summaryrefslogtreecommitdiff
path: root/kernels
diff options
context:
space:
mode:
authorDrtan Samos <lashdu@drtan.twilightparadox.com>2014-03-03 18:49:15 +0100
committerDrtan Samos <lashdu@drtan.twilightparadox.com>2014-03-03 18:49:15 +0100
commit926e54e67433d33d75b19b21544c5b8303389aa0 (patch)
tree6177f2e93611ffba8ef822da12850bf3565d7766 /kernels
parentc850156e865805296b73eee01caa4b4469191437 (diff)
parent535ef7c5859bc88ca3a0d382261632ec8d8df066 (diff)
downloadabslibre-926e54e67433d33d75b19b21544c5b8303389aa0.tar.gz
abslibre-926e54e67433d33d75b19b21544c5b8303389aa0.tar.bz2
abslibre-926e54e67433d33d75b19b21544c5b8303389aa0.zip
Merge branch 'master' of git://projects.parabolagnulinux.org/abslibre
Diffstat (limited to 'kernels')
-rw-r--r--kernels/gradm/PKGBUILD9
-rw-r--r--kernels/gradm/usr.patch115
-rw-r--r--kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch82
-rw-r--r--kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch51
-rw-r--r--kernels/linux-libre-grsec/PKGBUILD39
-rw-r--r--kernels/linux-libre-grsec/config.i6866
-rw-r--r--kernels/linux-libre-grsec/config.x86_644
-rw-r--r--kernels/linux-libre-grsec/known-exploit-detection.patch410
-rw-r--r--kernels/linux-libre-grsec/linux-libre-grsec.install6
-rw-r--r--kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch82
-rw-r--r--kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch51
-rw-r--r--kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch68
-rw-r--r--kernels/linux-libre-knock/PKGBUILD264
-rw-r--r--kernels/linux-libre-knock/config.i686150
-rw-r--r--kernels/linux-libre-knock/config.x86_64156
-rw-r--r--kernels/linux-libre-knock/criu-no-expert.patch13
-rw-r--r--kernels/linux-libre-knock/i8042-fix-aliases.patch113
-rw-r--r--kernels/linux-libre-knock/nfs-check-gssd-running-before-krb5i-auth.patch (renamed from kernels/linux-libre-knock/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch)28
-rw-r--r--kernels/linux-libre-knock/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch (renamed from kernels/linux-libre-knock/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch)14
-rw-r--r--kernels/linux-libre-knock/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch (renamed from kernels/linux-libre-knock/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch)14
-rw-r--r--kernels/linux-libre-knock/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch (renamed from kernels/linux-libre-knock/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch)10
-rw-r--r--kernels/linux-libre-knock/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch (renamed from kernels/linux-libre-knock/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch)60
-rw-r--r--kernels/linux-libre-knock/sunrpc-replace-gssd_running-with-more-reliable-check.patch (renamed from kernels/linux-libre-knock/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch)34
-rw-r--r--kernels/linux-libre-lts-knock/PKGBUILD10
-rw-r--r--kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch51
-rw-r--r--kernels/linux-libre-pae/PKGBUILD11
-rw-r--r--kernels/linux-libre-pae/linux-libre-pae.install6
-rw-r--r--kernels/linux-libre-rt/PKGBUILD12
-rw-r--r--kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch51
-rw-r--r--kernels/linux-libre-xen/PKGBUILD11
-rw-r--r--kernels/linux-libre-xen/linux-libre-xen.install6
-rw-r--r--kernels/xen/ChangeLog7
-rw-r--r--kernels/xen/PKGBUILD75
-rw-r--r--kernels/xen/xsa73-4.3-unstable.patch105
-rw-r--r--kernels/xen/xsa75-4.3-unstable.patch55
-rw-r--r--kernels/xen/xsa78.patch23
36 files changed, 598 insertions, 1604 deletions
diff --git a/kernels/gradm/PKGBUILD b/kernels/gradm/PKGBUILD
index 52e0582b7..6ca4aacd9 100644
--- a/kernels/gradm/PKGBUILD
+++ b/kernels/gradm/PKGBUILD
@@ -5,8 +5,8 @@
pkgname=gradm
pkgver=3.0
-_timestamp=201311242038
-pkgrel=2
+_timestamp=201401291757
+pkgrel=4
pkgdesc='Administrative interface for the grsecurity Role Based Access Control system'
arch=(i686 x86_64 mips64el)
url=http://grsecurity.net/
@@ -14,14 +14,12 @@ license=(GPL2)
depends=(pam)
source=(
http://grsecurity.net/stable/$pkgname-$pkgver-$_timestamp.tar.gz
- usr.patch
learn_config
policy
)
build() {
cd "$srcdir/$pkgname"
- patch -Np1 < ../usr.patch
sed -i -e 's/^CFLAGS :=/CFLAGS +=/' -e 's:sbin:usr/bin:' Makefile
make
}
@@ -33,7 +31,6 @@ package() {
rm -rf "$pkgdir/dev"
}
-sha256sums=('9d9040ef2be90b6a4db5b68ba5b7bc658cbbcdb8c71c643b8f95373e4a892e55'
- '7342323d2da3724afe745506690a1a5b194f3f0e959811ca320d820bf74c9ffa'
+sha256sums=('9c99714e6d10797a7348c6ffe2561dfcfe5e7659c9d86118d381b8bdb09ae7a6'
'ec8e824e8a29a67be76bf853814ee85e80c4063009e5693d5db8cdb45bd45813'
'61c0e84098e8386e5496dafce559558adef32e2a4a1241a9fa3bd56eab192dcd')
diff --git a/kernels/gradm/usr.patch b/kernels/gradm/usr.patch
deleted file mode 100644
index b3e5e77ab..000000000
--- a/kernels/gradm/usr.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-diff --git a/gradm_adm.c b/gradm_adm.c
-index bdcfd7d..9681b3c 100644
---- a/gradm_adm.c
-+++ b/gradm_adm.c
-@@ -72,12 +72,13 @@ add_gradm_acl(struct role_acl *role)
-
- gradm_name = gr_strdup(gradm_realpath);
- if (gr_enable && strcmp(gradm_name, GRADM_PATH)) {
-- printf("You are attempting to use a gradm binary other "
-- "than the installed version. Depending on your "
-+ printf("You are attempting to use a gradm binary (%s) other "
-+ "than the installed version (%s). Depending on your "
- "policy, you could be locking yourself out of "
- "your machine by enabling the RBAC system with "
- "this binary. Press \'y\' if you wish to ignore "
-- "this warning, or any other key to cancel.\n>");
-+ "this warning, or any other key to cancel.\n>",
-+ gradm_name, GRADM_PATH);
- if (getchar() != 'y')
- exit(EXIT_FAILURE);
- }
-@@ -259,11 +260,6 @@ static void add_fulllearn_shutdown_acl(void)
- ADD_OBJ("/dev/urandom", "r");
- ADD_OBJ("/dev/random", "r");
- ADD_OBJ("/etc", "r");
-- ADD_OBJ("/bin", "rx");
-- ADD_OBJ("/sbin", "rx");
-- ADD_OBJ("/lib", "rx");
-- ADD_OBJ("/lib32", "rx");
-- ADD_OBJ("/lib64", "rx");
- ADD_OBJ("/usr", "rx");
- ADD_OBJ("/proc", "r");
- ADD_OBJ("/boot", "h");
-@@ -276,9 +272,9 @@ static void add_fulllearn_shutdown_acl(void)
- ADD_OBJ("/proc/slabinfo", "h");
- ADD_OBJ("/proc/modules", "h");
- ADD_OBJ("/proc/kallsyms", "h");
-- ADD_OBJ("/lib/modules", "hs");
-- ADD_OBJ("/lib32/modules", "hs");
-- ADD_OBJ("/lib64/modules", "hs");
-+ ADD_OBJ("/usr/lib/modules", "hs");
-+ ADD_OBJ("/usr/lib32/modules", "hs");
-+ ADD_OBJ("/usr/lib64/modules", "hs");
- ADD_OBJ("/etc/ssh", "h");
- add_cap_acl(current_subject, "-CAP_ALL", NULL);
-
-diff --git a/gradm_analyze.c b/gradm_analyze.c
-index 74ec86f..da365a4 100644
---- a/gradm_analyze.c
-+++ b/gradm_analyze.c
-@@ -778,17 +778,17 @@ analyze_acls(void)
- errs_found++;
- }
-
-- if (!stat("/lib/modules", &fstat) && !check_permission(role, def_acl, "/lib/modules", &chk)) {
-+ if (!stat("/usr/lib/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib/modules", &chk)) {
- fprintf(stderr,
-- "Writing access is allowed by role %s to /lib/modules, the directory which "
-+ "Writing access is allowed by role %s to /usr/lib/modules, the directory which "
- "holds kernel modules.\n\n",
- role->rolename);
- errs_found++;
- }
-
-- if (!stat("/lib64/modules", &fstat) && !check_permission(role, def_acl, "/lib64/modules", &chk)) {
-+ if (!stat("/usr/lib64/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib64/modules", &chk)) {
- fprintf(stderr,
-- "Writing access is allowed by role %s to /lib64/modules, the directory which "
-+ "Writing access is allowed by role %s to /usr/lib64/modules, the directory which "
- "holds kernel modules.\n\n",
- role->rolename);
- errs_found++;
-diff --git a/gradm_defs.h b/gradm_defs.h
-index 961a7b9..56d6378 100644
---- a/gradm_defs.h
-+++ b/gradm_defs.h
-@@ -4,9 +4,9 @@
- #ifndef GRSEC_DIR
- #define GRSEC_DIR "/etc/grsec"
- #endif
--#define GRLEARN_PATH "/sbin/grlearn"
--#define GRADM_PATH "/sbin/gradm"
--#define GRPAM_PATH "/sbin/gradm_pam"
-+#define GRLEARN_PATH "/usr/bin/grlearn"
-+#define GRADM_PATH "/usr/bin/gradm"
-+#define GRPAM_PATH "/usr/bin/gradm_pam"
- #define GRDEV_PATH "/dev/grsec"
- #define GR_POLICY_PATH GRSEC_DIR "/policy"
- #define GR_PW_PATH GRSEC_DIR "/pw"
-diff --git a/gradm_fulllearn.c b/gradm_fulllearn.c
-index 4d10060..6ce744d 100644
---- a/gradm_fulllearn.c
-+++ b/gradm_fulllearn.c
-@@ -449,8 +449,8 @@ static const char *initial_roles_str =
- "\t/proc/slabinfo\th\n"
- "\t/proc/modules\th\n"
- "\t/proc/kallsyms\th\n"
--"\t/lib/modules\ths\n"
--"\t/lib64/modules\ths\n"
-+"\t/usr/lib/modules\ths\n"
-+"\t/usr/lib64/modules\ths\n"
- "\t/etc/ssh\th\n"
- "}\n\n"
- "role admin sA\n"
-@@ -463,10 +463,6 @@ static const char *initial_roles_str =
- "\t/dev/urandom r\n"
- "\t/dev/random r\n"
- "\t/etc r\n"
--"\t/bin rx\n"
--"\t/sbin rx\n"
--"\t/lib rx\n"
--"\t/lib64 rx\n"
- "\t/usr rx\n"
- "\t/proc r\n"
- "\t$grsec_denied\n"
diff --git a/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch b/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch
deleted file mode 100644
index 93803d2e6..000000000
--- a/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 2bd7c7b5f011b3d57e4f5625b561a6f3f2f34a81 Mon Sep 17 00:00:00 2001
-From: Trond Myklebust <trond.myklebust@primarydata.com>
-Date: Sun, 16 Feb 2014 12:14:13 -0500
-Subject: [PATCH] SUNRPC: Ensure that gss_auth isn't freed before its upcall
- messages
-
-Fix a race in which the RPC client is shutting down while the
-gss daemon is processing a downcall. If the RPC client manages to
-shut down before the gss daemon is done, then the struct gss_auth
-used in gss_release_msg() may have already been freed.
-
-Link: http://lkml.kernel.org/r/1392494917.71728.YahooMailNeo@web140002.mail.bf1.yahoo.com
-Reported-by: John <da_audiophile@yahoo.com>
-Reported-by: Borislav Petkov <bp@alien8.de>
-Cc: stable@vger.kernel.org # 3.12+
-Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
----
- net/sunrpc/auth_gss/auth_gss.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
-index 42fdfc6..a642fd616 100644
---- a/net/sunrpc/auth_gss/auth_gss.c
-+++ b/net/sunrpc/auth_gss/auth_gss.c
-@@ -108,6 +108,7 @@ struct gss_auth {
- static DEFINE_SPINLOCK(pipe_version_lock);
- static struct rpc_wait_queue pipe_version_rpc_waitqueue;
- static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
-+static void gss_put_auth(struct gss_auth *gss_auth);
-
- static void gss_free_ctx(struct gss_cl_ctx *);
- static const struct rpc_pipe_ops gss_upcall_ops_v0;
-@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
- if (gss_msg->ctx != NULL)
- gss_put_ctx(gss_msg->ctx);
- rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
-+ gss_put_auth(gss_msg->auth);
- kfree(gss_msg);
- }
-
-@@ -500,6 +502,7 @@ gss_alloc_msg(struct gss_auth *gss_auth,
- if (err)
- goto err_free_msg;
- };
-+ kref_get(&gss_auth->kref);
- return gss_msg;
- err_free_msg:
- kfree(gss_msg);
-@@ -1071,6 +1074,12 @@ gss_free_callback(struct kref *kref)
- }
-
- static void
-+gss_put_auth(struct gss_auth *gss_auth)
-+{
-+ kref_put(&gss_auth->kref, gss_free_callback);
-+}
-+
-+static void
- gss_destroy(struct rpc_auth *auth)
- {
- struct gss_auth *gss_auth = container_of(auth,
-@@ -1091,7 +1100,7 @@ gss_destroy(struct rpc_auth *auth)
- gss_auth->gss_pipe[1] = NULL;
- rpcauth_destroy_credcache(auth);
-
-- kref_put(&gss_auth->kref, gss_free_callback);
-+ gss_put_auth(gss_auth);
- }
-
- /*
-@@ -1262,7 +1271,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
- call_rcu(&cred->cr_rcu, gss_free_cred_callback);
- if (ctx)
- gss_put_ctx(ctx);
-- kref_put(&gss_auth->kref, gss_free_callback);
-+ gss_put_auth(gss_auth);
- }
-
- static void
---
-1.9.0
-
diff --git a/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch
deleted file mode 100644
index c9ee40400..000000000
--- a/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001
-From: Steven Noonan <steven@uplinklabs.net>
-Date: Thu, 13 Feb 2014 07:01:07 +0000
-Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
-
-I started noticing problems with KVM guest destruction on Linux
-3.12+, where guest memory wasn't being cleaned up. I bisected it
-down to the commit introducing the new 'asm goto'-based atomics,
-and found this quirk was later applied to those.
-
-Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the
-known 'asm goto' bug) I am still getting some kind of
-miscompilation. If I enable the asm_volatile_goto quirk for my
-compiler, KVM guests are destroyed correctly and the memory is
-cleaned up.
-
-So make the quirk unconditional for now, until bug is found
-and fixed.
-
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Steven Noonan <steven@uplinklabs.net>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt <rostedt@goodmis.org>
-Cc: Jakub Jelinek <jakub@redhat.com>
-Cc: Richard Henderson <rth@twiddle.net>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Oleg Nesterov <oleg@redhat.com>
-Cc: <stable@vger.kernel.org>
-Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net
-Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
-diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..2507fd2 100644
---- a/include/linux/compiler-gcc4.h
-+++ b/include/linux/compiler-gcc4.h
-@@ -75,11 +75,7 @@
- *
- * (asm goto is automatically volatile - the naming reflects this.)
- */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...) do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
-
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
---
-cgit v0.9.2
diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD
index b5aad3bbb..8f83b01e3 100644
--- a/kernels/linux-libre-grsec/PKGBUILD
+++ b/kernels/linux-libre-grsec/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $
+# $Id: PKGBUILD 206252 2014-02-22 22:54:25Z thomas $
# Maintainer: Tobias Powalowski <tpowa@archlinux.org>
# Maintainer: Thomas Baechler <thomas@archlinux.org>
# Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -10,12 +10,12 @@
pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.13
-_sublevel=4
+_sublevel=5
_grsecver=3.0
-_timestamp=201402201908
+_timestamp=201402241943
pkgver=${_basekernel}.${_sublevel}
pkgrel=1
-_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.5 # nearly always the same as pkgver
arch=('i686' 'x86_64' 'mips64el')
url="http://linux-libre.fsfla.org/"
license=('GPL2')
@@ -39,16 +39,17 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch'
'0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch'
'0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch'
- '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch'
'0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch'
- '0001-quirk-asm_volatile_goto.patch'
'i8042-fix-aliases.patch'
+ 'module-blacklist.conf'
+ 'sysctl.conf'
+ 'known-exploit-detection.patch'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
- '3659d30b1d06dd5b7874ae04c946863b'
- '98bb51189e0fe96a10362ddcbb79a134'
- 'a2718a1b47c6c3b0774ce786488d22c3'
- 'cbe58a543b96ae282c674875b1940e59'
+ '6e59a1e4b891ca5fa8b03d488fa64e04'
+ '810f3caa18b89eda5b41a2cff5821a4a'
+ '21da34d98cc007a78a11660863537c0d'
+ 'd4b95575b9cc32b7ba4ad8624972ddf9'
'5f66bed97a5c37e48eb2f71b2d354b9a'
'2967cecc3af9f954ccc822fd63dca6ff'
'8267264d9a8966e57fdacd1fa1fc65c4'
@@ -61,11 +62,12 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
'10dbaf863e22b2437e68f9190d65c861'
'd5907a721b97299f0685c583499f7820'
'a724515b350b29c53f20e631c6cf9a14'
- '1ae4ec847f41fa1b6d488f956e94c893'
'e6fa278c092ad83780e2dd0568e24ca6'
- '6baa312bc166681f48e972824f3f6649'
'93dbf73af819b77f03453a9c6de2bb47'
- 'ac92b702b8497d2be14f96e077a7f48f')
+ 'f93ef6157fbb23820bd5ae08fd3f451e'
+ '0db7629711f4ed76bd1f9da9f97bc4ea'
+ 'cb789bf97bc65fd4cf240d99df9c24c0'
+ '5fcb6203b54aaf7dcbdf6e2c6f159b14')
if [ "$CARCH" != "mips64el" ]; then
# don't use the Loongson-specific patches on non-mips64el arches.
unset source[${#source[@]}-1]
@@ -116,18 +118,15 @@ prepare() {
# http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=23e66ba97127ff3b064d4c6c5138aa34eafc492f
patch -p1 -i "${srcdir}/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch"
- # Fix FS#38921
- # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9eb2ddb48ce3a7bd745c14a933112994647fa3cd
- patch -p1 -i "${srcdir}/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch"
-
# Fix symbols: Revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83460ec8dcac14142e7860a01fa59c267ac4657c
patch -Rp1 -i "${srcdir}/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch"
# Fix i8042 aliases
patch -p1 -i "${srcdir}/i8042-fix-aliases.patch"
- # Fix compile issues
- # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859
- patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch"
+
+ # add known exploit detection patch
+ # http://lkml.org/lkml/2013/12/12/358
+ patch -Np1 -i "${srcdir}/known-exploit-detection.patch"
if [ "$CARCH" == "mips64el" ]; then
sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile
diff --git a/kernels/linux-libre-grsec/config.i686 b/kernels/linux-libre-grsec/config.i686
index 3d48a9b03..07840923d 100644
--- a/kernels/linux-libre-grsec/config.i686
+++ b/kernels/linux-libre-grsec/config.i686
@@ -497,7 +497,7 @@ CONFIG_KEXEC=y
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
CONFIG_X86_NEED_RELOCS=y
-CONFIG_PHYSICAL_ALIGN=0x100000
+CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_HOTPLUG_CPU=y
# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
# CONFIG_DEBUG_HOTPLUG_CPU0 is not set
@@ -5874,7 +5874,9 @@ CONFIG_JFFS2_FS_DEBUG=0
CONFIG_JFFS2_FS_WRITEBUFFER=y
# CONFIG_JFFS2_FS_WBUF_VERIFY is not set
# CONFIG_JFFS2_SUMMARY is not set
-# CONFIG_JFFS2_FS_XATTR is not set
+CONFIG_JFFS2_FS_XATTR=y
+CONFIG_JFFS2_FS_POSIX_ACL=y
+CONFIG_JFFS2_FS_SECURITY=y
# CONFIG_JFFS2_COMPRESSION_OPTIONS is not set
CONFIG_JFFS2_ZLIB=y
# CONFIG_JFFS2_LZO is not set
diff --git a/kernels/linux-libre-grsec/config.x86_64 b/kernels/linux-libre-grsec/config.x86_64
index 0269c67cc..f89860f78 100644
--- a/kernels/linux-libre-grsec/config.x86_64
+++ b/kernels/linux-libre-grsec/config.x86_64
@@ -5662,7 +5662,9 @@ CONFIG_JFFS2_FS_DEBUG=0
CONFIG_JFFS2_FS_WRITEBUFFER=y
# CONFIG_JFFS2_FS_WBUF_VERIFY is not set
# CONFIG_JFFS2_SUMMARY is not set
-# CONFIG_JFFS2_FS_XATTR is not set
+CONFIG_JFFS2_FS_XATTR=y
+CONFIG_JFFS2_FS_POSIX_ACL=y
+CONFIG_JFFS2_FS_SECURITY=y
# CONFIG_JFFS2_COMPRESSION_OPTIONS is not set
CONFIG_JFFS2_ZLIB=y
# CONFIG_JFFS2_LZO is not set
diff --git a/kernels/linux-libre-grsec/known-exploit-detection.patch b/kernels/linux-libre-grsec/known-exploit-detection.patch
index 4837a9ce5..7629b4d85 100644
--- a/kernels/linux-libre-grsec/known-exploit-detection.patch
+++ b/kernels/linux-libre-grsec/known-exploit-detection.patch
@@ -1,147 +1,29 @@
-diff --git a/include/linux/exploit.h b/include/linux/exploit.h
-new file mode 100644
-index 0000000..a8df72a
---- /dev/null
-+++ b/include/linux/exploit.h
-@@ -0,0 +1,23 @@
-+#ifndef _LINUX_EXPLOIT_H
-+#define _LINUX_EXPLOIT_H
-+
-+#ifdef CONFIG_EXPLOIT_DETECTION
-+extern void _exploit(const char *id);
-+
-+#define exploit_on(cond, id) \
-+ do { \
-+ if (unlikely(cond)) \
-+ _exploit(id); \
-+ } while (0)
-+
-+#else
-+
-+#define exploit_on(cond, id) \
-+ do { \
-+ } while (0)
-+
-+#endif
-+
-+#define exploit(id) exploit_on(true, id)
-+
-+#endif
-diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..a828dfb 100644
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -167,5 +167,17 @@ config DEFAULT_SECURITY
- default "yama" if DEFAULT_SECURITY_YAMA
- default "" if DEFAULT_SECURITY_DAC
-
--endmenu
-+config EXPLOIT_DETECTION
-+ bool "Known exploit detection"
-+ depends on PRINTK
-+ default y
-+ help
-+ This option enables the detection of users/programs who attempt to
-+ break into the kernel using publicly known (past) exploits.
