diff options
Diffstat (limited to 'kernels/linux-libre-grsec')
14 files changed, 976 insertions, 484 deletions
diff --git a/kernels/linux-libre-grsec/0001-Bluetooth-allocate-static-minor-for-vhci.patch b/kernels/linux-libre-grsec/0001-Bluetooth-allocate-static-minor-for-vhci.patch new file mode 100644 index 000000000..33a3fde88 --- /dev/null +++ b/kernels/linux-libre-grsec/0001-Bluetooth-allocate-static-minor-for-vhci.patch @@ -0,0 +1,76 @@ +From a62207820fb65f168c8a7f9c0abb71d736f3d7e0 Mon Sep 17 00:00:00 2001 +From: Lucas De Marchi <lucas.demarchi@intel.com> +Date: Tue, 18 Feb 2014 02:19:26 -0300 +Subject: [PATCH] Bluetooth: allocate static minor for vhci +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit bfacbb9 (Bluetooth: Use devname:vhci module alias for virtual HCI +driver) added the module alias to hci_vhci module so it's possible to +create the /dev/vhci node. However creating an alias without +specifying the minor doesn't allow us to create the node ahead, +triggerring module auto-load when it's first accessed. + +Starting with depmod from kmod 16 we started to warn if there's a +devname alias without specifying the major and minor. + +Let's do the same done for uhid, kvm, fuse and others, specifying a +fixed minor. In systems with systemd as the init the following will +happen: on early boot systemd will call "kmod static-nodes" to read +/lib/modules/$(uname -r)/modules.devname and then create the nodes. When +first accessed these "dead" nodes will trigger the module loading. + +Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com> +Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: Marcel Holtmann <marcel@holtmann.org> +--- + Documentation/devices.txt | 1 + + drivers/bluetooth/hci_vhci.c | 3 ++- + include/linux/miscdevice.h | 1 + + 3 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/Documentation/devices.txt b/Documentation/devices.txt +index 80b7241..fce9398 100644 +--- a/Documentation/devices.txt ++++ b/Documentation/devices.txt +@@ -353,6 +353,7 @@ Your cooperation is appreciated. + 133 = /dev/exttrp External device trap + 134 = /dev/apm_bios Advanced Power Management BIOS + 135 = /dev/rtc Real Time Clock ++ 137 = /dev/vhci Bluetooth virtual HCI driver + 139 = /dev/openprom SPARC OpenBoot PROM + 140 = /dev/relay8 Berkshire Products Octal relay card + 141 = /dev/relay16 Berkshire Products ISO-16 relay card +diff --git a/drivers/bluetooth/hci_vhci.c b/drivers/bluetooth/hci_vhci.c +index 7b16738..59095e6 100644 +--- a/drivers/bluetooth/hci_vhci.c ++++ b/drivers/bluetooth/hci_vhci.c +@@ -352,7 +352,7 @@ static const struct file_operations vhci_fops = { + static struct miscdevice vhci_miscdev= { + .name = "vhci", + .fops = &vhci_fops, +- .minor = MISC_DYNAMIC_MINOR, ++ .minor = VHCI_MINOR, + }; + + static int __init vhci_init(void) +@@ -378,3 +378,4 @@ MODULE_DESCRIPTION("Bluetooth virtual HCI driver ver " VERSION); + MODULE_VERSION(VERSION); + MODULE_LICENSE("GPL"); + MODULE_ALIAS("devname:vhci"); ++MODULE_ALIAS_MISCDEV(VHCI_MINOR); +diff --git a/include/linux/miscdevice.h b/include/linux/miscdevice.h +index f7eaf2d..e5db611 100644 +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -23,6 +23,7 @@ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 + #define EFI_RTC_MINOR 136 /* EFI Time services */ ++#define VHCI_MINOR 137 + #define SUN_OPENPROM_MINOR 139 + #define DMAPI_MINOR 140 /* DMAPI */ + #define NVRAM_MINOR 144 +-- +1.9.0 + diff --git a/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-grsec/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch index 805498a70..2d398315e 100644 --- a/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch +++ b/kernels/linux-libre-grsec/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch @@ -1,5 +1,7 @@ -Bugzilla: N/A -Upstream-status: queued in NFS git tree (for 3.13/3.14?) +From 4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlayton@redhat.com> +Date: Thu, 14 Nov 2013 07:25:17 -0500 +Subject: [PATCH 1/6] sunrpc: create a new dummy pipe for gssd to hold open rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows up under rpc_pipefs. That behavior gives us a reliable mechanism to tell @@ -15,16 +17,17 @@ it will just return -EINVAL. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- - include/linux/sunrpc/rpc_pipe_fs.h | 3 +- - net/sunrpc/netns.h | 1 + - net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++- - net/sunrpc/sunrpc_syms.c | 8 +++- + include/linux/sunrpc/rpc_pipe_fs.h | 3 +- + net/sunrpc/netns.h | 1 + + net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++++-- + net/sunrpc/sunrpc_syms.c | 8 +++- 4 files changed, 100 insertions(+), 5 deletions(-) -diff -up linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h ---- linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h 2013-11-21 10:11:17.893026000 -0500 -@@ -64,7 +64,8 @@ enum { +diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h +index a353e03..85f1342 100644 +--- a/include/linux/sunrpc/rpc_pipe_fs.h ++++ b/include/linux/sunrpc/rpc_pipe_fs.h +@@ -84,7 +84,8 @@ enum { extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb, const unsigned char *dir_name); @@ -34,9 +37,10 @@ diff -up linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig li extern struct super_block *rpc_get_sb_net(const struct net *net); extern void rpc_put_sb_net(const struct net *net); -diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h ---- linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h 2013-11-21 10:11:17.897029000 -0500 +diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h +index 779742c..8a8e841 100644 +--- a/net/sunrpc/netns.h ++++ b/net/sunrpc/netns.h @@ -14,6 +14,7 @@ struct sunrpc_net { struct cache_detail *rsi_cache; @@ -45,9 +49,10 @@ diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig linux-3.11.9-200.f struct mutex pipefs_sb_lock; struct list_head all_clients; -diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c ---- linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c 2013-11-21 10:11:17.903026000 -0500 +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index bf04b30..c23458b 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c @@ -38,7 +38,7 @@ #define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "") @@ -57,7 +62,7 @@ diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-20 static struct kmem_cache *rpc_inode_cachep __read_mostly; -@@ -1019,6 +1019,7 @@ enum { +@@ -1159,6 +1159,7 @@ enum { RPCAUTH_nfsd4_cb, RPCAUTH_cache, RPCAUTH_nfsd, @@ -65,7 +70,7 @@ diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-20 RPCAUTH_RootEOF }; -@@ -1055,6 +1056,10 @@ static const struct rpc_filelist files[] +@@ -1195,6 +1196,10 @@ static const struct rpc_filelist files[] = { .name = "nfsd", .mode = S_IFDIR | S_IRUGO | S_IXUGO, }, @@ -76,7 +81,7 @@ diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-20 }; /* -@@ -1068,13 +1073,25 @@ struct dentry *rpc_d_lookup_sb(const str +@@ -1208,13 +1213,25 @@ struct dentry *rpc_d_lookup_sb(const struct super_block *sb, } EXPORT_SYMBOL_GPL(rpc_d_lookup_sb); @@ -103,7 +108,7 @@ diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-20 } /* -@@ -1104,11 +1121,73 @@ void rpc_put_sb_net(const struct net *ne +@@ -1244,11 +1261,73 @@ void rpc_put_sb_net(const struct net *net) } EXPORT_SYMBOL_GPL(rpc_put_sb_net); @@ -178,7 +183,7 @@ diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-20 struct net *net = data; struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); int err; -@@ -1126,6 +1205,13 @@ rpc_fill_super(struct super_block *sb, v +@@ -1266,6 +1345,13 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) return -ENOMEM; if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL)) return -ENOMEM; @@ -192,7 +197,7 @@ diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-20 dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n", net, NET_NAME(net)); mutex_lock(&sn->pipefs_sb_lock); -@@ -1140,6 +1226,7 @@ rpc_fill_super(struct super_block *sb, v +@@ -1280,6 +1366,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) return 0; err_depopulate: @@ -200,10 +205,11 @@ diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-20 blocking_notifier_call_chain(&rpc_pipefs_notifier_list, RPC_PIPEFS_UMOUNT, sb); -diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c ---- linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c 2013-11-21 10:11:17.908026000 -0500 -@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(st +diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c +index 3d6498a..cd30120 100644 +--- a/net/sunrpc/sunrpc_syms.c ++++ b/net/sunrpc/sunrpc_syms.c +@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(struct net *net) if (err) goto err_unixgid; @@ -230,4 +236,6 @@ diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig linux-3.11.9 unix_gid_cache_destroy(net); ip_map_cache_destroy(net); rpc_proc_exit(net); +-- +1.8.5.3 diff --git a/kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch b/kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch new file mode 100644 index 000000000..c4242e0ae --- /dev/null +++ b/kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch @@ -0,0 +1,68 @@ +From 83460ec8dcac14142e7860a01fa59c267ac4657c Mon Sep 17 00:00:00 2001 +From: Andi Kleen <ak@linux.intel.com> +Date: Tue, 12 Nov 2013 15:08:36 -0800 +Subject: [PATCH] syscalls.h: use gcc alias instead of assembler aliases for + syscalls + +Use standard gcc __attribute__((alias(foo))) to define the syscall aliases +instead of custom assembler macros. + +This is far cleaner, and also fixes my LTO kernel build. + +Signed-off-by: Andi Kleen <ak@linux.intel.com> +Cc: Al Viro <viro@ZenIV.linux.org.uk> +Cc: Geert Uytterhoeven <geert@linux-m68k.org> +Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> +Signed-off-by: Andrew Morton <akpm@linux-foundation.org> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +--- + include/linux/compat.h | 4 ++-- + include/linux/syscalls.h | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/include/linux/compat.h b/include/linux/compat.h +index 345da00..ada34c9 100644 +--- a/include/linux/compat.h ++++ b/include/linux/compat.h +@@ -41,14 +41,14 @@ + COMPAT_SYSCALL_DEFINEx(6, _##name, __VA_ARGS__) + + #define COMPAT_SYSCALL_DEFINEx(x, name, ...) \ +- asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ ++ asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\ ++ __attribute__((alias(__stringify(compat_SyS##name)))); \ + static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ + asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));\ + asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\ + { \ + return C_SYSC##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \ + } \ +- SYSCALL_ALIAS(compat_sys##name, compat_SyS##name); \ + static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + + #ifndef compat_user_stack_pointer +diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h +index 7fac04e..c27f846 100644 +--- a/include/linux/syscalls.h ++++ b/include/linux/syscalls.h +@@ -184,7 +184,8 @@ extern struct trace_event_functions exit_syscall_print_funcs; + + #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__) + #define __SYSCALL_DEFINEx(x, name, ...) \ +- asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ ++ asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \ ++ __attribute__((alias(__stringify(SyS##name)))); \ + static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ + asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ +@@ -194,7 +195,6 @@ extern struct trace_event_functions exit_syscall_print_funcs; + __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \ + return ret; \ + } \ +- SYSCALL_ALIAS(sys##name, SyS##name); \ + static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + + asmlinkage long sys_time(time_t __user *tloc); +-- +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/sunrpc-replace-gssd_running-with-more-reliable-check.patch b/kernels/linux-libre-grsec/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch index 8cd5c0090..19e04da5d 100644 --- a/kernels/linux-libre-grsec/sunrpc-replace-gssd_running-with-more-reliable-check.patch +++ b/kernels/linux-libre-grsec/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch @@ -1,5 +1,8 @@ -Bugzilla: N/A -Upstream-status: queued in NFS git tree (for 3.13/3.14?) +From 89f842435c630f8426f414e6030bc2ffea0d6f81 Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlayton@redhat.com> +Date: Thu, 14 Nov 2013 07:25:18 -0500 +Subject: [PATCH 2/6] sunrpc: replace sunrpc_net->gssd_running flag with a more + reliable check Now that we have a more reliable method to tell if gssd is running, we can replace the sn->gssd_running flag with a function that will query to @@ -14,12 +17,10 @@ extraneous newline from the message. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- - Fixed up to apply to 3.12.1 by Josh Boyer <jwboyer@fedoraproject.org> - - include/linux/sunrpc/rpc_pipe_fs.h | 2 ++ - net/sunrpc/auth_gss/auth_gss.c | 17 +++++++---------- - net/sunrpc/netns.h | 2 -- - net/sunrpc/rpc_pipe.c | 14 ++++++++++---- + include/linux/sunrpc/rpc_pipe_fs.h | 2 ++ + net/sunrpc/auth_gss/auth_gss.c | 17 +++++++---------- + net/sunrpc/netns.h | 2 -- + net/sunrpc/rpc_pipe.c | 14 ++++++++++---- 4 files changed, 19 insertions(+), 16 deletions(-) diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h @@ -35,10 +36,10 @@ index 85f1342..7f490be 100644 #endif #endif diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c -index 0846566..1ada878 100644 +index 42fdfc6..0a2aee0 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c -@@ -517,8 +517,7 @@ static void warn_gssd(void) +@@ -536,8 +536,7 @@ static void warn_gssd(void) unsigned long now = jiffies; if (time_after(now, ratelimit)) { @@ -48,7 +49,7 @@ index 0846566..1ada878 100644 ratelimit = now + 15*HZ; } } -@@ -581,7 +580,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) +@@ -600,7 +599,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) struct rpc_pipe *pipe; struct rpc_cred *cred = &gss_cred->gc_base; struct gss_upcall_msg *gss_msg; @@ -56,7 +57,7 @@ index 0846566..1ada878 100644 DEFINE_WAIT(wait); int err; -@@ -589,17 +587,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) +@@ -608,17 +606,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) __func__, from_kuid(&init_user_ns, cred->cr_uid)); retry: err = 0; @@ -94,7 +95,7 @@ index 8a8e841..94e506f 100644 extern int sunrpc_net_id; diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 40aef18..ad444f3 100644 +index c23458b..5cd7ad1 100644 --- a/net/sunrpc/rpc_pipe.c +++ b/net/sunrpc/rpc_pipe.c @@ -216,14 +216,11 @@ rpc_destroy_inode(struct inode *inode) @@ -112,7 +113,7 @@ index 40aef18..ad444f3 100644 pipe = RPC_I(inode)->pipe; if (pipe == NULL) goto out; -@@ -1231,7 +1228,6 @@ int rpc_pipefs_init_net(struct net *net) +@@ -1222,7 +1219,6 @@ int rpc_pipefs_init_net(struct net *net) return PTR_ERR(sn->gssd_dummy); mutex_init(&sn->pipefs_sb_lock); @@ -120,7 +121,7 @@ index 40aef18..ad444f3 100644 sn->pipe_version = -1; return 0; } -@@ -1385,6 +1381,16 @@ err_depopulate: +@@ -1376,6 +1372,16 @@ err_depopulate: return err; } @@ -137,3 +138,6 @@ index 40aef18..ad444f3 100644 static struct dentry * rpc_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data) +-- +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/nfs-check-gssd-running-before-krb5i-auth.patch b/kernels/linux-libre-grsec/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch index be81fec76..87b54fc3e 100644 --- a/kernels/linux-libre-grsec/nfs-check-gssd-running-before-krb5i-auth.patch +++ b/kernels/linux-libre-grsec/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch @@ -1,5 +1,8 @@ -Bugzilla: N/A -Upstream-status: queued in NFS git tree (for 3.13/3.14?) +From 6aa23d76a7b549521a03b63b6d5b7880ea87eab7 Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlayton@redhat.com> +Date: Thu, 14 Nov 2013 07:25:19 -0500 +Subject: [PATCH 3/6] nfs: check if gssd is running before attempting to use + krb5i auth in SETCLIENTID call Currently, the client will attempt to use krb5i in the SETCLIENTID call even if rpc.gssd isn't running. When that fails, it'll then fall back to @@ -14,12 +17,13 @@ fail at a later stage of the mount attempt. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- - fs/nfs/nfs4client.c | 7 ++++++- - 1 files changed, 6 insertions(+), 1 deletions(-) + fs/nfs/nfs4client.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) -diff -up linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c ---- linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c 2013-11-21 10:20:27.288286000 -0500 +diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c +index b4a160a..c1b7a80 100644 +--- a/fs/nfs/nfs4client.c ++++ b/fs/nfs/nfs4client.c @@ -10,6 +10,7 @@ #include <linux/sunrpc/auth.h> #include <linux/sunrpc/xprt.h> @@ -28,10 +32,10 @@ diff -up linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig linux-3.11.9-200. #include "internal.h" #include "callback.h" #include "delegation.h" -@@ -206,7 +207,11 @@ struct nfs_client *nfs4_init_client(stru - if (clp->cl_minorversion != 0) +@@ -370,7 +371,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, __set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags); __set_bit(NFS_CS_DISCRTRY, &clp->cl_flags); + __set_bit(NFS_CS_NO_RETRANS_TIMEOUT, &clp->cl_flags); - error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I); + + error = -EINVAL; @@ -41,8 +45,6 @@ diff -up linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig linux-3.11.9-200. if (error == -EINVAL) error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX); if (error < 0) +-- +1.8.5.3 -_______________________________________________ -kernel mailing list -kernel@lists.fedoraproject.org -https://admin.fedoraproject.org/mailman/listinfo/kernel diff --git a/kernels/linux-libre-grsec/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch b/kernels/linux-libre-grsec/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch index e4b1a255f..5f2c3dae8 100644 --- a/kernels/linux-libre-grsec/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch +++ b/kernels/linux-libre-grsec/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch @@ -1,11 +1,15 @@ -Bugzilla: 1037793 -Upstream-status: submitted for 3.14 +From 3396f92f8be606ea485b0a82d4e7749a448b013b Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlayton@redhat.com> +Date: Thu, 5 Dec 2013 07:33:49 -0500 +Subject: [PATCH 4/6] rpc_pipe: remove the clntXX dir if creating the pipe + fails In the event that we create the gssd/clntXX dir, but the pipe creation subsequently fails, then we should remove the clntXX dir before returning. Signed-off-by: Jeff Layton <jlayton@redhat.com> +Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- net/sunrpc/rpc_pipe.c | 2 ++ 1 file changed, 2 insertions(+) @@ -24,9 +28,5 @@ index 5cd7ad1..0b74c61 100644 dput(clnt_dentry); dput(gssd_dentry); -- -1.8.4.2 +1.8.5.3 --- -To unsubscribe from this list: send the line "unsubscribe linux-nfs" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/kernels/linux-libre-grsec/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch b/kernels/linux-libre-grsec/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch index dd3b5ba2f..8ef6fe25c 100644 --- a/kernels/linux-libre-grsec/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch +++ b/kernels/linux-libre-grsec/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch @@ -1,5 +1,7 @@ -Bugzilla: 1037793 -Upstream-status: submitted for 3.14 +From e2f0c83a9de331d9352185ca3642616c13127539 Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlayton@redhat.com> +Date: Thu, 5 Dec 2013 07:34:44 -0500 +Subject: [PATCH 5/6] sunrpc: add an "info" file for the dummy gssd pipe rpc.gssd expects to see an "info" file in each clntXX dir. Since adding the dummy gssd pipe, users that run rpc.gssd see a lot of these messages @@ -11,6 +13,7 @@ spamming the logs: Add a dummy gssd/clntXX/info file to help silence these messages. Signed-off-by: Jeff Layton <jlayton@redhat.com> +Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- net/sunrpc/rpc_pipe.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) @@ -93,4 +96,5 @@ index 0b74c61..5d973b2 100644 dput(clnt_dentry); dput(gssd_dentry); -- -1.8.4.2 +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch b/kernels/linux-libre-grsec/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch index ed03f34dd..75505c30d 100644 --- a/kernels/linux-libre-grsec/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch +++ b/kernels/linux-libre-grsec/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch @@ -1,10 +1,14 @@ -Bugzilla: 1037793 -Upstream-status: submitted for 3.14 +From 23e66ba97127ff3b064d4c6c5138aa34eafc492f Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlayton@redhat.com> +Date: Mon, 9 Dec 2013 09:38:00 -0500 +Subject: [PATCH 6/6] rpc_pipe: fix cleanup of dummy gssd directory when + notification fails Currently, it could leak dentry references in some cases. Make sure we clean up properly. Signed-off-by: Jeff Layton <jlayton@redhat.com> +Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> --- net/sunrpc/rpc_pipe.