ -1508,15 +1508,10 @@ static void clear_vvmcs_launched(struct 
-     }
- }
- 
--int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)
-+static int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)
- {
-     struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
-     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
--    int rc;
--
--    rc = vmx_inst_check_privilege(regs, 0);
--    if ( rc != X86EMUL_OKAY )
--        return rc;
- 
-     /* check VMCS is valid and IO BITMAP is set */
-     if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) &&
-@@ -1535,6 +1530,10 @@ int nvmx_handle_vmresume(struct cpu_user
-     struct vcpu *v = current;
-     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
-     struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
-+    int rc = vmx_inst_check_privilege(regs, 0);
-+
-+    if ( rc != X86EMUL_OKAY )
-+        return rc;
- 
-     if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
-     {
-@@ -1554,10 +1553,13 @@ int nvmx_handle_vmresume(struct cpu_user
- int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
- {
-     bool_t launched;
--    int rc;
-     struct vcpu *v = current;
-     struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
-     struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
-+    int rc = vmx_inst_check_privilege(regs, 0);
-+
-+    if ( rc != X86EMUL_OKAY )
-+        return rc;
- 
-     if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
-     {
diff --git a/kernels/xen/xsa78.patch b/kernels/xen/xsa78.patch
deleted file mode 100644
index 180506cdd..000000000
--- a/kernels/xen/xsa78.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-VT-d: fix TLB flushing in dma_pte_clear_one()
-
-The third parameter of __intel_iommu_iotlb_flush() is to indicate
-whether the to be flushed entry was a present one. A few lines before,
-we bailed if !dma_pte_present(*pte), so there's no need to check the
-flag here again - we can simply always pass TRUE here.
-
-This is CVE-2013-6375 / XSA-78.
-
-Suggested-by: Cheng Yueqiang <yqcheng.2008@phdis.smu.edu.sg>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-
---- a/xen/drivers/passthrough/vtd/iommu.c
-+++ b/xen/drivers/passthrough/vtd/iommu.c
-@@ -646,7 +646,7 @@ static void dma_pte_clear_one(struct dom
-     iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
- 
-     if ( !this_cpu(iommu_dont_flush_iotlb) )
--        __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K , 0, 1);
-+        __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K, 1, 1);
- 
-     unmap_vtd_domain_page(page);
-
author	Drtan Samos <lashdu@drtan.twilightparadox.com>	2014-03-03 18:49:15 +0100
committer	Drtan Samos <lashdu@drtan.twilightparadox.com>	2014-03-03 18:49:15 +0100
commit	926e54e67433d33d75b19b21544c5b8303389aa0 (patch)
tree	6177f2e93611ffba8ef822da12850bf3565d7766 /kernels
parent	c850156e865805296b73eee01caa4b4469191437 (diff)
parent	535ef7c5859bc88ca3a0d382261632ec8d8df066 (diff)
download	abslibre-926e54e67433d33d75b19b21544c5b8303389aa0.tar.gz abslibre-926e54e67433d33d75b19b21544c5b8303389aa0.tar.bz2 abslibre-926e54e67433d33d75b19b21544c5b8303389aa0.zip