-+
-+ Upon detection, a message will be printed in the kernel log.
-
-+ The runtime overhead of enabling this option is extremely small, so
-+ you are recommended to say Y.
-+
-+endmenu
-diff --git a/security/Makefile b/security/Makefile
-index c26c81e..d152a1d 100644
---- a/security/Makefile
-+++ b/security/Makefile
-@@ -28,3 +28,5 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
- # Object integrity file lists
- subdir-$(CONFIG_INTEGRITY) += integrity
- obj-$(CONFIG_INTEGRITY) += integrity/built-in.o
-+
-+obj-$(CONFIG_EXPLOIT_DETECTION) += exploit.o
-diff --git a/security/exploit.c b/security/exploit.c
-new file mode 100644
-index 0000000..a732613
---- /dev/null
-+++ b/security/exploit.c
-@@ -0,0 +1,28 @@
-+#include <linux/cred.h>
+diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
+index 3432443..f5af562 100644
+--- a/arch/x86/kernel/msr.c
++++ b/arch/x86/kernel/msr.c
+@@ -38,6 +38,7 @@
+ #include <linux/uaccess.h>
+ #include <linux/gfp.h>
+ #include <linux/grsecurity.h>
+#include <linux/exploit.h>
-+#include <linux/printk.h>
-+#include <linux/ratelimit.h>
-+#include <linux/sched.h>
-+
-+void _exploit(const char *id)
-+{
-+ /*
-+ * This function needs to be super defensive/conservative, since
-+ * userspace can easily get to it from several different contexts.
-+ * We don't want it to become an attack vector in itself!
-+ *
-+ * We can assume that we're in process context, but spinlocks may
-+ * be held, etc.
-+ */
-+
-+ struct task_struct *task = current;
-+ pid_t pid = task_pid_nr(task);
-+ uid_t uid = from_kuid(&init_user_ns, current_uid());
-+ char comm[sizeof(task->comm)];
-+
-+ get_task_comm(comm, task);
-+
-+ pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n",
-+ id, pid, uid, comm);
-+}
-+EXPORT_SYMBOL(_exploit);
-diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
-index 75cef3f..65811d4 100644
---- a/include/uapi/linux/audit.h
-+++ b/include/uapi/linux/audit.h
-@@ -131,6 +131,7 @@
- #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
- #define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */
- #define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */
-+#define AUDIT_ANOM_EXPLOIT 1703 /* Known exploit attempt */
- #define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */
- #define AUDIT_INTEGRITY_METADATA 1801 /* Metadata integrity verification */
- #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */
-diff --git a/security/exploit.c b/security/exploit.c
-index a732613..3d8ee5b 100644
---- a/security/exploit.c
-+++ b/security/exploit.c
-@@ -1,3 +1,4 @@
-+#include <linux/audit.h>
- #include <linux/cred.h>
- #include <linux/exploit.h>
- #include <linux/printk.h>
-@@ -19,9 +20,24 @@ void _exploit(const char *id)
- pid_t pid = task_pid_nr(task);
- uid_t uid = from_kuid(&init_user_ns, current_uid());
- char comm[sizeof(task->comm)];
-+#ifdef CONFIG_AUDIT
-+ struct audit_buffer *ab;
-+#endif
- get_task_comm(comm, task);
+ #include <asm/processor.h>
+ #include <asm/msr.h>
+@@ -184,8 +185,10 @@ static int msr_open(struct inode *inode, struct file *file)
+ unsigned int cpu = iminor(file_inode(file));
+ struct cpuinfo_x86 *c;
-+#ifdef CONFIG_AUDIT
-+ ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_ANOM_EXPLOIT);
-+ if (ab) {
-+ audit_log_format(ab, "exploit id=%s pid=%u uid=%u auid=%u ses=%u comm=",
-+ id, pid, uid,
-+ from_kuid(&init_user_ns, audit_get_loginuid(task)),
-+ audit_get_sessionid(task));
-+ audit_log_untrustedstring(ab, comm);
-+ audit_log_end(ab);
+- if (!capable(CAP_SYS_RAWIO))
++ if (!capable(CAP_SYS_RAWIO)) {
++ exploit("CVE-2013-0268");
+ return -EPERM;
+ }
-+#endif
-+
- pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n",
- id, pid, uid, comm);
- }
+
+ if (cpu >= nr_cpu_ids || !cpu_online(cpu))
+ return -ENXIO; /* No such CPU */
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index bf34577..48490c1 100644
+index ee52ddd..be4c296 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -32,6 +32,7 @@
@@ -150,9 +32,9 @@ index bf34577..48490c1 100644
#include <linux/dma_remapping.h>
+#include <linux/exploit.h>
- struct eb_objects {
- struct list_head objects;
-@@ -785,8 +786,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
+ #define __EXEC_OBJECT_HAS_PIN (1<<31)
+ #define __EXEC_OBJECT_HAS_FENCE (1<<30)
+@@ -878,8 +879,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
* the worst case where we need to allocate the entire
* relocation tree as a single array.
*/
@@ -164,30 +46,6 @@ index bf34577..48490c1 100644
relocs_total += exec[i].relocation_count;
length = exec[i].relocation_count *
-diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 88458fa..fad04f1 100644
---- a/arch/x86/kernel/msr.c
-+++ b/arch/x86/kernel/msr.c
-@@ -37,6 +37,7 @@
- #include <linux/notifier.h>
- #include <linux/uaccess.h>
- #include <linux/gfp.h>
-+#include <linux/exploit.h>
-
- #include <asm/processor.h>
- #include <asm/msr.h>
-@@ -174,8 +175,10 @@ static int msr_open(struct inode *inode, struct file *file)
- unsigned int cpu = iminor(file_inode(file));
- struct cpuinfo_x86 *c;
-
-- if (!capable(CAP_SYS_RAWIO))
-+ if (!capable(CAP_SYS_RAWIO)) {
-+ exploit("CVE-2013-0268");
- return -EPERM;
-+ }
-
- if (cpu >= nr_cpu_ids || !cpu_online(cpu))
- return -ENXIO; /* No such CPU */
diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c
index b1ce4c7..2fe83f0 100644
--- a/fs/hfs/trans.c
@@ -212,50 +70,6 @@ index b1ce4c7..2fe83f0 100644
dst = out;
dstlen = HFS_MAX_NAMELEN;
if (nls_io) {
-diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index 13fb113..df7a51a 100644
---- a/kernel/user_namespace.c
-+++ b/kernel/user_namespace.c
-@@ -22,6 +22,7 @@
- #include <linux/ctype.h>
- #include <linux/projid.h>
- #include <linux/fs_struct.h>
-+#include <linux/exploit.h>
-
- static struct kmem_cache *user_ns_cachep __read_mostly;
-
-@@ -806,11 +807,15 @@ static bool new_idmap_permitted(const struct file *file,
- kuid_t uid = make_kuid(ns->parent, id);
- if (uid_eq(uid, file->f_cred->fsuid))
- return true;
-+
-+ exploit_on(uid_eq(uid, current_fsuid()), "CVE-2013-1959");
- }
- else if (cap_setid == CAP_SETGID) {
- kgid_t gid = make_kgid(ns->parent, id);
- if (gid_eq(gid, file->f_cred->fsgid))
- return true;
-+
-+ exploit_on(gid_eq(gid, current_fsgid()), "CVE-2013-1959");
- }
- }
-
-@@ -822,9 +827,12 @@ static bool new_idmap_permitted(const struct file *file,
- * (CAP_SETUID or CAP_SETGID) over the parent user namespace.
- * And the opener of the id file also had the approprpiate capability.
- */
-- if (ns_capable(ns->parent, cap_setid) &&
-- file_ns_capable(file, ns->parent, cap_setid))
-- return true;
-+ if (ns_capable(ns->parent, cap_setid)) {
-+ if (file_ns_capable(file, ns->parent, cap_setid))
-+ return true;
-+
-+ exploit("CVE-2013-1959");
-+ }
-
- return false;
- }
diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c
index 968ce41..5f47a1a 100644
--- a/fs/hfsplus/catalog.c
@@ -304,8 +118,49 @@ index 4a4fea0..2d5e283 100644
err = -EIO;
goto out;
}
+diff --git a/include/linux/exploit.h b/include/linux/exploit.h
+new file mode 100644
+index 0000000..a8df72a
+--- /dev/null
++++ b/include/linux/exploit.h
+@@ -0,0 +1,23 @@
++#ifndef _LINUX_EXPLOIT_H
++#define _LINUX_EXPLOIT_H
++
++#ifdef CONFIG_EXPLOIT_DETECTION
++extern void _exploit(const char *id);
++
++#define exploit_on(cond, id) \
++ do { \
++ if (unlikely(cond)) \
++ _exploit(id); \
++ } while (0)
++
++#else
++
++#define exploit_on(cond, id) \
++ do { \
++ } while (0)
++
++#endif
++
++#define exploit(id) exploit_on(true, id)
++
++#endif
+diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
+index 44b05a0..0a820b4 100644
+--- a/include/uapi/linux/audit.h
++++ b/include/uapi/linux/audit.h
+@@ -134,6 +134,7 @@
+ #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
+ #define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */
+ #define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */
++#define AUDIT_ANOM_EXPLOIT 1703 /* Known exploit attempt */
+ #define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */
+ #define AUDIT_INTEGRITY_METADATA 1801 /* Metadata integrity verification */
+ #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 953c143..32b9383 100644
+index 11b21f0..a881843 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -39,6 +39,7 @@
@@ -316,7 +171,7 @@ index 953c143..32b9383 100644
#include "internal.h"
-@@ -5721,6 +5722,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
+@@ -5772,6 +5773,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
static int perf_swevent_init(struct perf_event *event)
{
u64 event_id = event->attr.config;
@@ -324,8 +179,52 @@ index 953c143..32b9383 100644
if (event->attr.type != PERF_TYPE_SOFTWARE)
return -ENOENT;
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index 583473e..4614b6e 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -22,6 +22,7 @@
+ #include <linux/ctype.h>
+ #include <linux/projid.h>
+ #include <linux/fs_struct.h>
++#include <linux/exploit.h>
+
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+
+@@ -827,11 +828,15 @@ static bool new_idmap_permitted(const struct file *file,
+ kuid_t uid = make_kuid(ns->parent, id);
+ if (uid_eq(uid, file->f_cred->fsuid))
+ return true;
++
++ exploit_on(uid_eq(uid, current_fsuid()), "CVE-2013-1959");
+ }
+ else if (cap_setid == CAP_SETGID) {
+ kgid_t gid = make_kgid(ns->parent, id);
+ if (gid_eq(gid, file->f_cred->fsgid))
+ return true;
++
++ exploit_on(gid_eq(gid, current_fsgid()), "CVE-2013-1959");
+ }
+ }
+
+@@ -843,9 +848,12 @@ static bool new_idmap_permitted(const struct file *file,
+ * (CAP_SETUID or CAP_SETGID) over the parent user namespace.
+ * And the opener of the id file also had the approprpiate capability.
+ */
+- if (ns_capable(ns->parent, cap_setid) &&
+- file_ns_capable(file, ns->parent, cap_setid))
+- return true;
++ if (ns_capable(ns->parent, cap_setid)) {
++ if (file_ns_capable(file, ns->parent, cap_setid))
++ return true;
++
++ exploit("CVE-2013-1959");
++ }
+
+ return false;
+ }
diff --git a/net/core/sock.c b/net/core/sock.c
-index 0b39e7a..c16246f 100644
+index 997c88b..5fc9f05 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -117,6 +117,7 @@
@@ -336,7 +235,7 @@ index 0b39e7a..c16246f 100644
#include <asm/uaccess.h>
-@@ -1753,8 +1754,10 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
+@@ -1758,8 +1759,10 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
int i;
err = -EMSGSIZE;
@@ -348,3 +247,86 @@ index 0b39e7a..c16246f 100644
timeo = sock_sndtimeo(sk, noblock);
while (!skb) {
+diff --git a/security/Kconfig b/security/Kconfig
+index 0ebde71..9afec5d 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -1120,5 +1120,17 @@ config DEFAULT_SECURITY
+ default "yama" if DEFAULT_SECURITY_YAMA
+ default "" if DEFAULT_SECURITY_DAC
+
+-endmenu
++config EXPLOIT_DETECTION
++ bool "Known exploit detection"
++ depends on PRINTK
++ default y
++ help
++ This option enables the detection of users/programs who attempt to
++ break into the kernel using publicly known (past) exploits.
+
++ Upon detection, a message will be printed in the kernel log.
++
++ The runtime overhead of enabling this option is extremely small, so
++ you are recommended to say Y.
++
++endmenu
+diff --git a/security/Makefile b/security/Makefile
+index a5918e0..abc70cd 100644
+--- a/security/Makefile
++++ b/security/Makefile
+@@ -27,3 +27,5 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
+ # Object integrity file lists
+ subdir-$(CONFIG_INTEGRITY) += integrity
+ obj-$(CONFIG_INTEGRITY) += integrity/built-in.o
++
++obj-$(CONFIG_EXPLOIT_DETECTION) += exploit.o
+diff --git a/security/exploit.c b/security/exploit.c
+new file mode 100644
+index 0000000..3d8ee5b
+--- /dev/null
++++ b/security/exploit.c
+@@ -0,0 +1,44 @@
++#include <linux/audit.h>
++#include <linux/cred.h>
++#include <linux/exploit.h>
++#include <linux/printk.h>
++#include <linux/ratelimit.h>
++#include <linux/sched.h>
++
++void _exploit(const char *id)
++{
++ /*
++ * This function needs to be super defensive/conservative, since
++ * userspace can easily get to it from several different contexts.
++ * We don't want it to become an attack vector in itself!
++ *
++ * We can assume that we're in process context, but spinlocks may
++ * be held, etc.
++ */
++
++ struct task_struct *task = current;
++ pid_t pid = task_pid_nr(task);
++ uid_t uid = from_kuid(&init_user_ns, current_uid());
++ char comm[sizeof(task->comm)];
++#ifdef CONFIG_AUDIT
++ struct audit_buffer *ab;
++#endif
++
++ get_task_comm(comm, task);
++
++#ifdef CONFIG_AUDIT
++ ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_ANOM_EXPLOIT);
++ if (ab) {
++ audit_log_format(ab, "exploit id=%s pid=%u uid=%u auid=%u ses=%u comm=",
++ id, pid, uid,
++ from_kuid(&init_user_ns, audit_get_loginuid(task)),
++ audit_get_sessionid(task));
++ audit_log_untrustedstring(ab, comm);
++ audit_log_end(ab);
++ }
++#endif
++
++ pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n",
++ id, pid, uid, comm);
++}
++EXPORT_SYMBOL(_exploit);
diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install
index dfdf39530..68eb041c0 100644
--- a/kernels/linux-libre-grsec/linux-libre-grsec.install
+++ b/kernels/linux-libre-grsec/linux-libre-grsec.install
@@ -100,6 +100,12 @@ post_upgrade() {
mkinitcpio -p linux-libre${KERNEL_NAME}
fi
+ if [ $(vercmp $2 3.13) -lt 0 ]; then
+ echo ">>> WARNING: AT keyboard support is no longer built into the kernel."
+ echo ">>> In order to use your keyboard during early init, you MUST"
+ echo ">>> include the 'keyboard' hook in your mkinitcpio.conf."
+ fi
+
_add_groups
_fix_permissions
diff --git a/kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch b/kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch
deleted file mode 100644
index 93803d2e6..000000000
--- a/kernels/linux-libre-knock/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 2bd7c7b5f011b3d57e4f5625b561a6f3f2f34a81 Mon Sep 17 00:00:00 2001
-From: Trond Myklebust <trond.myklebust@primarydata.com>
-Date: Sun, 16 Feb 2014 12:14:13 -0500
-Subject: [PATCH] SUNRPC: Ensure that gss_auth isn't freed before its upcall
- messages
-
-Fix a race in which the RPC client is shutting down while the
-gss daemon is processing a downcall. If the RPC client manages to
-shut down before the gss daemon is done, then the struct gss_auth
-used in gss_release_msg() may have already been freed.
-
-Link: http://lkml.kernel.org/r/1392494917.71728.YahooMailNeo@web140002.mail.bf1.yahoo.com
-Reported-by: John <da_audiophile@yahoo.com>
-Reported-by: Borislav Petkov <bp@alien8.de>
-Cc: stable@vger.kernel.org # 3.12+
-Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
----
- net/sunrpc/auth_gss/auth_gss.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
-index 42fdfc6..a642fd616 100644
---- a/net/sunrpc/auth_gss/auth_gss.c
-+++ b/net/sunrpc/auth_gss/auth_gss.c
-@@ -108,6 +108,7 @@ struct gss_auth {
- static DEFINE_SPINLOCK(pipe_version_lock);
- static struct rpc_wait_queue pipe_version_rpc_waitqueue;
- static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
-+static void gss_put_auth(struct gss_auth *gss_auth);
-
- static void gss_free_ctx(struct gss_cl_ctx *);
- static const struct rpc_pipe_ops gss_upcall_ops_v0;
-@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
- if (gss_msg->ctx != NULL)
- gss_put_ctx(gss_msg->ctx);
- rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
-+ gss_put_auth(gss_msg->auth);
- kfree(gss_msg);
- }
-
-@@ -500,6 +502,7 @@ gss_alloc_msg(struct gss_auth *gss_auth,
- if (err)
- goto err_free_msg;
- };
-+ kref_get(&gss_auth->kref);
- return gss_msg;
- err_free_msg:
- kfree(gss_msg);
-@@ -1071,6 +1074,12 @@ gss_free_callback(struct kref *kref)
- }
-
- static void
-+gss_put_auth(struct gss_auth *gss_auth)
-+{
-+ kref_put(&gss_auth->kref, gss_free_callback);
-+}
-+
-+static void
- gss_destroy(struct rpc_auth *auth)
- {
- struct gss_auth *gss_auth = container_of(auth,
-@@ -1091,7 +1100,7 @@ gss_destroy(struct rpc_auth *auth)
- gss_auth->gss_pipe[1] = NULL;
- rpcauth_destroy_credcache(auth);
-
-- kref_put(&gss_auth->kref, gss_free_callback);
-+ gss_put_auth(gss_auth);
- }
-
- /*
-@@ -1262,7 +1271,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
- call_rcu(&cred->cr_rcu, gss_free_cred_callback);
- if (ctx)
- gss_put_ctx(ctx);
-- kref_put(&gss_auth->kref, gss_free_callback);
-+ gss_put_auth(gss_auth);
- }
-
- static void
---
-1.9.0
-
diff --git a/kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch
deleted file mode 100644
index c9ee40400..000000000
--- a/kernels/linux-libre-knock/0001-quirk-asm_volatile_goto.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001
-From: Steven Noonan <steven@uplinklabs.net>
-Date: Thu, 13 Feb 2014 07:01:07 +0000
-Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
-
-I started noticing problems with KVM guest destruction on Linux
-3.12+, where guest memory wasn't being cleaned up. I bisected it
-down to the commit introducing the new 'asm goto'-based atomics,
-and found this quirk was later applied to those.
-
-Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the
-known 'asm goto' bug) I am still getting some kind of
-miscompilation. If I enable the asm_volatile_goto quirk for my
-compiler, KVM guests are destroyed correctly and the memory is
-cleaned up.
-
-So make the quirk unconditional for now, until bug is found
-and fixed.
-
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Steven Noonan <steven@uplinklabs.net>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt <rostedt@goodmis.org>
-Cc: Jakub Jelinek <jakub@redhat.com>
-Cc: Richard Henderson <rth@twiddle.net>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Oleg Nesterov <oleg@redhat.com>
-Cc: <stable@vger.kernel.org>
-Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net
-Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
-diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..2507fd2 100644
---- a/include/linux/compiler-gcc4.h
-+++ b/include/linux/compiler-gcc4.h
-@@ -75,11 +75,7 @@
- *
- * (asm goto is automatically volatile - the naming reflects this.)