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) @@ -42,9 +46,5 @@ index 5d973b2..b185548 100644 RPC_PIPEFS_UMOUNT, sb); -- -1.8.4.2 +1.8.5.3 --- -To unsubscribe from this list: send the line "unsubscribe linux-nfs" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD index fde1a6099..b55ac3cc2 100644 --- a/kernels/linux-libre-grsec/PKGBUILD +++ b/kernels/linux-libre-grsec/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 204288 2014-01-16 11:41:25Z tpowa $ +# $Id: PKGBUILD 207134 2014-03-07 14:06:45Z thomas $ # Maintainer: Tobias Powalowski <tpowa@archlinux.org> # Maintainer: Thomas Baechler <thomas@archlinux.org> # Maintainer (Parabola): André Silva <emulatorman@parabola.nu> @@ -9,13 +9,13 @@ pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel #pkgbase=linux-libre-custom # Build kernel with a different name -_basekernel=3.12 -_sublevel=8 +_basekernel=3.13 +_sublevel=6 _grsecver=3.0 -_timestamp=201401191015 +_timestamp=201403072241 pkgver=${_basekernel}.${_sublevel} pkgrel=1 -_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.6 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -33,37 +33,43 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'boot-logo.patch' 'change-default-console-loglevel.patch' 'criu-no-expert.patch' - 'sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch' - 'sunrpc-replace-gssd_running-with-more-reliable-check.patch' - 'nfs-check-gssd-running-before-krb5i-auth.patch' - 'rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch' - 'sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch' - 'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch' + '0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch' + '0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch' + '0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch' + '0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch' + '0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch' + '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch' + '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch' + '0001-Bluetooth-allocate-static-minor-for-vhci.patch' + 'i8042-fix-aliases.patch' 'module-blacklist.conf' 'sysctl.conf' 'known-exploit-detection.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") -md5sums=('254f59707b6676b59ce5ca5c3c698319' - '392f920129940c4f83c7d204468213f3' - 'a7dd09d05b98cca3b7c00098698bdd38' - 'ce2f5067862192ce2dcb897e362b24f6' - '93ff5264c547d894cc68e0c30a0dbdd8' +md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' + 'bd937981937fd3c7a553fc770236e640' + 'dfb03774a36dc625b96a53feaa6efb3e' + '21da34d98cc007a78a11660863537c0d' + 'd4b95575b9cc32b7ba4ad8624972ddf9' '5f66bed97a5c37e48eb2f71b2d354b9a' '2967cecc3af9f954ccc822fd63dca6ff' '8267264d9a8966e57fdacd1fa1fc65c4' '14bb375a8a1d86d2875f72fcbaa03f3e' '0892ce6045478bea4a005a6d82c0819e' 'b5509f6c3889a1b32f2e1f90ee2508f1' - 'd4a75f77e6bd5d700dcd534cd5f0dfce' - 'dc86fdc37615c97f03c1e0c31b7b833a' - '88eef9d3b5012ef7e82af1af8cc4e517' - 'cec0bb8981936eab2943b2009b7a6fff' - '88d9cddf9e0050a76ec4674f264fb2a1' - 'cb9016630212ef07b168892fbcfd4e5d' + 'dd2adb99cd3feed6f11022562901965c' + 'b00cc399d3797cb0793e18b5bf387a50' + '7cbd2349cdf046acc37b652c06ba36be' + '10dbaf863e22b2437e68f9190d65c861' + 'd5907a721b97299f0685c583499f7820' + 'a724515b350b29c53f20e631c6cf9a14' + 'e6fa278c092ad83780e2dd0568e24ca6' + '06f1751777e0772c18c3fa4fbae91aa5' + '93dbf73af819b77f03453a9c6de2bb47' 'f93ef6157fbb23820bd5ae08fd3f451e' '0db7629711f4ed76bd1f9da9f97bc4ea' - '34f7e421a25ebc3c1406e04db56accfa' - '0569e96c071703cc244f1ea7ee87d40a') + 'cb789bf97bc65fd4cf240d99df9c24c0' + '55af6fa41f01c22369175dbacd9ad7b0') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] @@ -77,7 +83,7 @@ prepare() { cd "${srcdir}/linux-${_basekernel}" if [ "${_basekernel}" != "${pkgver}" ]; then - patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu" + patch -p1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu" fi # add grsecurity patches @@ -85,30 +91,43 @@ prepare() { rm localversion-grsec # add freedo as boot logo - patch -Np1 -i "${srcdir}/boot-logo.patch" + patch -p1 -i "${srcdir}/boot-logo.patch" - # fix issue on Hal8188EFWImg_CE.c deblobbed file - sed -i "\|DEBLOBBED| s|,||" drivers/staging/rtl8188eu/hal/Hal8188EFWImg_CE.c + # add latest fixes from stable queue, if needed + # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) - patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch" + patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" - # allow criu without expert option set - # patch from fedora - patch -Np1 -i "${srcdir}/criu-no-expert.patch" + # allow Checkpoint/restore (for criu) without EXPERT=y + patch -p1 -i "${srcdir}/criu-no-expert.patch" # fix 15 seconds nfs delay - patch -Np1 -i "${srcdir}/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch" - patch -Np1 -i "${srcdir}/sunrpc-replace-gssd_running-with-more-reliable-check.patch" - patch -Np1 -i "${srcdir}/nfs-check-gssd-running-before-krb5i-auth.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 + patch -p1 -i "${srcdir}/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=89f842435c630f8426f414e6030bc2ffea0d6f81 + patch -p1 -i "${srcdir}/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=6aa23d76a7b549521a03b63b6d5b7880ea87eab7 + patch -p1 -i "${srcdir}/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch" + # fix nfs kernel oops - # #37866 - patch -Np1 -i "${srcdir}/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch" - patch -Np1 -i "${srcdir}/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=3396f92f8be606ea485b0a82d4e7749a448b013b + patch -p1 -i "${srcdir}/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=e2f0c83a9de331d9352185ca3642616c13127539 + patch -p1 -i "${srcdir}/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=23e66ba97127ff3b064d4c6c5138aa34eafc492f + patch -p1 -i "${srcdir}/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch" + + # Fix symbols: Revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83460ec8dcac14142e7860a01fa59c267ac4657c + patch -Rp1 -i "${srcdir}/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch" + + # Fix i8042 aliases + patch -p1 -i "${srcdir}/i8042-fix-aliases.patch" - patch -Np1 -i "${srcdir}/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch" + # Fix vhci warning in kmod (to restore every kernel maintainer's sanity) + patch -p1 -i "${srcdir}/0001-Bluetooth-allocate-static-minor-for-vhci.patch" # add known exploit detection patch # http://lkml.org/lkml/2013/12/12/358 @@ -119,8 +138,8 @@ prepare() { sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ < "${srcdir}/lxo-config.patch" > lxo-config.patch msg2 "Adding loongson-community patches" - patch -Np1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch - patch -Np0 -i lxo-config.patch + patch -p1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch + patch -p0 -i lxo-config.patch # ensure N32, add localversion, remove uevent helper as per # https://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=README @@ -146,10 +165,6 @@ prepare() { # don't run depmod on 'make install'. We'll do this ourselves in packaging sed -i '2iexit 0' scripts/depmod.sh -} - -build() { - cd "${srcdir}/linux-${_basekernel}" # get kernel version make prepare @@ -164,21 +179,11 @@ build() { # rewrite configuration yes "" | make config >/dev/null +} - # save configuration for later reuse - if [ "${CARCH}" = "x86_64" ]; then - cat .config > "${startdir}/config.x86_64.last" - else - cat .config > "${startdir}/config.i686.last" - fi - - #################### - # stop here - # this is useful to configure the kernel - #msg "Stopping build"; return 1 - #################### +build() { + cd "${srcdir}/linux-${_basekernel}" - # build! if [ "$CARCH" == "mips64el" ]; then # The build system passes it directly to linker, disable to avoid # having unknown -Wl,... options. @@ -227,12 +232,9 @@ _package() { cp vmlinuz "${pkgdir}/boot/vmlinuz-${pkgbase}" cp vmlinux "${pkgdir}/boot/vmlinux-${pkgbase}" else - cp "arch/${KARCH}/boot/bzImage" "${pkgdir}/boot/vmlinuz-${pkgbase}" + cp arch/${KARCH}/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" fi - # add vmlinux - install -D -m644 vmlinux "${pkgdir}/usr/src/linux-${_kernver}/vmlinux" - # set correct depmod command for install cp -f "${startdir}/${install}" "${startdir}/${install}.pkg" true && install=${install}.pkg @@ -269,16 +271,20 @@ _package() { echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}/version" # Now we call depmod... - depmod -b "$pkgdir" -F System.map "$_kernver" + depmod -b "${pkgdir}" -F System.map "${_kernver}" # move module tree /lib -> /usr/lib - mv "$pkgdir/lib" "$pkgdir/usr" + mkdir -p "${pkgdir}/usr" + mv "${pkgdir}/lib" "${pkgdir}/usr/" # copy sysctl configuration install -Dm600 "$srcdir/sysctl.conf" "$pkgdir/etc/sysctl.d/05-grsecurity.conf" # copy kernel module blacklist install -Dm600 "$srcdir/module-blacklist.conf" "$pkgdir/etc/modprobe.d/dma.conf" + + # add vmlinux + install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" } _package-headers() { @@ -298,130 +304,127 @@ _package-headers() { install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" - cd "${pkgdir}/usr/lib/modules/${_kernver}" - ln -sf ../../../src/linux-${_kernver} build - cd "${srcdir}/linux-${_basekernel}" install -D -m644 Makefile \ - "${pkgdir}/usr/src/linux-${_kernver}/Makefile" + "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile" install -D -m644 kernel/Makefile \ - "${pkgdir}/usr/src/linux-${_kernver}/kernel/Makefile" + "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile" install -D -m644 .config \ - "${pkgdir}/usr/src/linux-${_kernver}/.config" + "${pkgdir}/usr/lib/modules/${_kernver}/build/.config" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include" for i in acpi asm-generic config crypto drm generated keys linux math-emu \ media net pcmcia scsi sound trace uapi video xen; do - cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/" + cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/" done # copy arch includes for external modules - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}" - cp -a "arch/${KARCH}/include" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}" + cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" # copy files necessary for later builds - cp Module.symvers "${pkgdir}/usr/src/linux-${_kernver}" - cp -a scripts "${pkgdir}/usr/src/linux-${_kernver}" + cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build" if [ "$CARCH" = "mips64el" ]; then - cp "arch/${KARCH}/Kbuild" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" - cp -a "arch/${KARCH}/loongson" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" - cp "${srcdir}/Kbuild.platforms" "${pkgdir}/usr/src/linux-${_kernver}/arch/$KARCH/" + cp arch/${KARCH}/Kbuild "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + cp -a arch/${KARCH}/loongson "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + cp ${srcdir}/Kbuild.platforms "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" fi # fix permissions on scripts dir - chmod og-w -R "${pkgdir}/usr/src/linux-${_kernver}/scripts" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/.tmp_versions" + chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel" - cp arch/${KARCH}/Makefile "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" if [ "${CARCH}" = "i686" ]; then - cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" fi - cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel/" + cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/" # add headers for lirc package # pci for i in bt8xx cx88 saa7134; do - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}" - cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}" + cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}" done # usb for i in cpia2 em28xx pwc sn9c102; do - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}" - cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}" + cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}" done # i2c - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c" - cp drivers/media/i2c/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c" + cp drivers/media/i2c/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" for i in cx25840; do - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}" - cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}" + cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}" done # add docbook makefile install -D -m644 Documentation/DocBook/Makefile \ - "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" + "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" # add dm headers - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" - cp drivers/md/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" + cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" # add inotify.h - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/linux" - cp include/linux/inotify.h "${pkgdir}/usr/src/linux-${_kernver}/include/linux/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux" + cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/" # add wireless headers - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" - cp net/mac80211/*.h "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" + cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" # add dvb headers for external modules # in reference to: # http://bugs.archlinux.org/task/9912 - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core" - cp drivers/media/dvb-core/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core" + cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/" # and... # http://bugs.archlinux.org/task/11194 - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" - cp include/config/dvb/*.h "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" + cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new # in reference to: # http://bugs.archlinux.org/task/13146 - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" - cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" - cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" # add