- */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...) do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
-
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
---
-cgit v0.9.2
diff --git a/kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch b/kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch
deleted file mode 100644
index c4242e0ae..000000000
--- a/kernels/linux-libre-knock/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 83460ec8dcac14142e7860a01fa59c267ac4657c Mon Sep 17 00:00:00 2001
-From: Andi Kleen <ak@linux.intel.com>
-Date: Tue, 12 Nov 2013 15:08:36 -0800
-Subject: [PATCH] syscalls.h: use gcc alias instead of assembler aliases for
- syscalls
-
-Use standard gcc __attribute__((alias(foo))) to define the syscall aliases
-instead of custom assembler macros.
-
-This is far cleaner, and also fixes my LTO kernel build.
-
-Signed-off-by: Andi Kleen <ak@linux.intel.com>
-Cc: Al Viro <viro@ZenIV.linux.org.uk>
-Cc: Geert Uytterhoeven <geert@linux-m68k.org>
-Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
----
- include/linux/compat.h | 4 ++--
- include/linux/syscalls.h | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/linux/compat.h b/include/linux/compat.h
-index 345da00..ada34c9 100644
---- a/include/linux/compat.h
-+++ b/include/linux/compat.h
-@@ -41,14 +41,14 @@
- COMPAT_SYSCALL_DEFINEx(6, _##name, __VA_ARGS__)
-
- #define COMPAT_SYSCALL_DEFINEx(x, name, ...) \
-- asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\
-+ asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\
-+ __attribute__((alias(__stringify(compat_SyS##name)))); \
- static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));\
- asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));\
- asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\
- { \
- return C_SYSC##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \
- } \
-- SYSCALL_ALIAS(compat_sys##name, compat_SyS##name); \
- static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__))
-
- #ifndef compat_user_stack_pointer
-diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
-index 7fac04e..c27f846 100644
---- a/include/linux/syscalls.h
-+++ b/include/linux/syscalls.h
-@@ -184,7 +184,8 @@ extern struct trace_event_functions exit_syscall_print_funcs;
-
- #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__)
- #define __SYSCALL_DEFINEx(x, name, ...) \
-- asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \
-+ asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \
-+ __attribute__((alias(__stringify(SyS##name)))); \
- static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \
- asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \
- asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \
-@@ -194,7 +195,6 @@ extern struct trace_event_functions exit_syscall_print_funcs;
- __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \
- return ret; \
- } \
-- SYSCALL_ALIAS(sys##name, SyS##name); \
- static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__))
-
- asmlinkage long sys_time(time_t __user *tloc);
---
-1.8.5.3
-
diff --git a/kernels/linux-libre-knock/PKGBUILD b/kernels/linux-libre-knock/PKGBUILD
index e20a9d8d4..0184dc0f1 100644
--- a/kernels/linux-libre-knock/PKGBUILD
+++ b/kernels/linux-libre-knock/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $
+# $Id: PKGBUILD 204911 2014-01-31 09:59:51Z bluewind $
# Maintainer: Tobias Powalowski <tpowa@archlinux.org>
# Maintainer: Thomas Baechler <thomas@archlinux.org>
# Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -9,12 +9,12 @@
pkgbase=linux-libre-knock # Build stock -LIBRE-KNOCK kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
-_basekernel=3.13
-_sublevel=4
-_knockpatchver=3.12.4
+_basekernel=3.12
+_sublevel=13
+_knockpatchver=${_basekernel}.4
pkgver=${_basekernel}.${_sublevel}
pkgrel=1
-_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.12 # nearly always the same as pkgver
arch=('i686' 'x86_64' 'mips64el')
url="http://linux-libre.fsfla.org/"
license=('GPL2')
@@ -32,39 +32,31 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'boot-logo.patch'
'change-default-console-loglevel.patch'
'criu-no-expert.patch'
- '0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch'
- '0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch'
- '0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch'
- '0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch'
- '0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch'
- '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch'
- '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch'
- '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch'
- '0001-quirk-asm_volatile_goto.patch'
- 'i8042-fix-aliases.patch'
+ 'sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch'
+ 'sunrpc-replace-gssd_running-with-more-reliable-check.patch'
+ 'nfs-check-gssd-running-before-krb5i-auth.patch'
+ 'rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch'
+ 'sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch'
+ 'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
-md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
- '3659d30b1d06dd5b7874ae04c946863b'
+md5sums=('254f59707b6676b59ce5ca5c3c698319'
+ 'e2ec796847356b785cb06d0563f3f7d5'
'387673a6510de1e1bce8188fc7a72bd1'
- 'b110edf627a7853cf4de27ea8e214001'
- 'f932555dc3851fc6a722e0b1fb2da764'
+ '6eac169d20fd27b55815b0b2db4a473b'
+ 'f341bc4685a40dc409b144b0f44bb137'
'18d660832d681a27084774222fc74c1d'
'2967cecc3af9f954ccc822fd63dca6ff'
'8267264d9a8966e57fdacd1fa1fc65c4'
'44260d2cb1a8b51c119d2ce1f83e457a'
'98beb36f9b8cf16e58de2483ea9985e3'
- '989dc54ff8b179b0f80333cc97c0d43f'
- 'dd2adb99cd3feed6f11022562901965c'
- 'b00cc399d3797cb0793e18b5bf387a50'
- '7cbd2349cdf046acc37b652c06ba36be'
- '10dbaf863e22b2437e68f9190d65c861'
- 'd5907a721b97299f0685c583499f7820'
- 'a724515b350b29c53f20e631c6cf9a14'
- '1ae4ec847f41fa1b6d488f956e94c893'
- 'e6fa278c092ad83780e2dd0568e24ca6'
- '6baa312bc166681f48e972824f3f6649'
- '93dbf73af819b77f03453a9c6de2bb47'
- '9cdff00e5aa53962869857d64a1ccf01')
+ 'd50c1ac47394e9aec637002ef3392bd1'
+ 'd4a75f77e6bd5d700dcd534cd5f0dfce'
+ 'dc86fdc37615c97f03c1e0c31b7b833a'
+ '88eef9d3b5012ef7e82af1af8cc4e517'
+ 'cec0bb8981936eab2943b2009b7a6fff'
+ '88d9cddf9e0050a76ec4674f264fb2a1'
+ 'cb9016630212ef07b168892fbcfd4e5d'
+ 'a9a0ee57377ed6e55957f9671eead03a')
if [ "$CARCH" != "mips64el" ]; then
# don't use the Loongson-specific patches on non-mips64el arches.
unset source[${#source[@]}-1]
@@ -78,14 +70,17 @@ prepare() {
cd "${srcdir}/linux-${_basekernel}"
if [ "${_basekernel}" != "${pkgver}" ]; then
- patch -p1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu"
+ patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu"
fi
# add knock patch
patch -p1 -i "${srcdir}/tcp_stealth_${_knockpatchver}.diff"
# add freedo as boot logo
- patch -p1 -i "${srcdir}/boot-logo.patch"
+ patch -Np1 -i "${srcdir}/boot-logo.patch"
+
+ # fix issue on Hal8188EFWImg_CE.c deblobbed file
+ sed -i "\|DEBLOBBED| s|,||" drivers/staging/rtl8188eu/hal/Hal8188EFWImg_CE.c
# add latest fixes from stable queue, if needed
# http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
@@ -93,47 +88,30 @@ prepare() {
# set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
# remove this when a Kconfig knob is made available by upstream
# (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
- patch -p1 -i "${srcdir}/change-default-console-loglevel.patch"
+ patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch"
- # allow Checkpoint/restore (for criu) without EXPERT=y
- patch -p1 -i "${srcdir}/criu-no-expert.patch"
+ # allow criu without expert option set
+ # patch from fedora
+ patch -Np1 -i "${srcdir}/criu-no-expert.patch"
# fix 15 seconds nfs delay
- # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6
- patch -p1 -i "${srcdir}/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch"
- # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=89f842435c630f8426f414e6030bc2ffea0d6f81
- patch -p1 -i "${srcdir}/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch"
- # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=6aa23d76a7b549521a03b63b6d5b7880ea87eab7
- patch -p1 -i "${srcdir}/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch"
-
+ patch -Np1 -i "${srcdir}/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch"
+ patch -Np1 -i "${srcdir}/sunrpc-replace-gssd_running-with-more-reliable-check.patch"
+ patch -Np1 -i "${srcdir}/nfs-check-gssd-running-before-krb5i-auth.patch"
# fix nfs kernel oops
- # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=3396f92f8be606ea485b0a82d4e7749a448b013b
- patch -p1 -i "${srcdir}/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch"
- # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=e2f0c83a9de331d9352185ca3642616c13127539
- patch -p1 -i "${srcdir}/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch"
- # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=23e66ba97127ff3b064d4c6c5138aa34eafc492f
- patch -p1 -i "${srcdir}/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch"
-
- # Fix FS#38921
- # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9eb2ddb48ce3a7bd745c14a933112994647fa3cd
- patch -p1 -i "${srcdir}/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch"
-
- # Fix symbols: Revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83460ec8dcac14142e7860a01fa59c267ac4657c
- patch -Rp1 -i "${srcdir}/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch"
-
- # Fix i8042 aliases
- patch -p1 -i "${srcdir}/i8042-fix-aliases.patch"
- # Fix compile issues
- # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859
- patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch"
+ # #37866
+ patch -Np1 -i "${srcdir}/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch"
+ patch -Np1 -i "${srcdir}/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch"
+
+ patch -Np1 -i "${srcdir}/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch"
if [ "$CARCH" == "mips64el" ]; then
sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-knock|" Makefile
sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \
< "${srcdir}/lxo-config.patch" > lxo-config.patch
msg2 "Adding loongson-community patches"
- patch -p1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch
- patch -p0 -i lxo-config.patch
+ patch -Np1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch
+ patch -Np0 -i lxo-config.patch
# ensure N32, add localversion, remove uevent helper as per
# https://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=README
@@ -159,6 +137,10 @@ prepare() {
# don't run depmod on 'make install'. We'll do this ourselves in packaging
sed -i '2iexit 0' scripts/depmod.sh
+}
+
+build() {
+ cd "${srcdir}/linux-${_basekernel}"
# get kernel version
make prepare
@@ -173,11 +155,21 @@ prepare() {
# rewrite configuration
yes "" | make config >/dev/null
-}
-build() {
- cd "${srcdir}/linux-${_basekernel}"
+ # save configuration for later reuse
+ if [ "${CARCH}" = "x86_64" ]; then
+ cat .config > "${startdir}/config.x86_64.last"
+ else
+ cat .config > "${startdir}/config.i686.last"
+ fi
+ ####################
+ # stop here
+ # this is useful to configure the kernel
+ #msg "Stopping build"; return 1
+ ####################
+
+ # build!
if [ "$CARCH" == "mips64el" ]; then
# The build system passes it directly to linker, disable to avoid
# having unknown -Wl,... options.
@@ -224,9 +216,12 @@ _package() {
cp vmlinuz "${pkgdir}/boot/vmlinuz-${pkgbase}"
cp vmlinux "${pkgdir}/boot/vmlinux-${pkgbase}"
else
- cp arch/${KARCH}/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
+ cp "arch/${KARCH}/boot/bzImage" "${pkgdir}/boot/vmlinuz-${pkgbase}"
fi
+ # add vmlinux
+ install -D -m644 vmlinux "${pkgdir}/usr/src/linux-${_kernver}/vmlinux"
+
# set correct depmod command for install
cp -f "${startdir}/${install}" "${startdir}/${install}.pkg"
true && install=${install}.pkg
@@ -263,14 +258,10 @@ _package() {
echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-KNOCK}/version"
# Now we call depmod...
- depmod -b "${pkgdir}" -F System.map "${_kernver}"
+ depmod -b "$pkgdir" -F System.map "$_kernver"
# move module tree /lib -> /usr/lib
- mkdir -p "${pkgdir}/usr"
- mv "${pkgdir}/lib" "${pkgdir}/usr/"
-
- # add vmlinux
- install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux"
+ mv "$pkgdir/lib" "$pkgdir/usr"
}
_package-headers() {
@@ -290,127 +281,130 @@ _package-headers() {
install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}"
+ cd "${pkgdir}/usr/lib/modules/${_kernver}"
+ ln -sf ../../../src/linux-${_kernver} build
+
cd "${srcdir}/linux-${_basekernel}"
install -D -m644 Makefile \
- "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile"
+ "${pkgdir}/usr/src/linux-${_kernver}/Makefile"
install -D -m644 kernel/Makefile \
- "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile"
+ "${pkgdir}/usr/src/linux-${_kernver}/kernel/Makefile"
install -D -m644 .config \
- "${pkgdir}/usr/lib/modules/${_kernver}/build/.config"
+ "${pkgdir}/usr/src/linux-${_kernver}/.config"
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include"
for i in acpi asm-generic config crypto drm generated keys linux math-emu \
media net pcmcia scsi sound trace uapi video xen; do
- cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/"
+ cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/"
done
# copy arch includes for external modules
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}"
- cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}"
+ cp -a "arch/${KARCH}/include" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
# copy files necessary for later builds
- cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build"
- cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ cp Module.symvers "${pkgdir}/usr/src/linux-${_kernver}"
+ cp -a scripts "${pkgdir}/usr/src/linux-${_kernver}"
if [ "$CARCH" = "mips64el" ]; then
- cp arch/${KARCH}/Kbuild "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
- cp -a arch/${KARCH}/loongson "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
- cp ${srcdir}/Kbuild.platforms "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+ cp "arch/${KARCH}/Kbuild" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
+ cp -a "arch/${KARCH}/loongson" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
+ cp "${srcdir}/Kbuild.platforms" "${pkgdir}/usr/src/linux-${_kernver}/arch/$KARCH/"
fi
# fix permissions on scripts dir
- chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts"
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions"
+ chmod og-w -R "${pkgdir}/usr/src/linux-${_kernver}/scripts"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/.tmp_versions"
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel"
- cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+ cp arch/${KARCH}/Makefile "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
if [ "${CARCH}" = "i686" ]; then
- cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+ cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
fi
- cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/"
+ cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel/"
# add headers for lirc package
# pci
for i in bt8xx cx88 saa7134; do
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}"
- cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}"
+ cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}"
done
# usb
for i in cpia2 em28xx pwc sn9c102; do
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}"
- cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}"
+ cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}"
done
# i2c
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c"
- cp drivers/media/i2c/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c"
+ cp drivers/media/i2c/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/"
for i in cx25840; do
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}"
- cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}"
+ cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}"
done
# add docbook makefile
install -D -m644 Documentation/DocBook/Makefile \
- "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile"
+ "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile"
# add dm headers
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md"
- cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/md"
+ cp drivers/md/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/md"
# add inotify.h
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux"
- cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/linux"
+ cp include/linux/inotify.h "${pkgdir}/usr/src/linux-${_kernver}/include/linux/"
# add wireless headers
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/"
- cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/"
+ cp net/mac80211/*.h "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/"
# add dvb headers for external modules
# in reference to:
# http://bugs.archlinux.org/task/9912
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core"
- cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core"
+ cp drivers/media/dvb-core/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core/"
# and...
# http://bugs.archlinux.org/task/11194
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/"
- cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/"
+ cp include/config/dvb/*.h "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/"
# add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new
# in reference to:
# http://bugs.archlinux.org/task/13146
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
- cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
- cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/"
+ cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/"
+ cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/"
# add dvb headers
# in reference to:
# http://bugs.archlinux.org/task/20402
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb"
- cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/"
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends"
- cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners"
- cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb"
+ cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends"
+ cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners"
+ cp drivers/media/tuners/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners/"
# add xfs and shmem for aufs building
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs"
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm"
- cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/mm"
+ cp fs/xfs/xfs_sb.h "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs/xfs_sb.h"
# copy in Kconfig files
- for i in $(find . -name "Kconfig*"); do
- mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'`
- cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}"
+ for i in `find . -name "Kconfig*"`; do
+ mkdir -p "${pkgdir}"/usr/src/linux-${_kernver}/`echo ${i} | sed 's|/Kconfig.*||'`
+ cp ${i} "${pkgdir}/usr/src/linux-${_kernver}/${i}"
done
- chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build"
- find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \;
+ chown -R root.root "${pkgdir}/usr/src/linux-${_kernver}"
+ find "${pkgdir}/usr/src/linux-${_kernver}" -type d -exec chmod 755 {} \;
# strip scripts directory
- find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do
+ find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do
case "$(file -bi "${binary}")" in
*application/x-sharedlib*) # Libraries (.so)
/usr/bin/strip ${STRIP_SHARED} "${binary}";;
@@ -422,11 +416,11 @@ _package-headers() {
done
# remove unneeded architectures
- rm -rf "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa}
+ rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa}
if [ "$CARCH" = "mips64el" ]; then
- rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/x86
+ rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/x86
else
- rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/mips
+ rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/mips
fi
}
@@ -438,13 +432,13 @@ _package-docs() {
cd "${srcdir}/linux-${_basekernel}"
- mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build"
- cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}"
+ cp -al Documentation "${pkgdir}/usr/src/linux-${_kernver}"
find "${pkgdir}" -type f -exec chmod 444 {} \;
find "${pkgdir}" -type d -exec chmod 755 {} \;
# remove a file already in linux package
- rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile"
+ rm -f "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile"
}
pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs")
diff --git a/kernels/linux-libre-knock/config.i686 b/kernels/linux-libre-knock/config.i686
index 496c46fad..746c13fa7 100644
--- a/kernels/linux-libre-knock/config.i686
+++ b/kernels/linux-libre-knock/config.i686
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.13.0 Kernel Configuration
+# Linux/x86 3.12.7-1 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -38,6 +38,7 @@ CONFIG_HAVE_INTEL_TXT=y
CONFIG_X86_32_SMP=y
CONFIG_X86_HT=y
CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx"
+CONFIG_ARCH_CPU_PROBE_RELEASE=y
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
CONFIG_IRQ_WORK=y
@@ -74,6 +75,7 @@ CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_WATCH=y
CONFIG_AUDIT_TREE=y
+CONFIG_AUDIT_LOGINUID_IMMUTABLE=y
#
# IRQ subsystem
@@ -157,7 +159,7 @@ CONFIG_CFS_BANDWIDTH=y
CONFIG_RT_GROUP_SCHED=y
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
-CONFIG_CHECKPOINT_RESTORE=y
+# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
@@ -238,6 +240,7 @@ CONFIG_HAVE_KPROBES_ON_FTRACE=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
CONFIG_HAVE_DMA_ATTRS=y
CONFIG_HAVE_DMA_CONTIGUOUS=y
+CONFIG_USE_GENERIC_SMP_HELPERS=y
CONFIG_GENERIC_SMP_IDLE_THREAD=y
CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
CONFIG_HAVE_DMA_API_DEBUG=y
@@ -271,7 +274,6 @@ CONFIG_HAVE_GENERIC_DMA_COHERENT=y
CONFIG_SLABINFO=y
CONFIG_RT_MUTEXES=y
CONFIG_BASE_SMALL=0
-# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
CONFIG_MODULES=y
CONFIG_MODULE_FORCE_LOAD=y
CONFIG_MODULE_UNLOAD=y
@@ -467,7 +469,6 @@ CONFIG_FRONTSWAP=y
# CONFIG_CMA is not set
CONFIG_ZBUD=y
CONFIG_ZSWAP=y
-CONFIG_MEM_SOFT_DIRTY=y
# CONFIG_HIGHPTE is not set
CONFIG_X86_CHECK_BIOS_CORRUPTION=y
CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
@@ -525,13 +526,13 @@ CONFIG_PM_DEBUG=y
CONFIG_PM_ADVANCED_DEBUG=y
# CONFIG_PM_TEST_SUSPEND is not set
CONFIG_PM_SLEEP_DEBUG=y
-# CONFIG_DPM_WATCHDOG is not set
CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y
CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
CONFIG_ACPI=y
CONFIG_ACPI_SLEEP=y
# CONFIG_ACPI_PROCFS is not set
+# CONFIG_ACPI_PROCFS_POWER is not set
CONFIG_ACPI_EC_DEBUGFS=m
CONFIG_ACPI_AC=m
CONFIG_ACPI_BATTERY=m
@@ -546,6 +547,7 @@ CONFIG_ACPI_PROCESSOR_AGGREGATOR=m
CONFIG_ACPI_THERMAL=m
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y
+CONFIG_ACPI_BLACKLIST_YEAR=0
# CONFIG_ACPI_DEBUG is not set
CONFIG_ACPI_PCI_SLOT=y
CONFIG_X86_PM_TIMER=y
@@ -560,7 +562,6 @@ CONFIG_ACPI_APEI_PCIEAER=y
CONFIG_ACPI_APEI_MEMORY_FAILURE=y
CONFIG_ACPI_APEI_EINJ=m
CONFIG_ACPI_APEI_ERST_DEBUG=m
-CONFIG_ACPI_EXTLOG=m
CONFIG_SFI=y
CONFIG_X86_APM_BOOT=y
CONFIG_APM=y
@@ -574,6 +575,7 @@ CONFIG_APM_DO_ENABLE=y
# CPU Frequency scaling
#
CONFIG_CPU_FREQ=y
+CONFIG_CPU_FREQ_TABLE=y
CONFIG_CPU_FREQ_GOV_COMMON=y
CONFIG_CPU_FREQ_STAT=m
CONFIG_CPU_FREQ_STAT_DETAILS=y
@@ -674,7 +676,7 @@ CONFIG_OLPC_XO1_PM=y
CONFIG_OLPC_XO1_RTC=y
CONFIG_OLPC_XO1_SCI=y
CONFIG_OLPC_XO15_SCI=y
-CONFIG_ALIX=y
+# CONFIG_ALIX is not set
# CONFIG_NET5501 is not set
# CONFIG_GEOS is not set
CONFIG_AMD_NB=y
@@ -806,6 +808,7 @@ CONFIG_DEFAULT_TCP_CONG="cubic"
# CONFIG_TCP_MD5SIG is not set
CONFIG_TCP_STEALTH=y
CONFIG_IPV6=y
+CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
CONFIG_IPV6_OPTIMISTIC_DAD=y
@@ -819,7 +822,6 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
-CONFIG_IPV6_VTI=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_SIT_6RD=y
CONFIG_IPV6_NDISC_NODETYPE=y
@@ -882,17 +884,6 @@ CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NETFILTER_SYNPROXY=m
-CONFIG_NF_TABLES=m
-CONFIG_NFT_EXTHDR=m
-CONFIG_NFT_META=m
-CONFIG_NFT_CT=m
-CONFIG_NFT_RBTREE=m
-CONFIG_NFT_HASH=m
-CONFIG_NFT_COUNTER=m
-CONFIG_NFT_LOG=m
-CONFIG_NFT_LIMIT=m
-CONFIG_NFT_NAT=m
-CONFIG_NFT_COMPAT=m
CONFIG_NETFILTER_XTABLES=m
#
@@ -986,9 +977,7 @@ CONFIG_IP_SET_HASH_IP=m
CONFIG_IP_SET_HASH_IPPORT=m
CONFIG_IP_SET_HASH_IPPORTIP=m
CONFIG_IP_SET_HASH_IPPORTNET=m
-CONFIG_IP_SET_HASH_NETPORTNET=m
CONFIG_IP_SET_HASH_NET=m
-CONFIG_IP_SET_HASH_NETNET=m
CONFIG_IP_SET_HASH_NETPORT=m
CONFIG_IP_SET_HASH_NETIFACE=m
CONFIG_IP_SET_LIST_SET=m
@@ -1039,11 +1028,6 @@ CONFIG_IP_VS_PE_SIP=m
CONFIG_NF_DEFRAG_IPV4=m
CONFIG_NF_CONNTRACK_IPV4=m
# CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
-CONFIG_NF_TABLES_IPV4=m
-CONFIG_NFT_REJECT_IPV4=m
-CONFIG_NFT_CHAIN_ROUTE_IPV4=m
-CONFIG_NFT_CHAIN_NAT_IPV4=m
-CONFIG_NF_TABLES_ARP=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_ECN=m
@@ -1076,9 +1060,6 @@ CONFIG_IP_NF_ARP_MANGLE=m
#
CONFIG_NF_DEFRAG_IPV6=m
CONFIG_NF_CONNTRACK_IPV6=m
-CONFIG_NF_TABLES_IPV6=m
-CONFIG_NFT_CHAIN_ROUTE_IPV6=m
-CONFIG_NFT_CHAIN_NAT_IPV6=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_EUI64=m
@@ -1099,7 +1080,6 @@ CONFIG_IP6_NF_SECURITY=m
CONFIG_NF_NAT_IPV6=m
CONFIG_IP6_NF_TARGET_MASQUERADE=m
CONFIG_IP6_NF_TARGET_NPT=m
-CONFIG_NF_TABLES_BRIDGE=m
CONFIG_BRIDGE_NF_EBTABLES=m
CONFIG_BRIDGE_EBT_BROUTE=m
CONFIG_BRIDGE_EBT_T_FILTER=m
@@ -1236,7 +1216,6 @@ CONFIG_NET_CLS_RSVP=m
CONFIG_NET_CLS_RSVP6=m
CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_CGROUP=y
-CONFIG_NET_CLS_BPF=m
# CONFIG_NET_EMATCH is not set
CONFIG_NET_CLS_ACT=y
CONFIG_NET_ACT_POLICE=m
@@ -1266,7 +1245,6 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_NETLINK_MMAP=y
CONFIG_NETLINK_DIAG=m
CONFIG_NET_MPLS_GSO=m
-CONFIG_HSR=m
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
@@ -1434,7 +1412,6 @@ CONFIG_WIMAX_DEBUG_LEVEL=8
CONFIG_RFKILL=m
CONFIG_RFKILL_LEDS=y
CONFIG_RFKILL_INPUT=y
-CONFIG_RFKILL_GPIO=m
CONFIG_NET_9P=m
CONFIG_NET_9P_VIRTIO=m
# CONFIG_NET_9P_DEBUG is not set
@@ -1446,7 +1423,6 @@ CONFIG_CEPH_LIB=m
# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
# CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set
CONFIG_NFC=m
-CONFIG_NFC_DIGITAL=m
CONFIG_NFC_NCI=m
# CONFIG_NFC_NCI_SPI is not set
CONFIG_NFC_HCI=m
@@ -1459,7 +1435,6 @@ CONFIG_NFC_PN533=m
CONFIG_NFC_WILINK=m
CONFIG_NFC_MEI_PHY=m
CONFIG_NFC_SIM=m
-CONFIG_NFC_PORT100=m
CONFIG_NFC_PN544=m
CONFIG_NFC_PN544_MEI=m
CONFIG_NFC_MICROREAD=m
@@ -1622,7 +1597,6 @@ CONFIG_OF_PCI=y
CONFIG_OF_PCI_IRQ=y
CONFIG_OF_MTD=y
CONFIG_PARPORT=m
-CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
CONFIG_PARPORT_PC=m
CONFIG_PARPORT_SERIAL=m
# CONFIG_PARPORT_PC_FIFO is not set
@@ -1642,10 +1616,10 @@ CONFIG_ISAPNP=y
# CONFIG_PNPBIOS is not set
CONFIG_PNPACPI=y
CONFIG_BLK_DEV=y
-# CONFIG_BLK_DEV_NULL_BLK is not set
CONFIG_BLK_DEV_FD=m
# CONFIG_PARIDE is not set
CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m
+CONFIG_BLK_CPQ_DA=m
CONFIG_BLK_CPQ_CISS_DA=m
# CONFIG_CISS_SCSI_TAPE is not set
CONFIG_BLK_DEV_DAC960=m
@@ -1740,14 +1714,6 @@ CONFIG_ALTERA_STAPL=m
CONFIG_INTEL_MEI=m
CONFIG_INTEL_MEI_ME=m
CONFIG_VMWARE_VMCI=m
-
-#
-# Intel MIC Host Driver
-#
-
-#
-# Intel MIC Card Driver
-#
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@@ -2039,6 +2005,7 @@ CONFIG_MD_MULTIPATH=m
CONFIG_MD_FAULTY=m
CONFIG_BCACHE=m
# CONFIG_BCACHE_DEBUG is not set
+# CONFIG_BCACHE_EDEBUG is not set
# CONFIG_BCACHE_CLOSURES_DEBUG is not set
CONFIG_BLK_DEV_DM=m
# CONFIG_DM_DEBUG is not set
@@ -2053,8 +2020,8 @@ CONFIG_DM_CACHE=m
CONFIG_DM_CACHE_MQ=m
CONFIG_DM_CACHE_CLEANER=m
CONFIG_DM_MIRROR=m
-CONFIG_DM_LOG_USERSPACE=m
CONFIG_DM_RAID=m
+CONFIG_DM_LOG_USERSPACE=m
CONFIG_DM_ZERO=m
CONFIG_DM_MULTIPATH=m
CONFIG_DM_MULTIPATH_QL=m
@@ -2449,7 +2416,6 @@ CONFIG_USB_NET_AX88179_178A=m
CONFIG_USB_NET_CDCETHER=m
CONFIG_USB_NET_CDC_EEM=m
CONFIG_USB_NET_CDC_NCM=m
-CONFIG_USB_NET_HUAWEI_CDC_NCM=m
CONFIG_USB_NET_CDC_MBIM=m
CONFIG_USB_NET_DM9601=m
CONFIG_USB_NET_SR9700=m
@@ -2534,8 +2500,6 @@ CONFIG_ATH10K_PCI=m
# CONFIG_ATH10K_DEBUG is not set
CONFIG_ATH10K_DEBUGFS=y
# CONFIG_ATH10K_TRACING is not set
-CONFIG_WCN36XX=m
-# CONFIG_WCN36XX_DEBUGFS is not set
CONFIG_B43=m
CONFIG_B43_BCMA=y
CONFIG_B43_SSB=y
@@ -2636,7 +2600,6 @@ CONFIG_RT2800USB_RT53XX=y
CONFIG_RT2800USB_RT55XX=y
CONFIG_RT2800USB_UNKNOWN=y
CONFIG_RT2800_LIB=m
-CONFIG_RT2800_LIB_MMIO=m
CONFIG_RT2X00_LIB_MMIO=m
CONFIG_RT2X00_LIB_PCI=m
CONFIG_RT2X00_LIB_USB=m
@@ -2850,7 +2813,7 @@ CONFIG_INPUT_MATRIXKMAP=m
#
# Userland interfaces
#
-CONFIG_INPUT_MOUSEDEV=m
+CONFIG_INPUT_MOUSEDEV=y
CONFIG_INPUT_MOUSEDEV_PSAUX=y
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
@@ -2864,7 +2827,7 @@ CONFIG_INPUT_EVDEV=m
CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ADP5588=m
CONFIG_KEYBOARD_ADP5589=m
-CONFIG_KEYBOARD_ATKBD=m
+CONFIG_KEYBOARD_ATKBD=y
CONFIG_KEYBOARD_QT1070=m
CONFIG_KEYBOARD_QT2160=m
# CONFIG_KEYBOARD_LKKBD is not set
@@ -2895,7 +2858,7 @@ CONFIG_MOUSE_PS2_ELANTECH=y
CONFIG_MOUSE_PS2_SENTELIC=y
# CONFIG_MOUSE_PS2_TOUCHKIT is not set
CONFIG_MOUSE_PS2_OLPC=y
-CONFIG_MOUSE_SERIAL=m
+CONFIG_MOUSE_SERIAL=y
CONFIG_MOUSE_APPLETOUCH=m
CONFIG_MOUSE_BCM5974=m
CONFIG_MOUSE_CYAPA=m
@@ -3014,9 +2977,7 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m
# CONFIG_TOUCHSCREEN_TSC2005 is not set
CONFIG_TOUCHSCREEN_TSC2007=m
CONFIG_TOUCHSCREEN_ST1232=m
-CONFIG_TOUCHSCREEN_SUR40=m
CONFIG_TOUCHSCREEN_TPS6507X=m
-CONFIG_TOUCHSCREEN_ZFORCE=m
CONFIG_INPUT_MISC=y
CONFIG_INPUT_AD714X=m
CONFIG_INPUT_AD714X_I2C=m
@@ -3042,6 +3003,7 @@ CONFIG_INPUT_RETU_PWRBUTTON=m
CONFIG_INPUT_UINPUT=m
CONFIG_INPUT_PCF50633_PMU=m
CONFIG_INPUT_PCF8574=m
+# CONFIG_INPUT_PWM_BEEPER is not set
CONFIG_INPUT_GPIO_ROTARY_ENCODER=m
CONFIG_INPUT_ADXL34X=m
CONFIG_INPUT_ADXL34X_I2C=m
@@ -3054,20 +3016,19 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m
#
# Hardware I/O ports
#
-CONFIG_SERIO=m
-CONFIG_SERIO_I8042=m
+CONFIG_SERIO=y
+CONFIG_SERIO_I8042=y
CONFIG_SERIO_SERPORT=m
CONFIG_SERIO_CT82C710=m
CONFIG_SERIO_PARKBD=m
CONFIG_SERIO_PCIPS2=m
-CONFIG_SERIO_LIBPS2=m
+CONFIG_SERIO_LIBPS2=y
CONFIG_SERIO_RAW=m
CONFIG_SERIO_ALTERA_PS2=m
CONFIG_SERIO_PS2MULT=m
CONFIG_SERIO_ARC_PS2=m
CONFIG_SERIO_APBPS2=m
CONFIG_SERIO_OLPC_APSP=m
-CONFIG_HYPERV_KEYBOARD=m
CONFIG_GAMEPORT=m
CONFIG_GAMEPORT_NS558=m
CONFIG_GAMEPORT_L4=m
@@ -3144,6 +3105,7 @@ CONFIG_SERIAL_ARC_NR_PORTS=1
CONFIG_SERIAL_RP2=m
CONFIG_SERIAL_RP2_NR_UARTS=32
CONFIG_SERIAL_FSL_LPUART=m
+CONFIG_SERIAL_ST_ASC=m
CONFIG_PRINTER=m
# CONFIG_LP_CONSOLE is not set
CONFIG_PPDEV=m
@@ -3182,13 +3144,10 @@ CONFIG_NSC_GPIO=m
# CONFIG_RAW_DRIVER is not set
CONFIG_HPET=y
CONFIG_HPET_MMAP=y
-CONFIG_HPET_MMAP_DEFAULT=y
CONFIG_HANGCHECK_TIMER=m
CONFIG_TCG_TPM=m
CONFIG_TCG_TIS=m
-CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
-CONFIG_TCG_TIS_I2C_NUVOTON=m
CONFIG_TCG_NSC=m
CONFIG_TCG_ATMEL=m
CONFIG_TCG_INFINEON=m
@@ -3290,6 +3249,7 @@ CONFIG_SPI_MASTER=y
# CONFIG_SPI_GPIO is not set
# CONFIG_SPI_LM70_LLP is not set
# CONFIG_SPI_FSL_SPI is not set
+# CONFIG_SPI_FSL_DSPI is not set
# CONFIG_SPI_OC_TINY is not set
# CONFIG_SPI_PXA2XX is not set
# CONFIG_SPI_PXA2XX_PCI is not set
@@ -3331,8 +3291,8 @@ CONFIG_PTP_1588_CLOCK=m
CONFIG_DP83640_PHY=m
CONFIG_PTP_1588_CLOCK_PCH=m
CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
-CONFIG_GPIOLIB=y
CONFIG_GPIO_DEVRES=y
+CONFIG_GPIOLIB=y
CONFIG_OF_GPIO=y
CONFIG_GPIO_ACPI=y
# CONFIG_DEBUG_GPIO is not set
@@ -3367,7 +3327,7 @@ CONFIG_GPIO_ARIZONA=m
#
CONFIG_GPIO_CS5535=y
CONFIG_GPIO_AMD8111=m
-# CONFIG_GPIO_INTEL_MID is not set
+# CONFIG_GPIO_LANGWELL is not set
# CONFIG_GPIO_PCH is not set
# CONFIG_GPIO_ML_IOH is not set
# CONFIG_GPIO_SODAVILLE is not set
@@ -3384,7 +3344,7 @@ CONFIG_GPIO_AMD8111=m
#
# AC97 GPIO expanders:
#
-CONFIG_GPIO_UCB1400=m
+CONFIG_GPIO_UCB1400=y
#
# LPC GPIO expanders:
@@ -3393,7 +3353,6 @@ CONFIG_GPIO_UCB1400=m
#
# MODULbus GPIO expanders:
#
-# CONFIG_GPIO_BCM_KONA is not set
#
# USB GPIO expanders:
@@ -3419,7 +3378,6 @@ CONFIG_BATTERY_OLPC=m
# CONFIG_CHARGER_GPIO is not set
# CONFIG_CHARGER_BQ2415X is not set
# CONFIG_CHARGER_BQ24190 is not set
-CONFIG_CHARGER_BQ24735=m
# CONFIG_CHARGER_SMB347 is not set
CONFIG_POWER_RESET=y
CONFIG_POWER_RESET_GPIO=y
@@ -4151,7 +4109,7 @@ CONFIG_VIDEO_UPD64031A=m
CONFIG_VIDEO_UPD64083=m
#
-# Miscellaneous helper chips
+# Miscelaneous helper chips
#
CONFIG_VIDEO_M52790=m
@@ -4227,7 +4185,6 @@ CONFIG_DVB_TUNER_CX24113=m
CONFIG_DVB_TDA826X=m
CONFIG_DVB_TUA6100=m
CONFIG_DVB_CX24116=m
-CONFIG_DVB_CX24117=m
CONFIG_DVB_SI21XX=m
CONFIG_DVB_TS2020=m
CONFIG_DVB_DS3000=m
@@ -4339,7 +4296,6 @@ CONFIG_VGA_SWITCHEROO=y
CONFIG_DRM=m
CONFIG_DRM_USB=m
CONFIG_DRM_KMS_HELPER=m
-CONFIG_DRM_KMS_FB_HELPER=y
CONFIG_DRM_LOAD_EDID_FIRMWARE=y
CONFIG_DRM_TTM=m
@@ -4359,7 +4315,6 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3
CONFIG_DRM_NOUVEAU_BACKLIGHT=y
CONFIG_DRM_I915=m
CONFIG_DRM_I915_KMS=y
-CONFIG_DRM_I915_FBDEV=y
# CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
CONFIG_DRM_MGA=m
CONFIG_DRM_SIS=m
@@ -4478,7 +4433,7 @@ CONFIG_BACKLIGHT_APPLE=m
# CONFIG_BACKLIGHT_ADP8860 is not set
# CONFIG_BACKLIGHT_ADP8870 is not set
CONFIG_BACKLIGHT_PCF50633=m
-CONFIG_BACKLIGHT_LM3630A=m
+# CONFIG_BACKLIGHT_LM3630 is not set
# CONFIG_BACKLIGHT_LM3639 is not set
# CONFIG_BACKLIGHT_LP855X is not set
# CONFIG_BACKLIGHT_OT200 is not set
@@ -4697,7 +4652,6 @@ CONFIG_SND_USB_6FIRE=m
CONFIG_SND_USB_HIFACE=m
CONFIG_SND_FIREWIRE=y
CONFIG_SND_FIREWIRE_LIB=m
-CONFIG_SND_DICE=m
CONFIG_SND_FIREWIRE_SPEAKERS=m
CONFIG_SND_ISIGHT=m
CONFIG_SND_SCS1X=m
@@ -4775,7 +4729,6 @@ CONFIG_HID_ROCCAT=m
CONFIG_HID_SAITEK=m
CONFIG_HID_SAMSUNG=m
CONFIG_HID_SONY=m
-CONFIG_SONY_FF=y
CONFIG_HID_SPEEDLINK=m
CONFIG_HID_STEELSERIES=m
CONFIG_HID_SUNPLUS=m
@@ -5008,6 +4961,7 @@ CONFIG_USB_XUSBATM=m
#
CONFIG_USB_PHY=y
CONFIG_NOP_USB_XCEIV=m
+# CONFIG_AM335X_PHY_USB is not set
CONFIG_SAMSUNG_USBPHY=m
CONFIG_SAMSUNG_USB2PHY=m
CONFIG_SAMSUNG_USB3PHY=m
@@ -5050,7 +5004,6 @@ CONFIG_USB_F_NCM=m
CONFIG_USB_F_ECM=m
CONFIG_USB_F_SUBSET=m
CONFIG_USB_F_RNDIS=m
-CONFIG_USB_F_MASS_STORAGE=m
# CONFIG_USB_CONFIGFS is not set
# CONFIG_USB_ZERO is not set
CONFIG_USB_AUDIO=m
@@ -5150,7 +5103,6 @@ CONFIG_LEDS_LP5562=m
CONFIG_LEDS_CLEVO_MAIL=m
CONFIG_LEDS_PCA955X=m
# CONFIG_LEDS_PCA963X is not set
-CONFIG_LEDS_PCA9685=m
# CONFIG_LEDS_DAC124S085 is not set
# CONFIG_LEDS_PWM is not set
CONFIG_LEDS_BD2802=m
@@ -5312,7 +5264,6 @@ CONFIG_DMA_OF=y
#
CONFIG_ASYNC_TX_DMA=y
# CONFIG_DMATEST is not set
-CONFIG_DMA_ENGINE_RAID=y
CONFIG_DCA=m
CONFIG_AUXDISPLAY=y
CONFIG_KS0108=m
@@ -5613,6 +5564,7 @@ CONFIG_X86_PLATFORM_DEVICES=y
CONFIG_ACER_WMI=m
CONFIG_ACERHDF=m
CONFIG_ASUS_LAPTOP=m
+CONFIG_CHROMEOS_LAPTOP=m
CONFIG_DELL_LAPTOP=m
CONFIG_DELL_WMI=m
CONFIG_DELL_WMI_AIO=m
@@ -5660,8 +5612,6 @@ CONFIG_APPLE_GMUX=m
CONFIG_INTEL_RST=y
CONFIG_INTEL_SMARTCONNECT=y
CONFIG_PVPANIC=m
-CONFIG_CHROME_PLATFORMS=y
-CONFIG_CHROMEOS_LAPTOP=m
#
# Hardware Spinlock drivers
@@ -5715,15 +5665,6 @@ CONFIG_FMC_WRITE_EEPROM=m
CONFIG_FMC_CHARDEV=m
#
-# PHY Subsystem
-#
-CONFIG_GENERIC_PHY=m
-CONFIG_PHY_EXYNOS_MIPI_VIDEO=m
-CONFIG_PHY_EXYNOS_DP_VIDEO=m
-CONFIG_POWERCAP=y
-CONFIG_INTEL_RAPL=m
-
-#
# Firmware Drivers
#
CONFIG_EDD=m
@@ -5741,7 +5682,6 @@ CONFIG_ISCSI_IBFT=m
# EFI (Extensible Firmware Interface) Support
#
# CONFIG_EFI_VARS is not set
-CONFIG_UEFI_CPER=y
#
# File systems
@@ -5887,11 +5827,6 @@ CONFIG_UBIFS_FS_ZLIB=y
CONFIG_LOGFS=m
CONFIG_CRAMFS=m
CONFIG_SQUASHFS=m
-# CONFIG_SQUASHFS_FILE_CACHE is not set
-CONFIG_SQUASHFS_FILE_DIRECT=y
-# CONFIG_SQUASHFS_DECOMP_SINGLE is not set
-# CONFIG_SQUASHFS_DECOMP_MULTI is not set
-CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y
CONFIG_SQUASHFS_XATTR=y
CONFIG_SQUASHFS_ZLIB=y
CONFIG_SQUASHFS_LZO=y
@@ -5921,7 +5856,6 @@ CONFIG_F2FS_STAT_FS=y
CONFIG_F2FS_FS_XATTR=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_F2FS_FS_SECURITY=y
-CONFIG_F2FS_CHECK_FS=y
CONFIG_EFIVAR_FS=y
CONFIG_ORE=m
CONFIG_NETWORK_FILESYSTEMS=y
@@ -5937,7 +5871,6 @@ CONFIG_PNFS_FILE_LAYOUT=m
CONFIG_PNFS_BLOCK=m
CONFIG_PNFS_OBJLAYOUT=m
CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org"
-CONFIG_NFS_V4_1_MIGRATION=y
CONFIG_NFS_V4_SECURITY_LABEL=y
CONFIG_NFS_FSCACHE=y
# CONFIG_NFS_USE_LEGACY_DNS is not set
@@ -6075,7 +6008,6 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
CONFIG_MAGIC_SYSRQ=y
-CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
CONFIG_DEBUG_KERNEL=y
#
@@ -6212,7 +6144,6 @@ CONFIG_LKDTM=m
# CONFIG_BACKTRACE_SELF_TEST is not set
# CONFIG_RBTREE_TEST is not set
# CONFIG_INTERVAL_TREE_TEST is not set
-CONFIG_PERCPU_TEST=m
# CONFIG_ATOMIC64_SELFTEST is not set
CONFIG_ASYNC_RAID6_TEST=m
# CONFIG_TEST_STRING_HELPERS is not set
@@ -6227,7 +6158,6 @@ CONFIG_STRICT_DEVMEM=y
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
-CONFIG_EARLY_PRINTK_EFI=y
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_RODATA=y
# CONFIG_DEBUG_RODATA_TEST is not set
@@ -6257,8 +6187,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0
# Security options
#
CONFIG_KEYS=y
-CONFIG_PERSISTENT_KEYRINGS=y
-CONFIG_BIG_KEYS=y
CONFIG_TRUSTED_KEYS=m
CONFIG_ENCRYPTED_KEYS=m
# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
@@ -6269,16 +6197,8 @@ CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
CONFIG_SECURITY_PATH=y
# CONFIG_INTEL_TXT is not set
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-# CONFIG_SECURITY_SELINUX_DISABLE is not set
-CONFIG_SECURITY_SELINUX_DEVELOP=y
-CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
-# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
-CONFIG_SECURITY_SMACK=y
+# CONFIG_SECURITY_SELINUX is not set
+# CONFIG_SECURITY_SMACK is not set
CONFIG_SECURITY_TOMOYO=y
CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
@@ -6291,8 +6211,6 @@ CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_YAMA_STACKED=y
# CONFIG_IMA is not set
-# CONFIG_DEFAULT_SECURITY_SELINUX is not set
-# CONFIG_DEFAULT_SECURITY_SMACK is not set
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
# CONFIG_DEFAULT_SECURITY_YAMA is not set
@@ -6332,7 +6250,7 @@ CONFIG_CRYPTO_WORKQUEUE=y
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_AUTHENC=m
CONFIG_CRYPTO_TEST=m
-CONFIG_CRYPTO_ABLK_HELPER=m
+CONFIG_CRYPTO_ABLK_HELPER_X86=m
CONFIG_CRYPTO_GLUE_HELPER_X86=m
#
@@ -6426,7 +6344,6 @@ CONFIG_CRYPTO_ANSI_CPRNG=m
CONFIG_CRYPTO_USER_API=m
CONFIG_CRYPTO_USER_API_HASH=m
CONFIG_CRYPTO_USER_API_SKCIPHER=m
-CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
@@ -6447,7 +6364,6 @@ CONFIG_KVM_MMIO=y
CONFIG_KVM_ASYNC_PF=y
CONFIG_HAVE_KVM_MSI=y
CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
-CONFIG_KVM_VFIO=y
CONFIG_VIRTUALIZATION=y
CONFIG_KVM=m
CONFIG_KVM_INTEL=m
@@ -6484,7 +6400,6 @@ CONFIG_CRC7=m
CONFIG_LIBCRC32C=m
CONFIG_CRC8=m
CONFIG_AUDIT_GENERIC=y
-# CONFIG_RANDOM32_SELFTEST is not set
CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y
CONFIG_LZO_COMPRESS=y
@@ -6518,7 +6433,6 @@ CONFIG_TEXTSEARCH_KMP=m
CONFIG_TEXTSEARCH_BM=m
CONFIG_TEXTSEARCH_FSM=m
CONFIG_BTREE=y
-CONFIG_ASSOCIATIVE_ARRAY=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT=y
CONFIG_HAS_DMA=y
diff --git a/kernels/linux-libre-knock/config.x86_64 b/kernels/linux-libre-knock/config.x86_64
index 9152ab01a..0d06a2842 100644
--- a/kernels/linux-libre-knock/config.x86_64
+++ b/kernels/linux-libre-knock/config.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.13.0 Kernel Configuration
+# Linux/x86 3.12.7-1 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -39,6 +39,7 @@ CONFIG_HAVE_INTEL_TXT=y
CONFIG_X86_64_SMP=y
CONFIG_X86_HT=y
CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
+CONFIG_ARCH_CPU_PROBE_RELEASE=y
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
CONFIG_IRQ_WORK=y
@@ -75,6 +76,7 @@ CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_WATCH=y
CONFIG_AUDIT_TREE=y
+CONFIG_AUDIT_LOGINUID_IMMUTABLE=y
#
# IRQ subsystem
@@ -141,7 +143,6 @@ CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=19
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
-CONFIG_ARCH_SUPPORTS_INT128=y
CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y
CONFIG_ARCH_USES_NUMA_PROT_NONE=y
CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y
@@ -246,6 +247,7 @@ CONFIG_HAVE_OPTPROBES=y
CONFIG_HAVE_KPROBES_ON_FTRACE=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
CONFIG_HAVE_DMA_ATTRS=y
+CONFIG_USE_GENERIC_SMP_HELPERS=y
CONFIG_GENERIC_SMP_IDLE_THREAD=y
CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
CONFIG_HAVE_DMA_API_DEBUG=y
@@ -265,12 +267,10 @@ CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_CONTEXT_TRACKING=y
-CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
CONFIG_HAVE_ARCH_SOFT_DIRTY=y
CONFIG_MODULES_USE_ELF_RELA=y
-CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
CONFIG_OLD_SIGSUSPEND3=y
CONFIG_COMPAT_OLD_SIGACTION=y
@@ -282,7 +282,6 @@ CONFIG_COMPAT_OLD_SIGACTION=y
CONFIG_SLABINFO=y
CONFIG_RT_MUTEXES=y
CONFIG_BASE_SMALL=0
-# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
CONFIG_MODULES=y
CONFIG_MODULE_FORCE_LOAD=y
CONFIG_MODULE_UNLOAD=y
@@ -451,7 +450,6 @@ CONFIG_MEMORY_HOTPLUG_SPARSE=y
CONFIG_MEMORY_HOTREMOVE=y
CONFIG_PAGEFLAGS_EXTENDED=y
CONFIG_SPLIT_PTLOCK_CPUS=4
-CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
CONFIG_BALLOON_COMPACTION=y
CONFIG_COMPACTION=y
CONFIG_MIGRATION=y
@@ -532,13 +530,13 @@ CONFIG_PM_DEBUG=y
CONFIG_PM_ADVANCED_DEBUG=y
# CONFIG_PM_TEST_SUSPEND is not set
CONFIG_PM_SLEEP_DEBUG=y
-# CONFIG_DPM_WATCHDOG is not set
CONFIG_PM_TRACE=y
CONFIG_PM_TRACE_RTC=y
# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
CONFIG_ACPI=y
CONFIG_ACPI_SLEEP=y
# CONFIG_ACPI_PROCFS is not set
+# CONFIG_ACPI_PROCFS_POWER is not set
CONFIG_ACPI_EC_DEBUGFS=m
CONFIG_ACPI_AC=m
CONFIG_ACPI_BATTERY=m
@@ -554,6 +552,7 @@ CONFIG_ACPI_THERMAL=m
CONFIG_ACPI_NUMA=y
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y
+CONFIG_ACPI_BLACKLIST_YEAR=0
# CONFIG_ACPI_DEBUG is not set
CONFIG_ACPI_PCI_SLOT=y
CONFIG_X86_PM_TIMER=y
@@ -569,13 +568,13 @@ CONFIG_ACPI_APEI_PCIEAER=y
CONFIG_ACPI_APEI_MEMORY_FAILURE=y
CONFIG_ACPI_APEI_EINJ=m
CONFIG_ACPI_APEI_ERST_DEBUG=m
-CONFIG_ACPI_EXTLOG=m
CONFIG_SFI=y
#
# CPU Frequency scaling
#
CONFIG_CPU_FREQ=y
+CONFIG_CPU_FREQ_TABLE=y
CONFIG_CPU_FREQ_GOV_COMMON=y
CONFIG_CPU_FREQ_STAT=m
CONFIG_CPU_FREQ_STAT_DETAILS=y
@@ -789,6 +788,7 @@ CONFIG_DEFAULT_TCP_CONG="cubic"
# CONFIG_TCP_MD5SIG is not set
CONFIG_TCP_STEALTH=y
CONFIG_IPV6=y
+CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
CONFIG_IPV6_OPTIMISTIC_DAD=y
@@ -802,7 +802,6 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
-CONFIG_IPV6_VTI=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_SIT_6RD=y
CONFIG_IPV6_NDISC_NODETYPE=y
@@ -865,17 +864,6 @@ CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NETFILTER_SYNPROXY=m
-CONFIG_NF_TABLES=m
-CONFIG_NFT_EXTHDR=m
-CONFIG_NFT_META=m
-CONFIG_NFT_CT=m
-CONFIG_NFT_RBTREE=m
-CONFIG_NFT_HASH=m
-CONFIG_NFT_COUNTER=m
-CONFIG_NFT_LOG=m
-CONFIG_NFT_LIMIT=m
-CONFIG_NFT_NAT=m
-CONFIG_NFT_COMPAT=m
CONFIG_NETFILTER_XTABLES=m
#
@@ -969,9 +957,7 @@ CONFIG_IP_SET_HASH_IP=m
CONFIG_IP_SET_HASH_IPPORT=m
CONFIG_IP_SET_HASH_IPPORTIP=m
CONFIG_IP_SET_HASH_IPPORTNET=m
-CONFIG_IP_SET_HASH_NETPORTNET=m
CONFIG_IP_SET_HASH_NET=m
-CONFIG_IP_SET_HASH_NETNET=m
CONFIG_IP_SET_HASH_NETPORT=m
CONFIG_IP_SET_HASH_NETIFACE=m
CONFIG_IP_SET_LIST_SET=m
@@ -1022,11 +1008,6 @@ CONFIG_IP_VS_PE_SIP=m
CONFIG_NF_DEFRAG_IPV4=m
CONFIG_NF_CONNTRACK_IPV4=m
# CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
-CONFIG_NF_TABLES_IPV4=m
-CONFIG_NFT_REJECT_IPV4=m
-CONFIG_NFT_CHAIN_ROUTE_IPV4=m
-CONFIG_NFT_CHAIN_NAT_IPV4=m
-CONFIG_NF_TABLES_ARP=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_ECN=m
@@ -1059,9 +1040,6 @@ CONFIG_IP_NF_ARP_MANGLE=m
#
CONFIG_NF_DEFRAG_IPV6=m
CONFIG_NF_CONNTRACK_IPV6=m
-CONFIG_NF_TABLES_IPV6=m
-CONFIG_NFT_CHAIN_ROUTE_IPV6=m
-CONFIG_NFT_CHAIN_NAT_IPV6=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_EUI64=m
@@ -1082,7 +1060,6 @@ CONFIG_IP6_NF_SECURITY=m
CONFIG_NF_NAT_IPV6=m
CONFIG_IP6_NF_TARGET_MASQUERADE=m
CONFIG_IP6_NF_TARGET_NPT=m
-CONFIG_NF_TABLES_BRIDGE=m
CONFIG_BRIDGE_NF_EBTABLES=m
CONFIG_BRIDGE_EBT_BROUTE=m
CONFIG_BRIDGE_EBT_T_FILTER=m
@@ -1215,7 +1192,6 @@ CONFIG_NET_CLS_RSVP=m
CONFIG_NET_CLS_RSVP6=m
CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_CGROUP=y
-CONFIG_NET_CLS_BPF=m
# CONFIG_NET_EMATCH is not set
CONFIG_NET_CLS_ACT=y
CONFIG_NET_ACT_POLICE=m
@@ -1245,7 +1221,6 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_NETLINK_MMAP=y
CONFIG_NETLINK_DIAG=m
CONFIG_NET_MPLS_GSO=m
-CONFIG_HSR=m
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
@@ -1409,7 +1384,6 @@ CONFIG_WIMAX_DEBUG_LEVEL=8
CONFIG_RFKILL=m
CONFIG_RFKILL_LEDS=y
CONFIG_RFKILL_INPUT=y
-CONFIG_RFKILL_GPIO=m
CONFIG_NET_9P=m
CONFIG_NET_9P_VIRTIO=m
# CONFIG_NET_9P_DEBUG is not set
@@ -1421,7 +1395,6 @@ CONFIG_CEPH_LIB=m
# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
# CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set
CONFIG_NFC=m
-CONFIG_NFC_DIGITAL=m
CONFIG_NFC_NCI=m
# CONFIG_NFC_NCI_SPI is not set
CONFIG_NFC_HCI=m
@@ -1434,7 +1407,6 @@ CONFIG_NFC_PN533=m
CONFIG_NFC_WILINK=m
CONFIG_NFC_MEI_PHY=m
CONFIG_NFC_SIM=m
-CONFIG_NFC_PORT100=m
CONFIG_NFC_PN544=m
CONFIG_NFC_PN544_MEI=m
CONFIG_NFC_MICROREAD=m
@@ -1581,7 +1553,6 @@ CONFIG_MTD_UBI_BEB_LIMIT=20
# CONFIG_MTD_UBI_FASTMAP is not set
# CONFIG_MTD_UBI_GLUEBI is not set
CONFIG_PARPORT=m
-CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
CONFIG_PARPORT_PC=m
CONFIG_PARPORT_SERIAL=m
# CONFIG_PARPORT_PC_FIFO is not set
@@ -1599,10 +1570,10 @@ CONFIG_PNP=y
#
CONFIG_PNPACPI=y
CONFIG_BLK_DEV=y
-# CONFIG_BLK_DEV_NULL_BLK is not set
CONFIG_BLK_DEV_FD=m
# CONFIG_PARIDE is not set
CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m
+CONFIG_BLK_CPQ_DA=m
CONFIG_BLK_CPQ_CISS_DA=m
# CONFIG_CISS_SCSI_TAPE is not set
CONFIG_BLK_DEV_DAC960=m
@@ -1615,7 +1586,6 @@ CONFIG_BLK_DEV_DRBD=m
# CONFIG_DRBD_FAULT_INJECTION is not set
CONFIG_BLK_DEV_NBD=m
CONFIG_BLK_DEV_NVME=m
-CONFIG_BLK_DEV_SKD=m
CONFIG_BLK_DEV_OSD=m
CONFIG_BLK_DEV_SX8=m
CONFIG_BLK_DEV_RAM=m
@@ -1700,16 +1670,6 @@ CONFIG_ALTERA_STAPL=m
CONFIG_INTEL_MEI=m
CONFIG_INTEL_MEI_ME=m
CONFIG_VMWARE_VMCI=m
-
-#
-# Intel MIC Host Driver
-#
-CONFIG_INTEL_MIC_HOST=m
-
-#
-# Intel MIC Card Driver
-#
-CONFIG_INTEL_MIC_CARD=m
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@@ -1977,6 +1937,7 @@ CONFIG_MD_MULTIPATH=m
CONFIG_MD_FAULTY=m
CONFIG_BCACHE=m
# CONFIG_BCACHE_DEBUG is not set
+# CONFIG_BCACHE_EDEBUG is not set
# CONFIG_BCACHE_CLOSURES_DEBUG is not set
CONFIG_BLK_DEV_DM=m
# CONFIG_DM_DEBUG is not set
@@ -1991,8 +1952,8 @@ CONFIG_DM_CACHE=m
CONFIG_DM_CACHE_MQ=m
CONFIG_DM_CACHE_CLEANER=m
CONFIG_DM_MIRROR=m
-CONFIG_DM_LOG_USERSPACE=m
CONFIG_DM_RAID=m
+CONFIG_DM_LOG_USERSPACE=m
CONFIG_DM_ZERO=m
CONFIG_DM_MULTIPATH=m
CONFIG_DM_MULTIPATH_QL=m
@@ -2373,7 +2334,6 @@ CONFIG_USB_NET_AX88179_178A=m
CONFIG_USB_NET_CDCETHER=m
CONFIG_USB_NET_CDC_EEM=m
CONFIG_USB_NET_CDC_NCM=m
-CONFIG_USB_NET_HUAWEI_CDC_NCM=m
CONFIG_USB_NET_CDC_MBIM=m
CONFIG_USB_NET_DM9601=m
CONFIG_USB_NET_SR9700=m
@@ -2458,8 +2418,6 @@ CONFIG_ATH10K_PCI=m
# CONFIG_ATH10K_DEBUG is not set
CONFIG_ATH10K_DEBUGFS=y
# CONFIG_ATH10K_TRACING is not set
-CONFIG_WCN36XX=m
-# CONFIG_WCN36XX_DEBUGFS is not set
CONFIG_B43=m
CONFIG_B43_BCMA=y
CONFIG_B43_SSB=y
@@ -2560,7 +2518,6 @@ CONFIG_RT2800USB_RT53XX=y
CONFIG_RT2800USB_RT55XX=y
CONFIG_RT2800USB_UNKNOWN=y
CONFIG_RT2800_LIB=m
-CONFIG_RT2800_LIB_MMIO=m
CONFIG_RT2X00_LIB_MMIO=m
CONFIG_RT2X00_LIB_PCI=m
CONFIG_RT2X00_LIB_USB=m
@@ -2760,7 +2717,7 @@ CONFIG_INPUT_MATRIXKMAP=m
#
# Userland interfaces
#
-CONFIG_INPUT_MOUSEDEV=m
+CONFIG_INPUT_MOUSEDEV=y
CONFIG_INPUT_MOUSEDEV_PSAUX=y
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
@@ -2774,7 +2731,7 @@ CONFIG_INPUT_EVDEV=m
CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ADP5588=m
CONFIG_KEYBOARD_ADP5589=m
-CONFIG_KEYBOARD_ATKBD=m
+CONFIG_KEYBOARD_ATKBD=y
CONFIG_KEYBOARD_QT1070=m
CONFIG_KEYBOARD_QT2160=m
# CONFIG_KEYBOARD_LKKBD is not set
@@ -2803,8 +2760,8 @@ CONFIG_MOUSE_PS2_LIFEBOOK=y
CONFIG_MOUSE_PS2_TRACKPOINT=y
CONFIG_MOUSE_PS2_ELANTECH=y
CONFIG_MOUSE_PS2_SENTELIC=y
-CONFIG_MOUSE_PS2_TOUCHKIT=y
-CONFIG_MOUSE_SERIAL=m
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+CONFIG_MOUSE_SERIAL=y
CONFIG_MOUSE_APPLETOUCH=m
CONFIG_MOUSE_BCM5974=m
CONFIG_MOUSE_CYAPA=m
@@ -2917,9 +2874,7 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m
# CONFIG_TOUCHSCREEN_TSC2005 is not set
CONFIG_TOUCHSCREEN_TSC2007=m
CONFIG_TOUCHSCREEN_ST1232=m
-CONFIG_TOUCHSCREEN_SUR40=m
CONFIG_TOUCHSCREEN_TPS6507X=m
-CONFIG_TOUCHSCREEN_ZFORCE=m
CONFIG_INPUT_MISC=y
CONFIG_INPUT_AD714X=m
CONFIG_INPUT_AD714X_I2C=m
@@ -2957,18 +2912,17 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m
#
# Hardware I/O ports
#
-CONFIG_SERIO=m
-CONFIG_SERIO_I8042=m
+CONFIG_SERIO=y
+CONFIG_SERIO_I8042=y
CONFIG_SERIO_SERPORT=m
CONFIG_SERIO_CT82C710=m
CONFIG_SERIO_PARKBD=m
CONFIG_SERIO_PCIPS2=m
-CONFIG_SERIO_LIBPS2=m
+CONFIG_SERIO_LIBPS2=y
CONFIG_SERIO_RAW=m
CONFIG_SERIO_ALTERA_PS2=m
CONFIG_SERIO_PS2MULT=m
CONFIG_SERIO_ARC_PS2=m
-CONFIG_HYPERV_KEYBOARD=m
CONFIG_GAMEPORT=m
CONFIG_GAMEPORT_NS558=m
CONFIG_GAMEPORT_L4=m
@@ -3043,6 +2997,7 @@ CONFIG_SERIAL_ARC_NR_PORTS=1
CONFIG_SERIAL_RP2=m
CONFIG_SERIAL_RP2_NR_UARTS=32
CONFIG_SERIAL_FSL_LPUART=m
+CONFIG_SERIAL_ST_ASC=m
CONFIG_PRINTER=m
# CONFIG_LP_CONSOLE is not set
CONFIG_PPDEV=m
@@ -3079,13 +3034,10 @@ CONFIG_MWAVE=m
# CONFIG_RAW_DRIVER is not set
CONFIG_HPET=y
CONFIG_HPET_MMAP=y
-CONFIG_HPET_MMAP_DEFAULT=y
CONFIG_HANGCHECK_TIMER=m
CONFIG_TCG_TPM=m
CONFIG_TCG_TIS=m
-CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
-CONFIG_TCG_TIS_I2C_NUVOTON=m
CONFIG_TCG_NSC=m
CONFIG_TCG_ATMEL=m
CONFIG_TCG_INFINEON=m
@@ -3183,6 +3135,7 @@ CONFIG_SPI_MASTER=y
# CONFIG_SPI_BUTTERFLY is not set
# CONFIG_SPI_GPIO is not set
# CONFIG_SPI_LM70_LLP is not set
+# CONFIG_SPI_FSL_DSPI is not set
# CONFIG_SPI_OC_TINY is not set
CONFIG_SPI_PXA2XX_DMA=y
CONFIG_SPI_PXA2XX=m
@@ -3225,8 +3178,8 @@ CONFIG_PTP_1588_CLOCK=m
CONFIG_DP83640_PHY=m
CONFIG_PTP_1588_CLOCK_PCH=m
CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
-CONFIG_GPIOLIB=y
CONFIG_GPIO_DEVRES=y
+CONFIG_GPIOLIB=y
CONFIG_GPIO_ACPI=y
# CONFIG_DEBUG_GPIO is not set
CONFIG_GPIO_SYSFS=y
@@ -3258,7 +3211,7 @@ CONFIG_GPIO_ARIZONA=m
#
CONFIG_GPIO_CS5535=m
CONFIG_GPIO_AMD8111=m
-# CONFIG_GPIO_INTEL_MID is not set
+CONFIG_GPIO_LANGWELL=y
# CONFIG_GPIO_PCH is not set
# CONFIG_GPIO_ML_IOH is not set
# CONFIG_GPIO_RDC321X is not set
@@ -3274,7 +3227,7 @@ CONFIG_GPIO_AMD8111=m
#
# AC97 GPIO expanders:
#
-CONFIG_GPIO_UCB1400=m
+CONFIG_GPIO_UCB1400=y
#
# LPC GPIO expanders:
@@ -3307,7 +3260,6 @@ CONFIG_TEST_POWER=m
# CONFIG_CHARGER_GPIO is not set
# CONFIG_CHARGER_BQ2415X is not set
# CONFIG_CHARGER_BQ24190 is not set
-CONFIG_CHARGER_BQ24735=m
# CONFIG_CHARGER_SMB347 is not set
CONFIG_POWER_RESET=y
CONFIG_POWER_AVS=y
@@ -4030,7 +3982,7 @@ CONFIG_VIDEO_UPD64031A=m
CONFIG_VIDEO_UPD64083=m
#
-# Miscellaneous helper chips
+# Miscelaneous helper chips
#
CONFIG_VIDEO_M52790=m
@@ -4106,7 +4058,6 @@ CONFIG_DVB_TUNER_CX24113=m
CONFIG_DVB_TDA826X=m
CONFIG_DVB_TUA6100=m
CONFIG_DVB_CX24116=m
-CONFIG_DVB_CX24117=m
CONFIG_DVB_SI21XX=m
CONFIG_DVB_TS2020=m
CONFIG_DVB_DS3000=m
@@ -4212,7 +4163,6 @@ CONFIG_VGA_SWITCHEROO=y
CONFIG_DRM=m
CONFIG_DRM_USB=m
CONFIG_DRM_KMS_HELPER=m
-CONFIG_DRM_KMS_FB_HELPER=y
CONFIG_DRM_LOAD_EDID_FIRMWARE=y
CONFIG_DRM_TTM=m
@@ -4232,7 +4182,6 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3
CONFIG_DRM_NOUVEAU_BACKLIGHT=y
CONFIG_DRM_I915=m
CONFIG_DRM_I915_KMS=y
-CONFIG_DRM_I915_FBDEV=y
# CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
CONFIG_DRM_MGA=m
CONFIG_DRM_SIS=m
@@ -4347,7 +4296,7 @@ CONFIG_BACKLIGHT_APPLE=m
# CONFIG_BACKLIGHT_ADP8860 is not set
# CONFIG_BACKLIGHT_ADP8870 is not set
CONFIG_BACKLIGHT_PCF50633=m
-CONFIG_BACKLIGHT_LM3630A=m
+# CONFIG_BACKLIGHT_LM3630 is not set
# CONFIG_BACKLIGHT_LM3639 is not set
# CONFIG_BACKLIGHT_LP855X is not set
# CONFIG_BACKLIGHT_OT200 is not set
@@ -4526,7 +4475,6 @@ CONFIG_SND_USB_6FIRE=m
CONFIG_SND_USB_HIFACE=m
CONFIG_SND_FIREWIRE=y
CONFIG_SND_FIREWIRE_LIB=m
-CONFIG_SND_DICE=m
CONFIG_SND_FIREWIRE_SPEAKERS=m
CONFIG_SND_ISIGHT=m
CONFIG_SND_SCS1X=m
@@ -4604,7 +4552,6 @@ CONFIG_HID_ROCCAT=m
CONFIG_HID_SAITEK=m
CONFIG_HID_SAMSUNG=m
CONFIG_HID_SONY=m
-CONFIG_SONY_FF=y
CONFIG_HID_SPEEDLINK=m
CONFIG_HID_STEELSERIES=m
CONFIG_HID_SUNPLUS=m
@@ -4835,6 +4782,7 @@ CONFIG_USB_XUSBATM=m
#
CONFIG_USB_PHY=y
CONFIG_NOP_USB_XCEIV=m
+# CONFIG_AM335X_PHY_USB is not set
CONFIG_SAMSUNG_USBPHY=m
CONFIG_SAMSUNG_USB2PHY=m
CONFIG_SAMSUNG_USB3PHY=m
@@ -4876,7 +4824,6 @@ CONFIG_USB_F_NCM=m
CONFIG_USB_F_ECM=m
CONFIG_USB_F_SUBSET=m
CONFIG_USB_F_RNDIS=m
-CONFIG_USB_F_MASS_STORAGE=m
# CONFIG_USB_CONFIGFS is not set
# CONFIG_USB_ZERO is not set
CONFIG_USB_AUDIO=m
@@ -4977,7 +4924,6 @@ CONFIG_LEDS_LP5562=m
CONFIG_LEDS_CLEVO_MAIL=m
CONFIG_LEDS_PCA955X=m
# CONFIG_LEDS_PCA963X is not set
-CONFIG_LEDS_PCA9685=m
# CONFIG_LEDS_DAC124S085 is not set
CONFIG_LEDS_BD2802=m
CONFIG_LEDS_INTEL_SS4200=m
@@ -5134,7 +5080,6 @@ CONFIG_DMA_ACPI=y
#
CONFIG_ASYNC_TX_DMA=y
# CONFIG_DMATEST is not set
-CONFIG_DMA_ENGINE_RAID=y
CONFIG_DCA=m
CONFIG_AUXDISPLAY=y
CONFIG_KS0108=m
@@ -5335,11 +5280,15 @@ CONFIG_FT1000_PCMCIA=m
#
CONFIG_SPEAKUP=m
CONFIG_SPEAKUP_SYNTH_ACNTSA=m
+CONFIG_SPEAKUP_SYNTH_ACNTPC=m
CONFIG_SPEAKUP_SYNTH_APOLLO=m
CONFIG_SPEAKUP_SYNTH_AUDPTR=m
CONFIG_SPEAKUP_SYNTH_BNS=m
CONFIG_SPEAKUP_SYNTH_DECTLK=m
CONFIG_SPEAKUP_SYNTH_DECEXT=m
+CONFIG_SPEAKUP_SYNTH_DECPC=m
+CONFIG_SPEAKUP_SYNTH_DTLK=m
+CONFIG_SPEAKUP_SYNTH_KEYPC=m
CONFIG_SPEAKUP_SYNTH_LTLK=m
CONFIG_SPEAKUP_SYNTH_SOFT=m
CONFIG_SPEAKUP_SYNTH_SPKOUT=m
@@ -5405,6 +5354,7 @@ CONFIG_X86_PLATFORM_DEVICES=y
CONFIG_ACER_WMI=m
CONFIG_ACERHDF=m
CONFIG_ASUS_LAPTOP=m
+CONFIG_CHROMEOS_LAPTOP=m
CONFIG_DELL_LAPTOP=m
CONFIG_DELL_WMI=m
CONFIG_DELL_WMI_AIO=m
@@ -5450,8 +5400,6 @@ CONFIG_APPLE_GMUX=m
CONFIG_INTEL_RST=m
CONFIG_INTEL_SMARTCONNECT=y
CONFIG_PVPANIC=m
-CONFIG_CHROME_PLATFORMS=y
-CONFIG_CHROMEOS_LAPTOP=m
#
# Hardware Spinlock drivers
@@ -5503,14 +5451,6 @@ CONFIG_FMC_WRITE_EEPROM=m
CONFIG_FMC_CHARDEV=m
#
-# PHY Subsystem
-#
-CONFIG_GENERIC_PHY=m
-CONFIG_PHY_EXYNOS_MIPI_VIDEO=m
-CONFIG_POWERCAP=y
-CONFIG_INTEL_RAPL=m
-
-#
# Firmware Drivers
#
CONFIG_EDD=m
@@ -5528,7 +5468,6 @@ CONFIG_ISCSI_IBFT=m
# EFI (Extensible Firmware Interface) Support
#
# CONFIG_EFI_VARS is not set
-CONFIG_UEFI_CPER=y
#
# File systems
@@ -5675,11 +5614,6 @@ CONFIG_UBIFS_FS_ZLIB=y
CONFIG_LOGFS=m
CONFIG_CRAMFS=m
CONFIG_SQUASHFS=m
-# CONFIG_SQUASHFS_FILE_CACHE is not set
-CONFIG_SQUASHFS_FILE_DIRECT=y
-# CONFIG_SQUASHFS_DECOMP_SINGLE is not set
-# CONFIG_SQUASHFS_DECOMP_MULTI is not set
-CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y
CONFIG_SQUASHFS_XATTR=y
CONFIG_SQUASHFS_ZLIB=y
CONFIG_SQUASHFS_LZO=y
@@ -5709,7 +5643,6 @@ CONFIG_F2FS_STAT_FS=y
CONFIG_F2FS_FS_XATTR=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_F2FS_FS_SECURITY=y
-CONFIG_F2FS_CHECK_FS=y
CONFIG_EFIVAR_FS=y
CONFIG_ORE=m
CONFIG_NETWORK_FILESYSTEMS=y
@@ -5725,7 +5658,6 @@ CONFIG_PNFS_FILE_LAYOUT=m
CONFIG_PNFS_BLOCK=m
CONFIG_PNFS_OBJLAYOUT=m
CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org"
-CONFIG_NFS_V4_1_MIGRATION=y
CONFIG_NFS_V4_SECURITY_LABEL=y
CONFIG_NFS_FSCACHE=y
# CONFIG_NFS_USE_LEGACY_DNS is not set
@@ -5863,7 +5795,6 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
CONFIG_MAGIC_SYSRQ=y
-CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
CONFIG_DEBUG_KERNEL=y
#
@@ -6000,7 +5931,6 @@ CONFIG_LKDTM=m
# CONFIG_BACKTRACE_SELF_TEST is not set
# CONFIG_RBTREE_TEST is not set
# CONFIG_INTERVAL_TREE_TEST is not set
-CONFIG_PERCPU_TEST=m
# CONFIG_ATOMIC64_SELFTEST is not set
CONFIG_ASYNC_RAID6_TEST=m
# CONFIG_TEST_STRING_HELPERS is not set
@@ -6015,7 +5945,6 @@ CONFIG_STRICT_DEVMEM=y
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
-CONFIG_EARLY_PRINTK_EFI=y
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_RODATA=y
# CONFIG_DEBUG_RODATA_TEST is not set
@@ -6046,8 +5975,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0
# Security options
#
CONFIG_KEYS=y
-CONFIG_PERSISTENT_KEYRINGS=y
-CONFIG_BIG_KEYS=y
CONFIG_TRUSTED_KEYS=m
CONFIG_ENCRYPTED_KEYS=m
# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
@@ -6058,16 +5985,8 @@ CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
CONFIG_SECURITY_PATH=y
# CONFIG_INTEL_TXT is not set
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-# CONFIG_SECURITY_SELINUX_DISABLE is not set
-CONFIG_SECURITY_SELINUX_DEVELOP=y
-CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
-# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
-CONFIG_SECURITY_SMACK=y
+# CONFIG_SECURITY_SELINUX is not set
+# CONFIG_SECURITY_SMACK is not set
CONFIG_SECURITY_TOMOYO=y
CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
@@ -6080,8 +5999,6 @@ CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_YAMA_STACKED=y
# CONFIG_IMA is not set
-# CONFIG_DEFAULT_SECURITY_SELINUX is not set
-# CONFIG_DEFAULT_SECURITY_SMACK is not set
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
# CONFIG_DEFAULT_SECURITY_YAMA is not set
@@ -6121,7 +6038,7 @@ CONFIG_CRYPTO_WORKQUEUE=y
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_AUTHENC=m
CONFIG_CRYPTO_TEST=m
-CONFIG_CRYPTO_ABLK_HELPER=m
+CONFIG_CRYPTO_ABLK_HELPER_X86=m
CONFIG_CRYPTO_GLUE_HELPER_X86=m
#
@@ -6230,7 +6147,6 @@ CONFIG_CRYPTO_ANSI_CPRNG=m
CONFIG_CRYPTO_USER_API=m
CONFIG_CRYPTO_USER_API_HASH=m
CONFIG_CRYPTO_USER_API_SKCIPHER=m
-CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
@@ -6248,7 +6164,6 @@ CONFIG_KVM_MMIO=y
CONFIG_KVM_ASYNC_PF=y
CONFIG_HAVE_KVM_MSI=y
CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
-CONFIG_KVM_VFIO=y
CONFIG_VIRTUALIZATION=y
CONFIG_KVM=m
CONFIG_KVM_INTEL=m
@@ -6271,6 +6186,7 @@ CONFIG_GENERIC_IOMAP=y
CONFIG_GENERIC_IO=y
CONFIG_PERCPU_RWSEM=y
CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_CMPXCHG_LOCKREF=y
CONFIG_CRC_CCITT=m
CONFIG_CRC16=m
CONFIG_CRC_T10DIF=m
@@ -6284,7 +6200,6 @@ CONFIG_CRC32_SLICEBY8=y
CONFIG_CRC7=m
CONFIG_LIBCRC32C=m
CONFIG_CRC8=m
-# CONFIG_RANDOM32_SELFTEST is not set
CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y
CONFIG_LZO_COMPRESS=y
@@ -6318,7 +6233,6 @@ CONFIG_TEXTSEARCH_KMP=m
CONFIG_TEXTSEARCH_BM=m
CONFIG_TEXTSEARCH_FSM=m
CONFIG_BTREE=y
-CONFIG_ASSOCIATIVE_ARRAY=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT=y
CONFIG_HAS_DMA=y
diff --git a/kernels/linux-libre-knock/criu-no-expert.patch b/kernels/linux-libre-knock/criu-no-expert.patch
index 9bbc02812..2124427e9 100644
--- a/kernels/linux-libre-knock/criu-no-expert.patch
+++ b/kernels/linux-libre-knock/criu-no-expert.patch
@@ -1,8 +1,8 @@
diff --git a/init/Kconfig b/init/Kconfig
-index 4e5d96a..4b94ffe 100644
+index be8b7f5..7461760 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -1078,7 +1078,7 @@ config DEBUG_BLK_CGROUP
+@@ -989,7 +989,7 @@ config DEBUG_BLK_CGROUP
endif # CGROUPS
config CHECKPOINT_RESTORE
@@ -11,3 +11,12 @@ index 4e5d96a..4b94ffe 100644
default n
help
Enables additional kernel features in a sake of checkpoint/restore.
+@@ -1000,7 +1000,7 @@ config CHECKPOINT_RESTORE
+ If unsure, say N here.
+
+ menuconfig NAMESPACES
+- bool "Namespaces support" if EXPERT
++ bool "Namespaces support"
+ default !EXPERT
+ help
+ Provides the way to make tasks work with different objects using
diff --git a/kernels/linux-libre-knock/i8042-fix-aliases.patch b/kernels/linux-libre-knock/i8042-fix-aliases.patch
deleted file mode 100644
index 961968c78..000000000
--- a/kernels/linux-libre-knock/i8042-fix-aliases.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-commit 5a420e61e39862c7c3356080eddb23dfe4ccadb7
-Author: Tom Gundersen <teg@jklm.no>
-Date: Sun Jan 26 17:00:32 2014 +0100
-
- Input: i8042 - fix PNP modaliases when both aux and kdb are enabled
-
- Commit 78551277e4 exposed the PNP modaliases for the i8042 module. However,
- when both the aux and the kbd drivers are enabled the aux entries would
- override the kdb ones.
-
- Refactor the device_id lists, and unconditionally attempt to load the driver
- if either a kdb or aux devices is present.
-
- Signed-off-by: Tom Gundersen <teg@jklm.no>
-
-diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
-index 0ec9abb..dbc6958 100644
---- a/drivers/input/serio/i8042-x86ia64io.h
-+++ b/drivers/input/serio/i8042-x86ia64io.h
-@@ -747,25 +747,27 @@ static int i8042_pnp_aux_probe(struct pnp_dev *dev, const struct pnp_device_id *
- return 0;
- }
-
--static struct pnp_device_id pnp_kbd_devids[] = {
-- { .id = "PNP0300", .driver_data = 0 },
-- { .id = "PNP0301", .driver_data = 0 },
-- { .id = "PNP0302", .driver_data = 0 },
-- { .id = "PNP0303", .driver_data = 0 },
-- { .id = "PNP0304", .driver_data = 0 },
-- { .id = "PNP0305", .driver_data = 0 },
-- { .id = "PNP0306", .driver_data = 0 },
-- { .id = "PNP0309", .driver_data = 0 },
-- { .id = "PNP030a", .driver_data = 0 },
-- { .id = "PNP030b", .driver_data = 0 },
-- { .id = "PNP0320", .driver_data = 0 },
-- { .id = "PNP0343", .driver_data = 0 },
-- { .id = "PNP0344", .driver_data = 0 },
-- { .id = "PNP0345", .driver_data = 0 },
-+#define KBD_DEVIDS \
-+ { .id = "PNP0300", .driver_data = 0 }, \
-+ { .id = "PNP0301", .driver_data = 0 }, \
-+ { .id = "PNP0302", .driver_data = 0 }, \
-+ { .id = "PNP0303", .driver_data = 0 }, \
-+ { .id = "PNP0304", .driver_data = 0 }, \
-+ { .id = "PNP0305", .driver_data = 0 }, \
-+ { .id = "PNP0306", .driver_data = 0 }, \
-+ { .id = "PNP0309", .driver_data = 0 }, \
-+ { .id = "PNP030a", .driver_data = 0 }, \
-+ { .id = "PNP030b", .driver_data = 0 }, \
-+ { .id = "PNP0320", .driver_data = 0 }, \
-+ { .id = "PNP0343", .driver_data = 0 }, \
-+ { .id = "PNP0344", .driver_data = 0 }, \
-+ { .id = "PNP0345", .driver_data = 0 }, \
- { .id = "CPQA0D7", .driver_data = 0 },
-+
-+static struct pnp_device_id pnp_kbd_devids[] = {
-+ KBD_DEVIDS
- { .id = "", },
- };
--MODULE_DEVICE_TABLE(pnp, pnp_kbd_devids);
-
- static struct pnp_driver i8042_pnp_kbd_driver = {
- .name = "i8042 kbd",
-@@ -773,21 +775,23 @@ static struct pnp_driver i8042_pnp_kbd_driver = {
- .probe = i8042_pnp_kbd_probe,
- };
-
--static struct pnp_device_id pnp_aux_devids[] = {
-- { .id = "AUI0200", .driver_data = 0 },
-- { .id = "FJC6000", .driver_data = 0 },
-- { .id = "FJC6001", .driver_data = 0 },
-- { .id = "PNP0f03", .driver_data = 0 },
-- { .id = "PNP0f0b", .driver_data = 0 },
-- { .id = "PNP0f0e", .driver_data = 0 },
-- { .id = "PNP0f12", .driver_data = 0 },
-- { .id = "PNP0f13", .driver_data = 0 },
-- { .id = "PNP0f19", .driver_data = 0 },
-- { .id = "PNP0f1c", .driver_data = 0 },
-+#define AUX_DEVIDS \
-+ { .id = "AUI0200", .driver_data = 0 }, \
-+ { .id = "FJC6000", .driver_data = 0 }, \
-+ { .id = "FJC6001", .driver_data = 0 }, \
-+ { .id = "PNP0f03", .driver_data = 0 }, \
-+ { .id = "PNP0f0b", .driver_data = 0 }, \
-+ { .id = "PNP0f0e", .driver_data = 0 }, \
-+ { .id = "PNP0f12", .driver_data = 0 }, \
-+ { .id = "PNP0f13", .driver_data = 0 }, \
-+ { .id = "PNP0f19", .driver_data = 0 }, \
-+ { .id = "PNP0f1c", .driver_data = 0 }, \
- { .id = "SYN0801", .driver_data = 0 },
-+
-+static struct pnp_device_id pnp_aux_devids[] = {
-+ AUX_DEVIDS
- { .id = "", },
- };
--MODULE_DEVICE_TABLE(pnp, pnp_aux_devids);
-
- static struct pnp_driver i8042_pnp_aux_driver = {
- .name = "i8042 aux",
-@@ -795,6 +799,13 @@ static struct pnp_driver i8042_pnp_aux_driver = {
- .probe = i8042_pnp_aux_probe,
- };
-
-+static struct pnp_device_id pnp_kdb_aux_devids[] = {
-+ KBD_DEVIDS
-+ AUX_DEVIDS
-+ { .id = "", },
-+};
-+MODULE_DEVICE_TABLE(pnp, pnp_kdb_aux_devids);
-+
- static void i8042_pnp_exit(void)
- {
- if (i8042_pnp_kbd_registered) {
diff --git a/kernels/linux-libre-knock/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch b/kernels/linux-libre-knock/nfs-check-gssd-running-before-krb5i-auth.patch
index 87b54fc3e..be81fec76 100644
--- a/kernels/linux-libre-knock/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch
+++ b/kernels/linux-libre-knock/nfs-check-gssd-running-before-krb5i-auth.patch
@@ -1,8 +1,5 @@
-From 6aa23d76a7b549521a03b63b6d5b7880ea87eab7 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 14 Nov 2013 07:25:19 -0500
-Subject: [PATCH 3/6] nfs: check if gssd is running before attempting to use
- krb5i auth in SETCLIENTID call
+Bugzilla: N/A
+Upstream-status: queued in NFS git tree (for 3.13/3.14?)
Currently, the client will attempt to use krb5i in the SETCLIENTID call
even if rpc.gssd isn't running. When that fails, it'll then fall back to
@@ -17,13 +14,12 @@ fail at a later stage of the mount attempt.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---
- fs/nfs/nfs4client.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
+ fs/nfs/nfs4client.c | 7 ++++++-
+ 1 files changed, 6 insertions(+), 1 deletions(-)
-diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
-index b4a160a..c1b7a80 100644
---- a/fs/nfs/nfs4client.c
-+++ b/fs/nfs/nfs4client.c
+diff -up linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c
+--- linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig 2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c 2013-11-21 10:20:27.288286000 -0500
@@ -10,6 +10,7 @@
#include <linux/sunrpc/auth.h>
#include <linux/sunrpc/xprt.h>
@@ -32,10 +28,10 @@ index b4a160a..c1b7a80 100644
#include "internal.h"
#include "callback.h"
#include "delegation.h"
-@@ -370,7 +371,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp,
+@@ -206,7 +207,11 @@ struct nfs_client *nfs4_init_client(stru
+ if (clp->cl_minorversion != 0)
__set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags);
__set_bit(NFS_CS_DISCRTRY, &clp->cl_flags);
- __set_bit(NFS_CS_NO_RETRANS_TIMEOUT, &clp->cl_flags);
- error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I);
+
+ error = -EINVAL;
@@ -45,6 +41,8 @@ index b4a160a..c1b7a80 100644
if (error == -EINVAL)
error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX);
if (error < 0)
---
-1.8.5.3
+_______________________________________________
+kernel mailing list
+kernel@lists.fedoraproject.org
+https://admin.fedoraproject.org/mailman/listinfo/kernel
diff --git a/kernels/linux-libre-knock/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch b/kernels/linux-libre-knock/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch
index 75505c30d..ed03f34dd 100644
--- a/kernels/linux-libre-knock/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch
+++ b/kernels/linux-libre-knock/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch
@@ -1,14 +1,10 @@
-From 23e66ba97127ff3b064d4c6c5138aa34eafc492f Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Mon, 9 Dec 2013 09:38:00 -0500
-Subject: [PATCH 6/6] rpc_pipe: fix cleanup of dummy gssd directory when
- notification fails
+Bugzilla: 1037793
+Upstream-status: submitted for 3.14
Currently, it could leak dentry references in some cases. Make sure
we clean up properly.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
-Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---
net/sunrpc/rpc_pipe.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
@@ -46,5 +42,9 @@ index 5d973b2..b185548 100644
RPC_PIPEFS_UMOUNT,
sb);
--
-1.8.5.3
+1.8.4.2
+--
+To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/kernels/linux-libre-knock/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch b/kernels/linux-libre-knock/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch
index 5f2c3dae8..e4b1a255f 100644
--- a/kernels/linux-libre-knock/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch
+++ b/kernels/linux-libre-knock/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch
@@ -1,15 +1,11 @@
-From 3396f92f8be606ea485b0a82d4e7749a448b013b Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 5 Dec 2013 07:33:49 -0500
-Subject: [PATCH 4/6] rpc_pipe: remove the clntXX dir if creating the pipe
- fails
+Bugzilla: 1037793
+Upstream-status: submitted for 3.14
In the event that we create the gssd/clntXX dir, but the pipe creation
subsequently fails, then we should remove the clntXX dir before
returning.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
-Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---
net/sunrpc/rpc_pipe.c | 2 ++
1 file changed, 2 insertions(+)
@@ -28,5 +24,9 @@ index 5cd7ad1..0b74c61 100644
dput(clnt_dentry);
dput(gssd_dentry);
--
-1.8.5.3
+1.8.4.2
+--
+To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/kernels/linux-libre-knock/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch b/kernels/linux-libre-knock/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch
index 8ef6fe25c..dd3b5ba2f 100644
--- a/kernels/linux-libre-knock/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch
+++ b/kernels/linux-libre-knock/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch
@@ -1,7 +1,5 @@
-From e2f0c83a9de331d9352185ca3642616c13127539 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 5 Dec 2013 07:34:44 -0500
-Subject: [PATCH 5/6] sunrpc: add an "info" file for the dummy gssd pipe
+Bugzilla: 1037793
+Upstream-status: submitted for 3.14
rpc.gssd expects to see an "info" file in each clntXX dir. Since adding
the dummy gssd pipe, users that run rpc.gssd see a lot of these messages
@@ -13,7 +11,6 @@ spamming the logs:
Add a dummy gssd/clntXX/info file to help silence these messages.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
-Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---
net/sunrpc/rpc_pipe.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 49 insertions(+), 1 deletion(-)
@@ -96,5 +93,4 @@ index 0b74c61..5d973b2 100644
dput(clnt_dentry);
dput(gssd_dentry);
--
-1.8.5.3
-
+1.8.4.2
diff --git a/kernels/linux-libre-knock/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-knock/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
index 2d398315e..805498a70 100644
--- a/kernels/linux-libre-knock/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
+++ b/kernels/linux-libre-knock/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch
@@ -1,7 +1,5 @@
-From 4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 14 Nov 2013 07:25:17 -0500
-Subject: [PATCH 1/6] sunrpc: create a new dummy pipe for gssd to hold open
+Bugzilla: N/A
+Upstream-status: queued in NFS git tree (for 3.13/3.14?)
rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows
up under rpc_pipefs. That behavior gives us a reliable mechanism to tell
@@ -17,17 +15,16 @@ it will just return -EINVAL.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---
- include/linux/sunrpc/rpc_pipe_fs.h | 3 +-
- net/sunrpc/netns.h | 1 +
- net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++++--
- net/sunrpc/sunrpc_syms.c | 8 +++-
+ include/linux/sunrpc/rpc_pipe_fs.h | 3 +-
+ net/sunrpc/netns.h | 1 +
+ net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++-
+ net/sunrpc/sunrpc_syms.c | 8 +++-
4 files changed, 100 insertions(+), 5 deletions(-)
-diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
-index a353e03..85f1342 100644
---- a/include/linux/sunrpc/rpc_pipe_fs.h
-+++ b/include/linux/sunrpc/rpc_pipe_fs.h
-@@ -84,7 +84,8 @@ enum {
+diff -up linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h
+--- linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig 2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h 2013-11-21 10:11:17.893026000 -0500
+@@ -64,7 +64,8 @@ enum {
extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb,
const unsigned char *dir_name);
@@ -37,10 +34,9 @@ index a353e03..85f1342 100644
extern struct super_block *rpc_get_sb_net(const struct net *net);
extern void rpc_put_sb_net(const struct net *net);
-diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h
-index 779742c..8a8e841 100644
---- a/net/sunrpc/netns.h
-+++ b/net/sunrpc/netns.h
+diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h
+--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig 2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h 2013-11-21 10:11:17.897029000 -0500
@@ -14,6 +14,7 @@ struct sunrpc_net {
struct cache_detail *rsi_cache;
@@ -49,10 +45,9 @@ index 779742c..8a8e841 100644
struct mutex pipefs_sb_lock;
struct list_head all_clients;
-diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
-index bf04b30..c23458b 100644
---- a/net/sunrpc/rpc_pipe.c
-+++ b/net/sunrpc/rpc_pipe.c
+diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c
+--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig 2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c 2013-11-21 10:11:17.903026000 -0500
@@ -38,7 +38,7 @@
#define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "")
@@ -62,7 +57,7 @@ index bf04b30..c23458b 100644
static struct kmem_cache *rpc_inode_cachep __read_mostly;
-@@ -1159,6 +1159,7 @@ enum {
+@@ -1019,6 +1019,7 @@ enum {
RPCAUTH_nfsd4_cb,
RPCAUTH_cache,
RPCAUTH_nfsd,
@@ -70,7 +65,7 @@ index bf04b30..c23458b 100644
RPCAUTH_RootEOF
};
-@@ -1195,6 +1196,10 @@ static const struct rpc_filelist files[] = {
+@@ -1055,6 +1056,10 @@ static const struct rpc_filelist files[]
.name = "nfsd",
.mode = S_IFDIR | S_IRUGO | S_IXUGO,
},
@@ -81,7 +76,7 @@ index bf04b30..c23458b 100644
};
/*
-@@ -1208,13 +1213,25 @@ struct dentry *rpc_d_lookup_sb(const struct super_block *sb,
+@@ -1068,13 +1073,25 @@ struct dentry *rpc_d_lookup_sb(const str
}
EXPORT_SYMBOL_GPL(rpc_d_lookup_sb);
@@ -108,7 +103,7 @@ index bf04b30..c23458b 100644
}
/*
-@@ -1244,11 +1261,73 @@ void rpc_put_sb_net(const struct net *net)
+@@ -1104,11 +1121,73 @@ void rpc_put_sb_net(const struct net *ne
}
EXPORT_SYMBOL_GPL(rpc_put_sb_net);
@@ -183,7 +178,7 @@ index bf04b30..c23458b 100644
struct net *net = data;
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
int err;
-@@ -1266,6 +1345,13 @@ rpc_fill_super(struct super_block *sb, void *data, int silent)
+@@ -1126,6 +1205,13 @@ rpc_fill_super(struct super_block *sb, v
return -ENOMEM;
if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL))
return -ENOMEM;
@@ -197,7 +192,7 @@ index bf04b30..c23458b 100644
dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n",
net, NET_NAME(net));
mutex_lock(&sn->pipefs_sb_lock);
-@@ -1280,6 +1366,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent)
+@@ -1140,6 +1226,7 @@ rpc_fill_super(struct super_block *sb, v
return 0;
err_depopulate:
@@ -205,11 +200,10 @@ index bf04b30..c23458b 100644
blocking_notifier_call_chain(&rpc_pipefs_notifier_list,
RPC_PIPEFS_UMOUNT,
sb);
-diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c
-index 3d6498a..cd30120 100644
---- a/net/sunrpc/sunrpc_syms.c
-+++ b/net/sunrpc/sunrpc_syms.c
-@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(struct net *net)
+diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c
+--- linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig 2013-09-02 16:46:10.000000000 -0400
++++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c 2013-11-21 10:11:17.908026000 -0500
+@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(st
if (err)
goto err_unixgid;
@@ -236,6 +230,4 @@ index 3d6498a..cd30120 100644
unix_gid_cache_destroy(net);
ip_map_cache_destroy(net);
rpc_proc_exit(net);
---
-1.8.5.3
diff --git a/kernels/linux-libre-knock/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch b/kernels/linux-libre-knock/sunrpc-replace-gssd_running-with-more-reliable-check.patch
index 19e04da5d..8cd5c0090 100644
--- a/kernels/linux-libre-knock/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch
+++ b/kernels/linux-libre-knock/sunrpc-replace-gssd_running-with-more-reliable-check.patch
@@ -1,8 +1,5 @@
-From 89f842435c630f8426f414e6030bc2ffea0d6f81 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@redhat.com>
-Date: Thu, 14 Nov 2013 07:25:18 -0500
-Subject: [PATCH 2/6] sunrpc: replace sunrpc_net->gssd_running flag with a more
- reliable check
+Bugzilla: N/A
+Upstream-status: queued in NFS git tree (for 3.13/3.14?)
Now that we have a more reliable method to tell if gssd is running, we
can replace the sn->gssd_running flag with a function that will query to
@@ -17,10 +14,12 @@ extraneous newline from the message.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---
- include/linux/sunrpc/rpc_pipe_fs.h | 2 ++
- net/sunrpc/auth_gss/auth_gss.c | 17 +++++++----------
- net/sunrpc/netns.h | 2 --
- net/sunrpc/rpc_pipe.c | 14 ++++++++++----
+ Fixed up to apply to 3.12.1 by Josh Boyer <jwboyer@fedoraproject.org>
+
+ include/linux/sunrpc/rpc_pipe_fs.h | 2 ++
+ net/sunrpc/auth_gss/auth_gss.c | 17 +++++++----------
+ net/sunrpc/netns.h | 2 --
+ net/sunrpc/rpc_pipe.c | 14 ++++++++++----
4 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h
@@ -36,10 +35,10 @@ index 85f1342..7f490be 100644
#endif
#endif
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
-index 42fdfc6..0a2aee0 100644
+index 0846566..1ada878 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
-@@ -536,8 +536,7 @@ static void warn_gssd(void)
+@@ -517,8 +517,7 @@ static void warn_gssd(void)
unsigned long now = jiffies;
if (time_after(now, ratelimit)) {
@@ -49,7 +48,7 @@ index 42fdfc6..0a2aee0 100644
ratelimit = now + 15*HZ;
}
}
-@@ -600,7 +599,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
+@@ -581,7 +580,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
struct rpc_pipe *pipe;
struct rpc_cred *cred = &gss_cred->gc_base;
struct gss_upcall_msg *gss_msg;
@@ -57,7 +56,7 @@ index 42fdfc6..0a2aee0 100644
DEFINE_WAIT(wait);
int err;
-@@ -608,17 +606,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
+@@ -589,17 +587,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
__func__, from_kuid(&init_user_ns, cred->cr_uid));
retry:
err = 0;
@@ -95,7 +94,7 @@ index 8a8e841..94e506f 100644
extern int sunrpc_net_id;
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
-index c23458b..5cd7ad1 100644
+index 40aef18..ad444f3 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -216,14 +216,11 @@ rpc_destroy_inode(struct inode *inode)
@@ -113,7 +112,7 @@ index c23458b..5cd7ad1 100644
pipe = RPC_I(inode)->pipe;
if (pipe == NULL)
goto out;
-@@ -1222,7 +1219,6 @@ int rpc_pipefs_init_net(struct net *net)
+@@ -1231,7 +1228,6 @@ int rpc_pipefs_init_net(struct net *net)
return PTR_ERR(sn->gssd_dummy);
mutex_init(&sn->pipefs_sb_lock);
@@ -121,7 +120,7 @@ index c23458b..5cd7ad1 100644
sn->pipe_version = -1;
return 0;
}
-@@ -1376,6 +1372,16 @@ err_depopulate:
+@@ -1385,6 +1381,16 @@ err_depopulate:
return err;
}
@@ -138,6 +137,3 @@ index c23458b..5cd7ad1 100644
static struct dentry *
rpc_mount(struct file_system_type *fs_type,
int flags, const char *dev_name, void *data)
---
-1.8.5.3
-
diff --git a/kernels/linux-libre-lts-knock/PKGBUILD b/kernels/linux-libre-lts-knock/PKGBUILD
index bd7334688..83213341b 100644
--- a/kernels/linux-libre-lts-knock/PKGBUILD
+++ b/kernels/linux-libre-lts-knock/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206183 2014-02-21 10:15:31Z bpiotrowski $
+# $Id: PKGBUILD 206261 2014-02-23 10:06:10Z andyrtr $
# Maintainer: Tobias Powalowski <tpowa@archlinux.org>
# Maintainer: Thomas Baechler <thomas@archlinux.org>
# Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -10,11 +10,11 @@
pkgbase=linux-libre-lts-knock # Build stock -LIBRE-LTS-KNOCK kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.10
-_sublevel=31
+_sublevel=32
_knockpatchver=${_basekernel}
pkgver=${_basekernel}.${_sublevel}
pkgrel=1
-_lxopkgver=${_basekernel}.30 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.31 # nearly always the same as pkgver
arch=('i686' 'x86_64' 'mips64el')
url="http://linux-libre.fsfla.org/"
license=('GPL2')
@@ -34,7 +34,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'criu-no-expert.patch'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
md5sums=('d562fd52580a3b6b18b6eeb5921d1d5c'
- '36a430003252c2f5e7a6f8e3365871ca'
+ 'e344eea547efba42562dd8ff16593116'
'26380d6f05471ef8e065a77d87588009'
'f22e0a6a7634902f5a00eb25ad677c65'
'6550ba0e23b7729cd9db2475bde8fac2'
@@ -44,7 +44,7 @@ md5sums=('d562fd52580a3b6b18b6eeb5921d1d5c'
'04b21c79df0a952c22d681dd4f4562df'
'f3def2cefdcbb954c21d8505d23cc83c'
'd50c1ac47394e9aec637002ef3392bd1'
- '8e0bb5cbd34b0e7391049eba25d135be')
+ 'bfac14a0d1a3a0b0fbf09ba3a0ff6e88')
if [ "$CARCH" != "mips64el" ]; then
# don't use the Loongson-specific patches on non-mips64el arches.
unset source[${#source[@]}-1]
diff --git a/kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch
deleted file mode 100644
index c9ee40400..000000000
--- a/kernels/linux-libre-pae/0001-quirk-asm_volatile_goto.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001
-From: Steven Noonan <steven@uplinklabs.net>
-Date: Thu, 13 Feb 2014 07:01:07 +0000
-Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
-
-I started noticing problems with KVM guest destruction on Linux
-3.12+, where guest memory wasn't being cleaned up. I bisected it
-down to the commit introducing the new 'asm goto'-based atomics,
-and found this quirk was later applied to those.
-
-Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the
-known 'asm goto' bug) I am still getting some kind of
-miscompilation. If I enable the asm_volatile_goto quirk for my
-compiler, KVM guests are destroyed correctly and the memory is
-cleaned up.
-
-So make the quirk unconditional for now, until bug is found
-and fixed.
-
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Steven Noonan <steven@uplinklabs.net>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt <rostedt@goodmis.org>
-Cc: Jakub Jelinek <jakub@redhat.com>
-Cc: Richard Henderson <rth@twiddle.net>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Oleg Nesterov <oleg@redhat.com>
-Cc: <stable@vger.kernel.org>
-Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net
-Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
-diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..2507fd2 100644
---- a/include/linux/compiler-gcc4.h
-+++ b/include/linux/compiler-gcc4.h
-@@ -75,11 +75,7 @@
- *
- * (asm goto is automatically volatile - the naming reflects this.)
- */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...) do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
-
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
---
-cgit v0.9.2
diff --git a/kernels/linux-libre-pae/PKGBUILD b/kernels/linux-libre-pae/PKGBUILD
index b34766072..d672e376a 100644
--- a/kernels/linux-libre-pae/PKGBUILD
+++ b/kernels/linux-libre-pae/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $
+# $Id: PKGBUILD 206252 2014-02-22 22:54:25Z thomas $
# Contributor: Tobias Powalowski <tpowa@archlinux.org>
# Contributor: Thomas Baechler <thomas@archlinux.org>
# Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -6,7 +6,7 @@
pkgbase=linux-libre-pae # Build stock -LIBRE-PAE kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.13
-pkgver=${_basekernel}.4
+pkgver=${_basekernel}.5
pkgrel=1
arch=('i686')
url="http://linux-libre.fsfla.org/"
@@ -30,10 +30,9 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch'
'0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch'
'0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch'
- '0001-quirk-asm_volatile_goto.patch'
'i8042-fix-aliases.patch')
md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
- '3659d30b1d06dd5b7874ae04c946863b'
+ '6e59a1e4b891ca5fa8b03d488fa64e04'
'904835a7af0bc5e88007a94cad7c1d9c'
'f302c931bd85309da9d9792b4cc96467'
'44260d2cb1a8b51c119d2ce1f83e457a'
@@ -47,7 +46,6 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
'a724515b350b29c53f20e631c6cf9a14'
'1ae4ec847f41fa1b6d488f956e94c893'
'e6fa278c092ad83780e2dd0568e24ca6'
- '6baa312bc166681f48e972824f3f6649'
'93dbf73af819b77f03453a9c6de2bb47')
_kernelname=${pkgbase#linux-libre}
@@ -99,9 +97,6 @@ prepare() {
# Fix i8042 aliases
patch -p1 -i "${srcdir}/i8042-fix-aliases.patch"
- # Fix compile issues
- # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859
- patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch"
cat "${srcdir}/config" > ./.config # simpler
diff --git a/kernels/linux-libre-pae/linux-libre-pae.install b/kernels/linux-libre-pae/linux-libre-pae.install
index 079d1b7ab..6241e6ea2 100644
--- a/kernels/linux-libre-pae/linux-libre-pae.install
+++ b/kernels/linux-libre-pae/linux-libre-pae.install
@@ -26,6 +26,12 @@ post_upgrade() {
echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
mkinitcpio -p linux-libre${KERNEL_NAME}
fi
+
+ if [ $(vercmp $2 3.13) -lt 0 ]; then
+ echo ">>> WARNING: AT keyboard support is no longer built into the kernel."
+ echo ">>> In order to use your keyboard during early init, you MUST"
+ echo ">>> include the 'keyboard' hook in your mkinitcpio.conf."
+ fi
}
post_remove() {
diff --git a/kernels/linux-libre-rt/PKGBUILD b/kernels/linux-libre-rt/PKGBUILD
index 02863ff53..edb795663 100644
--- a/kernels/linux-libre-rt/PKGBUILD
+++ b/kernels/linux-libre-rt/PKGBUILD
@@ -9,12 +9,12 @@
pkgbase=linux-libre-rt # Build stock -LIBRE-RT kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.12
-_releasever=11
-_rtpatchver=rt17
+_releasever=12
+_rtpatchver=rt19
_pkgver=${_basekernel}.${_releasever}
pkgver=${_basekernel}.${_releasever}_${_rtpatchver}
pkgrel=1
-_lxopkgver=${_basekernel}.11 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.12 # nearly always the same as pkgver
arch=('i686' 'x86_64' 'mips64el')
url="http://linux-libre.fsfla.org/"
license=('GPL2')
@@ -40,8 +40,8 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
md5sums=('254f59707b6676b59ce5ca5c3c698319'
- '8d78b7fe81e226b022b331e8a1da74b7'
- '5c46965799741357e7a48c2c32735929'
+ 'a763ffc196d8ffa49c676a43448d75a4'
+ '97e5652f6039a48544897129c8adaf98'
'e40789b1e59136235827a3b3bf40c121'
'bf542c4038d3e7d0da4c92bac0466198'
'82496e68851d1960543a07ba51cdb44a'
@@ -56,7 +56,7 @@ md5sums=('254f59707b6676b59ce5ca5c3c698319'
'cec0bb8981936eab2943b2009b7a6fff'
'88d9cddf9e0050a76ec4674f264fb2a1'
'cb9016630212ef07b168892fbcfd4e5d'
- '5a595801584a112426ccc0fe3753aa06')
+ 'a9a0ee57377ed6e55957f9671eead03a')
if [ "$CARCH" != "mips64el" ]; then
# don't use the Loongson-specific patches on non-mips64el arches.
unset source[${#source[@]}-1]
diff --git a/kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch
deleted file mode 100644
index c9ee40400..000000000
--- a/kernels/linux-libre-xen/0001-quirk-asm_volatile_goto.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001
-From: Steven Noonan <steven@uplinklabs.net>
-Date: Thu, 13 Feb 2014 07:01:07 +0000
-Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
-
-I started noticing problems with KVM guest destruction on Linux
-3.12+, where guest memory wasn't being cleaned up. I bisected it
-down to the commit introducing the new 'asm goto'-based atomics,
-and found this quirk was later applied to those.
-
-Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the
-known 'asm goto' bug) I am still getting some kind of
-miscompilation. If I enable the asm_volatile_goto quirk for my
-compiler, KVM guests are destroyed correctly and the memory is
-cleaned up.
-
-So make the quirk unconditional for now, until bug is found
-and fixed.
-
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Steven Noonan <steven@uplinklabs.net>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Steven Rostedt <rostedt@goodmis.org>
-Cc: Jakub Jelinek <jakub@redhat.com>
-Cc: Richard Henderson <rth@twiddle.net>
-Cc: Andrew Morton <akpm@linux-foundation.org>
-Cc: Oleg Nesterov <oleg@redhat.com>
-Cc: <stable@vger.kernel.org>
-Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net
-Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
----
-diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..2507fd2 100644
---- a/include/linux/compiler-gcc4.h
-+++ b/include/linux/compiler-gcc4.h
-@@ -75,11 +75,7 @@
- *
- * (asm goto is automatically volatile - the naming reflects this.)
- */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...) do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
-
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
---
-cgit v0.9.2
diff --git a/kernels/linux-libre-xen/PKGBUILD b/kernels/linux-libre-xen/PKGBUILD
index 82edc6e05..557eedd2a 100644
--- a/kernels/linux-libre-xen/PKGBUILD
+++ b/kernels/linux-libre-xen/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $
+# $Id: PKGBUILD 206252 2014-02-22 22:54:25Z thomas $
# Contributor: Tobias Powalowski <tpowa@archlinux.org>
# Contributor: Thomas Baechler <thomas@archlinux.org>
# Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
@@ -6,7 +6,7 @@
pkgbase=linux-libre-xen # Build stock -LIBRE-XEN kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.13
-pkgver=${_basekernel}.4
+pkgver=${_basekernel}.5
pkgrel=1
arch=('i686')
url="http://linux-libre.fsfla.org/"
@@ -30,10 +30,9 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch'
'0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch'
'0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch'
- '0001-quirk-asm_volatile_goto.patch'
'i8042-fix-aliases.patch')
md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
- '3659d30b1d06dd5b7874ae04c946863b'
+ '6e59a1e4b891ca5fa8b03d488fa64e04'
'be059d4c29dfd9ac55183133938e9242'
'b7c2805bb287a644c0a303bf7721e534'
'44260d2cb1a8b51c119d2ce1f83e457a'
@@ -47,7 +46,6 @@ md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1'
'a724515b350b29c53f20e631c6cf9a14'
'1ae4ec847f41fa1b6d488f956e94c893'
'e6fa278c092ad83780e2dd0568e24ca6'
- '6baa312bc166681f48e972824f3f6649'
'93dbf73af819b77f03453a9c6de2bb47')
_kernelname=${pkgbase#linux-libre}
@@ -99,9 +97,6 @@ prepare() {
# Fix i8042 aliases
patch -p1 -i "${srcdir}/i8042-fix-aliases.patch"
- # Fix compile issues
- # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859
- patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch"
cat "${srcdir}/config" > ./.config # simpler
diff --git a/kernels/linux-libre-xen/linux-libre-xen.install b/kernels/linux-libre-xen/linux-libre-xen.install
index 0683dce3d..e8dc463b6 100644
--- a/kernels/linux-libre-xen/linux-libre-xen.install
+++ b/kernels/linux-libre-xen/linux-libre-xen.install
@@ -26,6 +26,12 @@ post_upgrade() {
echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
mkinitcpio -p linux-libre${KERNEL_NAME}
fi
+
+ if [ $(vercmp $2 3.13) -lt 0 ]; then
+ echo ">>> WARNING: AT keyboard support is no longer built into the kernel."
+ echo ">>> In order to use your keyboard during early init, you MUST"
+ echo ">>> include the 'keyboard' hook in your mkinitcpio.conf."
+ fi
}
post_remove() {
diff --git a/kernels/xen/ChangeLog b/kernels/xen/ChangeLog
index 63c33c223..8f9ef80fe 100644
--- a/kernels/xen/ChangeLog
+++ b/kernels/xen/ChangeLog
@@ -1,3 +1,10 @@
+2014-02-19 David Sutton <kantras - gmail.com>
+ * 4.3.2-1:
+ New upstream release
+ Removed unnecessary security patches (since now integrated into source)
+ Attempts to pull down additional required source file to ensure not corrupted
+ Added missing dependancy libseccomp
+
2013-11-25 David Sutton <kantras - gmail.com>
* 4.3.1-2:
Changed bluez dependancy from bluez4 to bluez
diff --git a/kernels/xen/PKGBUILD b/kernels/xen/PKGBUILD
index 6ff16c8cd..e19b5c06f 100644
--- a/kernels/xen/PKGBUILD
+++ b/kernels/xen/PKGBUILD
@@ -5,8 +5,8 @@
# Maintainer (Parabola): André Silva <emulatorman@parabola.nu>
pkgname=xen
-pkgver=4.3.1
-pkgrel=2
+pkgver=4.3.2
+pkgrel=1
pkgdesc="Virtual Machine Hypervisor & Tools (Parabola rebranded)"
arch=(i686 x86_64)
url="http://www.xenproject.org/"
@@ -21,6 +21,15 @@ options=(!buildflags !strip)
install=$pkgname.install
changelog=ChangeLog
source=(http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.gz
+ http://xenbits.xen.org/xen-extfiles/ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz
+ http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz
+ http://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz
+ http://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz
+ http://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2
+ http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz
+ http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz
+ http://xenbits.xen.org/xen-extfiles/tpm_emulator-0.7.4.tar.gz
+ http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2
xen.install
09_xen
bios_workaround.patch
@@ -38,11 +47,27 @@ source=(http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g
conf.d-xenstored
tmpfiles.d-$pkgname.conf
grub.conf
- xsa73-4.3-unstable.patch
- xsa75-4.3-unstable.patch
- xsa78.patch
$pkgname.conf)
-sha256sums=('3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd'
+noextract=(lwip-1.3.0.tar.gz
+ zlib-1.2.3.tar.gz
+ newlib-1.16.0.tar.gz
+ pciutils-2.2.9.tar.bz2
+ polarssl-1.1.4-gpl.tgz
+ grub-0.97.tar.gz
+ tpm_emulator-0.7.4.tar.gz
+ gmp-4.3.2.tar.bz2
+ ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz)
+
+sha256sums=('17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69'
+ '632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c'
+ '772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f'
+ '1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e'
+ 'db426394965c48c1d29023e1cc6d965ea6b9a9035d8a849be2750ca4659a3d07'
+ 'f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24'
+ '2d29fd04a0d0ba29dae6bd29fb418944c08d3916665dcca74afb297ef37584b6'
+ '4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b'
+ '4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459'
+ '936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775'
'0f6ebf3437974d1708c9e74005b976479ab8ff28adec394208153bf404b411f8'
'74a957d783458b7481c7a09c3ed94ec2e07ee7943e4b7fa33d3684b8d585139e'
'914cc983da1fe89ff125d751c979b4968f8952da21b19b900fcd4e6b33e14552'
@@ -60,11 +85,17 @@ sha256sums=('3b5b7cc508b1739753585b5c25635471cdcef680e8770a78bf6ef9333d26a9fd'
'0e1ad0a6a72b0c22025a556c23235a8f663427f1e769c45fe39d1c525bf82eff'
'40e0760810a49f925f2ae9f986940b40eba477dc6d3e83a78baaae096513b3cf'
'78398fb27edfedb432b5f4e4bf87b5dbee41f180c623d29f758234a49d8bf4b4'
- '18f62049d714c3460df1f698663e42d0f8a16b9b4f62e66b40fdea635a348be5'
- '4bac312d49a4a88633af652c09128ba1bba2ca97e2e56e5fe7da6e4671c56ccb'
- 'bb13b280bb456c1d7c8f468e23e336e6b2d06eb364c6823f1b426fcfe09f6ed3'
'50a9b7fd19e8beb1dea09755f07318f36be0b7ec53d3c9e74f3266a63e682c0c')
-sha512sums=('f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf37835528aca33a0f9e04c82d5f8c4ba79c03a1780d2b72cbb90cc26f77275'
+sha512sums=('ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302'
+ 'c5cb1cdff40d2d71fd3e692a9d0efadf2aa17290daf5195391a1c81ddd9dfc913a8e44d5be2b12be85b2a5565ea31631c99c7053564f2fb2225c80ea0bb0e4a4'
+ '1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d'
+ '021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e'
+ '40eb96bbc6736a16b6399e0cdb73e853d0d90b685c967e77899183446664d64570277a633fdafdefc351b46ce210a99115769a1d9f47ac749d7e82837d4d1ac3'
+ '2b3d98d027e46d8c08037366dde6f0781ca03c610ef2b380984639e4ef39899ed8d8b8e4cd9c9dc54df101279b95879bd66bfd4d04ad07fef41e847ea7ae32b5'
+ '88da614e4d3f4409c4fd3bb3e44c7587ba051e3fed4e33d526069a67e8180212e1ea22da984656f50e290049f60ddca65383e5983c0f8884f648d71f698303ad'
+ 'c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb'
+ '4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35'
+ '2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf'
'78bfb62166ffcf136e12985809b3f412e0145a7f17388a559071f644970ccdfd2a02fe9aa4a180069b923c2e4354b061a4057096de856497f10d9cac57eae4b3'
'8667a97e10f09c5ce5ba604e38a073b7d7944f4d24c5c78a7235443b65a8cc7b6e7de90e40aa335bb17fda0858d6b517ba1e8b5a0bd6bba4ad75ad44b73f6c9c'
'7118bf02ff5338e70b3f27f8ea390cd05ea37a4ceabb4adc9d32fc57329e35e98330f0e865261dd4e670436e1a725832598888d44b1e2b17b351f59318860878'
@@ -82,9 +113,6 @@ sha512sums=('f5250ad5ad3defc5dc1207eb6208a3928128ef57ac4162018bd92b750dc1df1eaaf
'c996d48737ad31528b0b2b1379e3ebae948d290de9ddc71f33c7c56f0634466bc7afb2eab847e851c19e3c13bb99468a0778d908606486959a40ff3272189bd3'
'53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef'
'04000a802e96c11929cb94c9a2bcafbb4307620192388441d979ea85836c3395954dea53d449c1cc25c3a0a30c49d318b8de59a053c6254f5a81e87864648a9c'
- '78c94d3e473abaf857213754c7f0ef1a0dd06354cd137d1567a48d92b4106cbefd112f1dcecc90bc1f8c75d76a0e8a3425408f777044de8ec754bcda32bb7f97'
- '4fb6f678dccc9f23f2c3b27617718bc6c0a87505f7483f4d07563b7b2cc37d57d3b5ef658ee5867258916c5c2695a5086cc7790196aed85357c6d3168c06749b'
- 'b55cb25f88acc348e6777063f241269730f06482fe430706ac500cbd7127bc7c70188f84a282dc8a0369cc838999d47a09afc33fc9f24b5c214bdf59352c414c'
'ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b')
prepare() {
@@ -101,14 +129,19 @@ prepare() {
# Uncomment line below if you want to enable ATI Passthrough support (some reported successes)
#patch -Np1 -i ../ati-passthrough.patch
- # Add Security Patches
- patch -Np1 -i ../xsa73-4.3-unstable.patch
- patch -Np1 -i ../xsa75-4.3-unstable.patch
- patch -Np1 -i ../xsa78.patch
-
# Fix Install Paths
sed -i 's:/sbin:/bin:' config/StdGNU.mk
+ # Copy supporting tarballs into place
+ cp ../lwip-1.3.0.tar.gz stubdom/
+ cp ../zlib-1.2.3.tar.gz stubdom/
+ cp ../newlib-1.16.0.tar.gz stubdom/
+ cp ../pciutils-2.2.9.tar.bz2 stubdom/
+ cp ../polarssl-1.1.4-gpl.tgz stubdom/
+ cp ../grub-0.97.tar.gz stubdom/
+ cp ../tpm_emulator-0.7.4.tar.gz stubdom/
+ cp ../gmp-4.3.2.tar.bz2 stubdom/
+
}
build() {
@@ -157,10 +190,8 @@ package() {
fi
# Compress and move syms file to a different directory
- if [ "$CARCH" == "x86_64" ]; then
- gzip boot/$pkgname-syms-$pkgver
- mv boot/$pkgname-syms-$pkgver.gz usr/share/xen
- fi
+ gzip boot/$pkgname-syms-$pkgver
+ mv boot/$pkgname-syms-$pkgver.gz usr/share/xen
##### Kill unwanted stuff #####
# hypervisor symlinks
diff --git a/kernels/xen/xsa73-4.3-unstable.patch b/kernels/xen/xsa73-4.3-unstable.patch
deleted file mode 100644
index aa36b40a1..000000000
--- a/kernels/xen/xsa73-4.3-unstable.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From 068bfa76bbd52430e65853375e1d5db99d193e2f Mon Sep 17 00:00:00 2001
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Date: Thu, 31 Oct 2013 20:49:00 +0000
-Subject: [PATCH] gnttab: correct locking order reversal
-
-Coverity ID 1087189
-
-Correct a lock order reversal between a domains page allocation and grant
-table locks.
-
-This is CVE-2013-4494 / XSA-73.
-
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
-Consolidate error handling.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Keir Fraser <keir@xen.org>
-Tested-by: Matthew Daley <mattjd@gmail.com>
----
- xen/common/grant_table.c | 52 +++++++++++++++++++++++++++++++++++++++-------
- 1 file changed, 44 insertions(+), 8 deletions(-)
-
-diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
-index f42bc7a..48df928 100644
---- a/xen/common/grant_table.c
-+++ b/xen/common/grant_table.c
-@@ -1518,6 +1518,8 @@ gnttab_transfer(
-
- for ( i = 0; i < count; i++ )
- {
-+ bool_t okay;
-+
- if (i && hypercall_preempt_check())
- return i;
-
-@@ -1626,16 +1628,18 @@ gnttab_transfer(
- * pages when it is dying.
- */
- if ( unlikely(e->is_dying) ||
-- unlikely(e->tot_pages >= e->max_pages) ||
-- unlikely(!gnttab_prepare_for_transfer(e, d, gop.ref)) )
-+ unlikely(e->tot_pages >= e->max_pages) )
- {
-- if ( !e->is_dying )
-- gdprintk(XENLOG_INFO, "gnttab_transfer: "
-- "Transferee has no reservation "
-- "headroom (%d,%d) or provided a bad grant ref (%08x) "
-- "or is dying (%d)\n",
-- e->tot_pages, e->max_pages, gop.ref, e->is_dying);
- spin_unlock(&e->page_alloc_lock);
-+
-+ if ( e->is_dying )
-+ gdprintk(XENLOG_INFO, "gnttab_transfer: "
-+ "Transferee (d%d) is dying\n", e->domain_id);
-+ else
-+ gdprintk(XENLOG_INFO, "gnttab_transfer: "
-+ "Transferee (d%d) has no headroom (tot %u, max %u)\n",
-+ e->domain_id, e->tot_pages, e->max_pages);
-+
- rcu_unlock_domain(e);
- put_gfn(d, gop.mfn);
- page->count_info &= ~(PGC_count_mask|PGC_allocated);
-@@ -1647,6 +1651,38 @@ gnttab_transfer(
- /* Okay, add the page to 'e'. */
- if ( unlikely(domain_adjust_tot_pages(e, 1) == 1) )
- get_knownalive_domain(e);
-+
-+ /*
-+ * We must drop the lock to avoid a possible deadlock in
-+ * gnttab_prepare_for_transfer. We have reserved a page in e so can
-+ * safely drop the lock and re-aquire it later to add page to the
-+ * pagelist.
-+ */
-+ spin_unlock(&e->page_alloc_lock);
-+ okay = gnttab_prepare_for_transfer(e, d, gop.ref);
-+ spin_lock(&e->page_alloc_lock);
-+
-+ if ( unlikely(!okay) || unlikely(e->is_dying) )
-+ {
-+ bool_t drop_dom_ref = (domain_adjust_tot_pages(e, -1) == 0);
-+
-+ spin_unlock(&e->page_alloc_lock);
-+
-+ if ( okay /* i.e. e->is_dying due to the surrounding if() */ )
-+ gdprintk(XENLOG_INFO, "gnttab_transfer: "
-+ "Transferee (d%d) is now dying\n", e->domain_id);
-+
-+ if ( drop_dom_ref )
-+ put_domain(e);
-+ rcu_unlock_domain(e);
-+
-+ put_gfn(d, gop.mfn);
-+ page->count_info &= ~(PGC_count_mask|PGC_allocated);
-+ free_domheap_page(page);
-+ gop.status = GNTST_general_error;
-+ goto copyback;
-+ }
-+
- page_list_add_tail(page, &e->page_list);
- page_set_owner(page, e);
-
---
-1.7.10.4
-
diff --git a/kernels/xen/xsa75-4.3-unstable.patch b/kernels/xen/xsa75-4.3-unstable.patch
deleted file mode 100644
index 6c0c5bca1..000000000
--- a/kernels/xen/xsa75-4.3-unstable.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-nested VMX: VMLANUCH/VMRESUME emulation must check permission first thing
-
-Otherwise uninitialized data may be used, leading to crashes.
-
-This is XSA-75.
-
-Reported-and-tested-by: Jeff Zimmerman <Jeff_Zimmerman@McAfee.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-and-tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/hvm/vmx/vvmx.c
-+++ b/xen/arch/x86/hvm/vmx/vvmx.c
-@@ -1508,15 +1508,10 @@ static void clear_vvmcs_launched(struct
- }
- }
-
--int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)
-+static int nvmx_vmresume(struct vcpu *v, struct cpu_user_regs *regs)
- {
- struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
- struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
-- int rc;
--
-- rc = vmx_inst_check_privilege(regs, 0);
-- if ( rc != X86EMUL_OKAY )
-- return rc;
-
- /* check VMCS is valid and IO BITMAP is set */
- if ( (nvcpu->nv_vvmcxaddr != VMCX_EADDR) &&
-@@ -1535,6 +1530,10 @@ int nvmx_handle_vmresume(struct cpu_user
- struct vcpu *v = current;
- struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
- struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
-+ int rc = vmx_inst_check_privilege(regs, 0);
-+
-+ if ( rc != X86EMUL_OKAY )
-+ return rc;
-
- if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
- {
-@@ -1554,10 +1553,13 @@ int nvmx_handle_vmresume(struct cpu_user
- int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
- {
- bool_t launched;
-- int rc;
- struct vcpu *v = current;
- struct nestedvcpu *nvcpu = &vcpu_nestedhvm(v);
- struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
-+ int rc = vmx_inst_check_privilege(regs, 0);
-+
-+ if ( rc != X86EMUL_OKAY )
-+ return rc;
-
- if ( vcpu_nestedhvm(v).nv_vvmcxaddr == VMCX_EADDR )
- {
diff --git a/kernels/xen/xsa78.patch b/kernels/xen/xsa78.patch
deleted file mode 100644
index 180506cdd..000000000
--- a/kernels/xen/xsa78.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-VT-d: fix TLB flushing in dma_pte_clear_one()
-
-The third parameter of __intel_iommu_iotlb_flush() is to indicate
-whether the to be flushed entry was a present one. A few lines before,
-we bailed if !dma_pte_present(*pte), so there's no need to check the
-flag here again - we can simply always pass TRUE here.
-
-This is CVE-2013-6375 / XSA-78.
-
-Suggested-by: Cheng Yueqiang <yqcheng.2008@phdis.smu.edu.sg>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-
---- a/xen/drivers/passthrough/vtd/iommu.c
-+++ b/xen/drivers/passthrough/vtd/iommu.c
-@@ -646,7 +646,7 @@ static void dma_pte_clear_one(struct dom
- iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
-
- if ( !this_cpu(iommu_dont_flush_iotlb) )
-- __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K , 0, 1);
-+ __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K, 1, 1);
-
- unmap_vtd_domain_page(page);
-