dvb headers # in reference to: # http://bugs.archlinux.org/task/20402 - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb" - cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb/" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends" - cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners" - cp drivers/media/tuners/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb" + cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends" + cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners" + cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/" # add xfs and shmem for aufs building - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/mm" - cp fs/xfs/xfs_sb.h "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs/xfs_sb.h" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm" + cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h" # copy in Kconfig files - for i in `find . -name "Kconfig*"`; do - mkdir -p "${pkgdir}"/usr/src/linux-${_kernver}/`echo ${i} | sed 's|/Kconfig.*||'` - cp ${i} "${pkgdir}/usr/src/linux-${_kernver}/${i}" + for i in $(find . -name "Kconfig*"); do + mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'` + cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}" done - chown -R root.root "${pkgdir}/usr/src/linux-${_kernver}" - find "${pkgdir}/usr/src/linux-${_kernver}" -type d -exec chmod 755 {} \; + chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build" + find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \; # strip scripts directory - find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do + find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do case "$(file -bi "${binary}")" in *application/x-sharedlib*) # Libraries (.so) /usr/bin/strip ${STRIP_SHARED} "${binary}";; @@ -433,11 +436,11 @@ _package-headers() { done # remove unneeded architectures - rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} + rm -rf "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} if [ "$CARCH" = "mips64el" ]; then - rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/x86 + rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/x86 else - rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/mips + rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/mips fi } @@ -449,13 +452,13 @@ _package-docs() { cd "${srcdir}/linux-${_basekernel}" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}" - cp -al Documentation "${pkgdir}/usr/src/linux-${_kernver}" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build" find "${pkgdir}" -type f -exec chmod 444 {} \; find "${pkgdir}" -type d -exec chmod 755 {} \; # remove a file already in linux package - rm -f "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" + rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" } pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") diff --git a/kernels/linux-libre-grsec/config.i686 b/kernels/linux-libre-grsec/config.i686 index c3c5d2d9c..07840923d 100644 --- a/kernels/linux-libre-grsec/config.i686 +++ b/kernels/linux-libre-grsec/config.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.12.7-1 Kernel Configuration +# Linux/x86 3.13.0 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -38,7 +38,6 @@ CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_32_SMP=y CONFIG_X86_HT=y CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx" -CONFIG_ARCH_CPU_PROBE_RELEASE=y CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" CONFIG_IRQ_WORK=y @@ -75,7 +74,6 @@ CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y -CONFIG_AUDIT_LOGINUID_IMMUTABLE=y # # IRQ subsystem @@ -159,7 +157,7 @@ CONFIG_CFS_BANDWIDTH=y CONFIG_RT_GROUP_SCHED=y CONFIG_BLK_CGROUP=y # CONFIG_DEBUG_BLK_CGROUP is not set -# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_CHECKPOINT_RESTORE=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y @@ -240,7 +238,6 @@ CONFIG_HAVE_KPROBES_ON_FTRACE=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_HAVE_DMA_ATTRS=y CONFIG_HAVE_DMA_CONTIGUOUS=y -CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y @@ -274,6 +271,7 @@ CONFIG_HAVE_GENERIC_DMA_COHERENT=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -469,6 +467,7 @@ CONFIG_FRONTSWAP=y # CONFIG_CMA is not set CONFIG_ZBUD=y CONFIG_ZSWAP=y +CONFIG_MEM_SOFT_DIRTY=y # CONFIG_HIGHPTE is not set CONFIG_X86_CHECK_BIOS_CORRUPTION=y CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y @@ -492,7 +491,9 @@ CONFIG_HZ_300=y # CONFIG_HZ_1000 is not set CONFIG_HZ=300 CONFIG_SCHED_HRTICK=y +CONFIG_KEXEC=y # CONFIG_CRASH_DUMP is not set +# CONFIG_KEXEC_JUMP is not set CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y CONFIG_X86_NEED_RELOCS=y @@ -510,6 +511,8 @@ CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_SUSPEND=y CONFIG_SUSPEND_FREEZER=y CONFIG_HIBERNATE_CALLBACKS=y +CONFIG_HIBERNATION=y +CONFIG_PM_STD_PARTITION="" CONFIG_PM_SLEEP=y CONFIG_PM_SLEEP_SMP=y CONFIG_PM_AUTOSLEEP=y @@ -522,13 +525,13 @@ CONFIG_PM_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y # CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_SLEEP_DEBUG=y +# CONFIG_DPM_WATCHDOG is not set CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y CONFIG_ACPI=y CONFIG_ACPI_SLEEP=y # CONFIG_ACPI_PROCFS is not set -# CONFIG_ACPI_PROCFS_POWER is not set CONFIG_ACPI_EC_DEBUGFS=m CONFIG_ACPI_AC=m CONFIG_ACPI_BATTERY=m @@ -543,7 +546,6 @@ CONFIG_ACPI_PROCESSOR_AGGREGATOR=m CONFIG_ACPI_THERMAL=m # CONFIG_ACPI_CUSTOM_DSDT is not set CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y -CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=y CONFIG_X86_PM_TIMER=y @@ -554,9 +556,11 @@ CONFIG_ACPI_CUSTOM_METHOD=m CONFIG_ACPI_BGRT=y CONFIG_ACPI_APEI=y CONFIG_ACPI_APEI_GHES=y +CONFIG_ACPI_APEI_PCIEAER=y CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_EINJ=m CONFIG_ACPI_APEI_ERST_DEBUG=m +CONFIG_ACPI_EXTLOG=m CONFIG_SFI=y CONFIG_X86_APM_BOOT=y CONFIG_APM=y @@ -570,7 +574,6 @@ CONFIG_APM_DO_ENABLE=y # CPU Frequency scaling # CONFIG_CPU_FREQ=y -CONFIG_CPU_FREQ_TABLE=y CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=m CONFIG_CPU_FREQ_STAT_DETAILS=y @@ -636,7 +639,17 @@ CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y CONFIG_PCI_OLPC=y CONFIG_PCI_DOMAINS=y -# CONFIG_PCIEPORTBUS is not set +CONFIG_PCIEPORTBUS=y +CONFIG_HOTPLUG_PCI_PCIE=y +CONFIG_PCIEAER=y +# CONFIG_PCIE_ECRC is not set +# CONFIG_PCIEAER_INJECT is not set +CONFIG_PCIEASPM=y +# CONFIG_PCIEASPM_DEBUG is not set +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y CONFIG_PCI_MSI=y # CONFIG_PCI_DEBUG is not set CONFIG_PCI_REALLOC_ENABLE_AUTO=y @@ -661,7 +674,7 @@ CONFIG_OLPC_XO1_PM=y CONFIG_OLPC_XO1_RTC=y CONFIG_OLPC_XO1_SCI=y CONFIG_OLPC_XO15_SCI=y -# CONFIG_ALIX is not set +CONFIG_ALIX=y # CONFIG_NET5501 is not set # CONFIG_GEOS is not set CONFIG_AMD_NB=y @@ -696,6 +709,7 @@ CONFIG_HOTPLUG_PCI_CPCI_ZT5550=m CONFIG_HOTPLUG_PCI_CPCI_GENERIC=m CONFIG_HOTPLUG_PCI_SHPC=m CONFIG_RAPIDIO=y +CONFIG_RAPIDIO_TSI721=y CONFIG_RAPIDIO_DISC_TIMEOUT=30 # CONFIG_RAPIDIO_ENABLE_RX_TX_PORTS is not set CONFIG_RAPIDIO_DMA_ENGINE=y @@ -791,7 +805,6 @@ CONFIG_DEFAULT_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y -CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y @@ -805,6 +818,7 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_INET6_XFRM_MODE_BEET=m CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m +CONFIG_IPV6_VTI=m CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y @@ -867,6 +881,17 @@ CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_SIP=m CONFIG_NF_NAT_TFTP=m CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=m +CONFIG_NFT_EXTHDR=m +CONFIG_NFT_META=m +CONFIG_NFT_CT=m +CONFIG_NFT_RBTREE=m +CONFIG_NFT_HASH=m +CONFIG_NFT_COUNTER=m +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_NAT=m +CONFIG_NFT_COMPAT=m CONFIG_NETFILTER_XTABLES=m # @@ -961,7 +986,9 @@ CONFIG_IP_SET_HASH_IP=m CONFIG_IP_SET_HASH_IPPORT=m CONFIG_IP_SET_HASH_IPPORTIP=m CONFIG_IP_SET_HASH_IPPORTNET=m +CONFIG_IP_SET_HASH_NETPORTNET=m CONFIG_IP_SET_HASH_NET=m +CONFIG_IP_SET_HASH_NETNET=m CONFIG_IP_SET_HASH_NETPORT=m CONFIG_IP_SET_HASH_NETIFACE=m CONFIG_IP_SET_LIST_SET=m @@ -1012,6 +1039,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m # CONFIG_NF_CONNTRACK_PROC_COMPAT is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m @@ -1044,6 +1076,9 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m +CONFIG_NF_TABLES_IPV6=m +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m @@ -1064,6 +1099,7 @@ CONFIG_IP6_NF_SECURITY=m CONFIG_NF_NAT_IPV6=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -1200,6 +1236,7 @@ CONFIG_NET_CLS_RSVP=m CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=y +CONFIG_NET_CLS_BPF=m # CONFIG_NET_EMATCH is not set CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=m @@ -1229,6 +1266,7 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m CONFIG_NETLINK_MMAP=y CONFIG_NETLINK_DIAG=m CONFIG_NET_MPLS_GSO=m +CONFIG_HSR=m CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1396,6 +1434,7 @@ CONFIG_WIMAX_DEBUG_LEVEL=8 CONFIG_RFKILL=m CONFIG_RFKILL_LEDS=y CONFIG_RFKILL_INPUT=y +CONFIG_RFKILL_GPIO=m CONFIG_NET_9P=m CONFIG_NET_9P_VIRTIO=m # CONFIG_NET_9P_DEBUG is not set @@ -1407,6 +1446,7 @@ CONFIG_CEPH_LIB=m # CONFIG_CEPH_LIB_PRETTYDEBUG is not set # CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set CONFIG_NFC=m +CONFIG_NFC_DIGITAL=m CONFIG_NFC_NCI=m # CONFIG_NFC_NCI_SPI is not set CONFIG_NFC_HCI=m @@ -1419,6 +1459,7 @@ CONFIG_NFC_PN533=m CONFIG_NFC_WILINK=m CONFIG_NFC_MEI_PHY=m CONFIG_NFC_SIM=m +CONFIG_NFC_PORT100=m CONFIG_NFC_PN544=m CONFIG_NFC_PN544_MEI=m CONFIG_NFC_MICROREAD=m @@ -1581,6 +1622,7 @@ CONFIG_OF_PCI=y CONFIG_OF_PCI_IRQ=y CONFIG_OF_MTD=y CONFIG_PARPORT=m +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set @@ -1600,10 +1642,10 @@ CONFIG_ISAPNP=y # CONFIG_PNPBIOS is not set CONFIG_PNPACPI=y CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set CONFIG_BLK_DEV_FD=m # CONFIG_PARIDE is not set CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m -CONFIG_BLK_CPQ_DA=m CONFIG_BLK_CPQ_CISS_DA=m # CONFIG_CISS_SCSI_TAPE is not set CONFIG_BLK_DEV_DAC960=m @@ -1698,6 +1740,14 @@ CONFIG_ALTERA_STAPL=m CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m CONFIG_VMWARE_VMCI=m + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# CONFIG_HAVE_IDE=y # CONFIG_IDE is not set @@ -1989,7 +2039,6 @@ CONFIG_MD_MULTIPATH=m CONFIG_MD_FAULTY=m CONFIG_BCACHE=m # CONFIG_BCACHE_DEBUG is not set -# CONFIG_BCACHE_EDEBUG is not set # CONFIG_BCACHE_CLOSURES_DEBUG is not set CONFIG_BLK_DEV_DM=m # CONFIG_DM_DEBUG is not set @@ -2004,8 +2053,8 @@ CONFIG_DM_CACHE=m CONFIG_DM_CACHE_MQ=m CONFIG_DM_CACHE_CLEANER=m CONFIG_DM_MIRROR=m -CONFIG_DM_RAID=m CONFIG_DM_LOG_USERSPACE=m +CONFIG_DM_RAID=m CONFIG_DM_ZERO=m CONFIG_DM_MULTIPATH=m CONFIG_DM_MULTIPATH_QL=m @@ -2400,6 +2449,7 @@ CONFIG_USB_NET_AX88179_178A=m CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m +CONFIG_USB_NET_HUAWEI_CDC_NCM=m CONFIG_USB_NET_CDC_MBIM=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SR9700=m @@ -2484,6 +2534,8 @@ CONFIG_ATH10K_PCI=m # CONFIG_ATH10K_DEBUG is not set CONFIG_ATH10K_DEBUGFS=y # CONFIG_ATH10K_TRACING is not set +CONFIG_WCN36XX=m +# CONFIG_WCN36XX_DEBUGFS is not set CONFIG_B43=m CONFIG_B43_BCMA=y CONFIG_B43_SSB=y @@ -2584,6 +2636,7 @@ CONFIG_RT2800USB_RT53XX=y CONFIG_RT2800USB_RT55XX=y CONFIG_RT2800USB_UNKNOWN=y CONFIG_RT2800_LIB=m +CONFIG_RT2800_LIB_MMIO=m CONFIG_RT2X00_LIB_MMIO=m CONFIG_RT2X00_LIB_PCI=m CONFIG_RT2X00_LIB_USB=m @@ -2797,7 +2850,7 @@ CONFIG_INPUT_MATRIXKMAP=m # # Userland interfaces # -CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV=m CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 @@ -2811,7 +2864,7 @@ CONFIG_INPUT_EVDEV=m CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ADP5588=m CONFIG_KEYBOARD_ADP5589=m -CONFIG_KEYBOARD_ATKBD=y +CONFIG_KEYBOARD_ATKBD=m CONFIG_KEYBOARD_QT1070=m CONFIG_KEYBOARD_QT2160=m # CONFIG_KEYBOARD_LKKBD is not set @@ -2842,7 +2895,7 @@ CONFIG_MOUSE_PS2_ELANTECH=y CONFIG_MOUSE_PS2_SENTELIC=y # CONFIG_MOUSE_PS2_TOUCHKIT is not set CONFIG_MOUSE_PS2_OLPC=y -CONFIG_MOUSE_SERIAL=y +CONFIG_MOUSE_SERIAL=m CONFIG_MOUSE_APPLETOUCH=m CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_CYAPA=m @@ -2961,7 +3014,9 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m # CONFIG_TOUCHSCREEN_TSC2005 is not set CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_ST1232=m +CONFIG_TOUCHSCREEN_SUR40=m CONFIG_TOUCHSCREEN_TPS6507X=m +CONFIG_TOUCHSCREEN_ZFORCE=m CONFIG_INPUT_MISC=y CONFIG_INPUT_AD714X=m CONFIG_INPUT_AD714X_I2C=m @@ -2987,7 +3042,6 @@ CONFIG_INPUT_RETU_PWRBUTTON=m CONFIG_INPUT_UINPUT=m CONFIG_INPUT_PCF50633_PMU=m CONFIG_INPUT_PCF8574=m -# CONFIG_INPUT_PWM_BEEPER is not set CONFIG_INPUT_GPIO_ROTARY_ENCODER=m CONFIG_INPUT_ADXL34X=m CONFIG_INPUT_ADXL34X_I2C=m @@ -3000,19 +3054,20 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m # # Hardware I/O ports # -CONFIG_SERIO=y -CONFIG_SERIO_I8042=y +CONFIG_SERIO=m +CONFIG_SERIO_I8042=m CONFIG_SERIO_SERPORT=m CONFIG_SERIO_CT82C710=m CONFIG_SERIO_PARKBD=m CONFIG_SERIO_PCIPS2=m -CONFIG_SERIO_LIBPS2=y +CONFIG_SERIO_LIBPS2=m CONFIG_SERIO_RAW=m CONFIG_SERIO_ALTERA_PS2=m CONFIG_SERIO_PS2MULT=m CONFIG_SERIO_ARC_PS2=m CONFIG_SERIO_APBPS2=m CONFIG_SERIO_OLPC_APSP=m +CONFIG_HYPERV_KEYBOARD=m CONFIG_GAMEPORT=m CONFIG_GAMEPORT_NS558=m CONFIG_GAMEPORT_L4=m @@ -3089,7 +3144,6 @@ CONFIG_SERIAL_ARC_NR_PORTS=1 CONFIG_SERIAL_RP2=m CONFIG_SERIAL_RP2_NR_UARTS=32 CONFIG_SERIAL_FSL_LPUART=m -CONFIG_SERIAL_ST_ASC=m CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set CONFIG_PPDEV=m @@ -3128,10 +3182,13 @@ CONFIG_NSC_GPIO=m # CONFIG_RAW_DRIVER is not set CONFIG_HPET=y CONFIG_HPET_MMAP=y +CONFIG_HPET_MMAP_DEFAULT=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS=m +CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m +CONFIG_TCG_TIS_I2C_NUVOTON=m CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m @@ -3233,7 +3290,6 @@ CONFIG_SPI_MASTER=y # CONFIG_SPI_GPIO is not set # CONFIG_SPI_LM70_LLP is not set # CONFIG_SPI_FSL_SPI is not set -# CONFIG_SPI_FSL_DSPI is not set # CONFIG_SPI_OC_TINY is not set # CONFIG_SPI_PXA2XX is not set # CONFIG_SPI_PXA2XX_PCI is not set @@ -3275,8 +3331,8 @@ CONFIG_PTP_1588_CLOCK=m CONFIG_DP83640_PHY=m CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y -CONFIG_GPIO_DEVRES=y CONFIG_GPIOLIB=y +CONFIG_GPIO_DEVRES=y CONFIG_OF_GPIO=y CONFIG_GPIO_ACPI=y # CONFIG_DEBUG_GPIO is not set @@ -3311,7 +3367,7 @@ CONFIG_GPIO_ARIZONA=m # CONFIG_GPIO_CS5535=y CONFIG_GPIO_AMD8111=m -# CONFIG_GPIO_LANGWELL is not set +# CONFIG_GPIO_INTEL_MID is not set # CONFIG_GPIO_PCH is not set # CONFIG_GPIO_ML_IOH is not set # CONFIG_GPIO_SODAVILLE is not set @@ -3328,7 +3384,7 @@ CONFIG_GPIO_AMD8111=m # # AC97 GPIO expanders: # -CONFIG_GPIO_UCB1400=y +CONFIG_GPIO_UCB1400=m # # LPC GPIO expanders: @@ -3337,6 +3393,7 @@ CONFIG_GPIO_UCB1400=y # # MODULbus GPIO expanders: # +# CONFIG_GPIO_BCM_KONA is not set # # USB GPIO expanders: @@ -3362,6 +3419,7 @@ CONFIG_BATTERY_OLPC=m # CONFIG_CHARGER_GPIO is not set # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_BQ24190 is not set +CONFIG_CHARGER_BQ24735=m # CONFIG_CHARGER_SMB347 is not set CONFIG_POWER_RESET=y CONFIG_POWER_RESET_GPIO=y @@ -4093,7 +4151,7 @@ CONFIG_VIDEO_UPD64031A=m CONFIG_VIDEO_UPD64083=m # -# Miscelaneous helper chips +# Miscellaneous helper chips # CONFIG_VIDEO_M52790=m @@ -4169,6 +4227,7 @@ CONFIG_DVB_TUNER_CX24113=m CONFIG_DVB_TDA826X=m CONFIG_DVB_TUA6100=m CONFIG_DVB_CX24116=m +CONFIG_DVB_CX24117=m CONFIG_DVB_SI21XX=m CONFIG_DVB_TS2020=m CONFIG_DVB_DS3000=m @@ -4280,6 +4339,7 @@ CONFIG_VGA_SWITCHEROO=y CONFIG_DRM=m CONFIG_DRM_USB=m CONFIG_DRM_KMS_HELPER=m +CONFIG_DRM_KMS_FB_HELPER=y CONFIG_DRM_LOAD_EDID_FIRMWARE=y CONFIG_DRM_TTM=m @@ -4299,6 +4359,7 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y CONFIG_DRM_I915=m CONFIG_DRM_I915_KMS=y +CONFIG_DRM_I915_FBDEV=y # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set CONFIG_DRM_MGA=m CONFIG_DRM_SIS=m @@ -4417,7 +4478,7 @@ CONFIG_BACKLIGHT_APPLE=m # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set CONFIG_BACKLIGHT_PCF50633=m -# CONFIG_BACKLIGHT_LM3630 is not set +CONFIG_BACKLIGHT_LM3630A=m # CONFIG_BACKLIGHT_LM3639 is not set # CONFIG_BACKLIGHT_LP855X is not set # CONFIG_BACKLIGHT_OT200 is not set @@ -4636,6 +4697,7 @@ CONFIG_SND_USB_6FIRE=m CONFIG_SND_USB_HIFACE=m CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_LIB=m +CONFIG_SND_DICE=m CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m @@ -4713,6 +4775,7 @@ CONFIG_HID_ROCCAT=m CONFIG_HID_SAITEK=m CONFIG_HID_SAMSUNG=m CONFIG_HID_SONY=m +CONFIG_SONY_FF=y CONFIG_HID_SPEEDLINK=m CONFIG_HID_STEELSERIES=m CONFIG_HID_SUNPLUS=m @@ -4945,7 +5008,6 @@ CONFIG_USB_XUSBATM=m # CONFIG_USB_PHY=y CONFIG_NOP_USB_XCEIV=m -# CONFIG_AM335X_PHY_USB is not set CONFIG_SAMSUNG_USBPHY=m CONFIG_SAMSUNG_USB2PHY=m CONFIG_SAMSUNG_USB3PHY=m @@ -4988,6 +5050,7 @@ CONFIG_USB_F_NCM=m CONFIG_USB_F_ECM=m CONFIG_USB_F_SUBSET=m CONFIG_USB_F_RNDIS=m +CONFIG_USB_F_MASS_STORAGE=m # CONFIG_USB_CONFIGFS is not set # CONFIG_USB_ZERO is not set CONFIG_USB_AUDIO=m @@ -5087,6 +5150,7 @@ CONFIG_LEDS_LP5562=m CONFIG_LEDS_CLEVO_MAIL=m CONFIG_LEDS_PCA955X=m # CONFIG_LEDS_PCA963X is not set +CONFIG_LEDS_PCA9685=m # CONFIG_LEDS_DAC124S085 is not set # CONFIG_LEDS_PWM is not set CONFIG_LEDS_BD2802=m @@ -5248,6 +5312,7 @@ CONFIG_DMA_OF=y # CONFIG_ASYNC_TX_DMA=y # CONFIG_DMATEST is not set +CONFIG_DMA_ENGINE_RAID=y CONFIG_DCA=m CONFIG_AUXDISPLAY=y CONFIG_KS0108=m @@ -5548,7 +5613,6 @@ CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m CONFIG_ASUS_LAPTOP=m -CONFIG_CHROMEOS_LAPTOP=m CONFIG_DELL_LAPTOP=m CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m @@ -5596,6 +5660,8 @@ CONFIG_APPLE_GMUX=m CONFIG_INTEL_RST=y CONFIG_INTEL_SMARTCONNECT=y CONFIG_PVPANIC=m +CONFIG_CHROME_PLATFORMS=y +CONFIG_CHROMEOS_LAPTOP=m # # Hardware Spinlock drivers @@ -5649,6 +5715,15 @@ CONFIG_FMC_WRITE_EEPROM=m CONFIG_FMC_CHARDEV=m # +# PHY Subsystem +# +CONFIG_GENERIC_PHY=m +CONFIG_PHY_EXYNOS_MIPI_VIDEO=m +CONFIG_PHY_EXYNOS_DP_VIDEO=m +CONFIG_POWERCAP=y +CONFIG_INTEL_RAPL=m + +# # Firmware Drivers # CONFIG_EDD=m @@ -5666,6 +5741,7 @@ CONFIG_ISCSI_IBFT=m # EFI (Extensible Firmware Interface) Support # # CONFIG_EFI_VARS is not set +CONFIG_UEFI_CPER=y # # File systems @@ -5813,6 +5889,11 @@ CONFIG_UBIFS_FS_ZLIB=y CONFIG_LOGFS=m CONFIG_CRAMFS=m CONFIG_SQUASHFS=m +# CONFIG_SQUASHFS_FILE_CACHE is not set +CONFIG_SQUASHFS_FILE_DIRECT=y +# CONFIG_SQUASHFS_DECOMP_SINGLE is not set +# CONFIG_SQUASHFS_DECOMP_MULTI is not set +CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_LZO=y @@ -5842,6 +5923,7 @@ CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y +CONFIG_F2FS_CHECK_FS=y CONFIG_EFIVAR_FS=y CONFIG_ORE=m CONFIG_NETWORK_FILESYSTEMS=y @@ -5857,6 +5939,7 @@ CONFIG_PNFS_FILE_LAYOUT=m CONFIG_PNFS_BLOCK=m CONFIG_PNFS_OBJLAYOUT=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org" +CONFIG_NFS_V4_1_MIGRATION=y CONFIG_NFS_V4_SECURITY_LABEL=y CONFIG_NFS_FSCACHE=y # CONFIG_NFS_USE_LEGACY_DNS is not set @@ -5994,6 +6077,7 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_FRAME_POINTER=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 CONFIG_DEBUG_KERNEL=y # @@ -6130,6 +6214,7 @@ CONFIG_LKDTM=m # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_RBTREE_TEST is not set # CONFIG_INTERVAL_TREE_TEST is not set +CONFIG_PERCPU_TEST=m # CONFIG_ATOMIC64_SELFTEST is not set CONFIG_ASYNC_RAID6_TEST=m # CONFIG_TEST_STRING_HELPERS is not set @@ -6144,6 +6229,7 @@ CONFIG_STRICT_DEVMEM=y CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set +CONFIG_EARLY_PRINTK_EFI=y # CONFIG_X86_PTDUMP is not set CONFIG_DEBUG_RODATA=y # CONFIG_DEBUG_RODATA_TEST is not set @@ -6253,6 +6339,7 @@ CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODHARDEN=y CONFIG_GRKERNSEC_HIDESYM=y +# CONFIG_GRKERNSEC_RANDSTRUCT is not set CONFIG_GRKERNSEC_KERN_LOCKOUT=y # @@ -6355,6 +6442,8 @@ CONFIG_GRKERNSEC_SYSCTL_ON=y CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=6 CONFIG_KEYS=y +CONFIG_PERSISTENT_KEYRINGS=y +CONFIG_BIG_KEYS=y CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEYS_DEBUG_PROC_KEYS is not set @@ -6365,8 +6454,16 @@ CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set -# CONFIG_SECURITY_SELINUX is not set -# CONFIG_SECURITY_SMACK is not set +CONFIG_LSM_MMAP_MIN_ADDR=65536 +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 +# CONFIG_SECURITY_SELINUX_DISABLE is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set +CONFIG_SECURITY_SMACK=y CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 @@ -6379,6 +6476,8 @@ CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_YAMA_STACKED=y # CONFIG_IMA is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set # CONFIG_DEFAULT_SECURITY_YAMA is not set @@ -6419,7 +6518,7 @@ CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_TEST=m -CONFIG_CRYPTO_ABLK_HELPER_X86=m +CONFIG_CRYPTO_ABLK_HELPER=m CONFIG_CRYPTO_GLUE_HELPER_X86=m # @@ -6513,6 +6612,7 @@ CONFIG_CRYPTO_ANSI_CPRNG=m CONFIG_CRYPTO_USER_API=m CONFIG_CRYPTO_USER_API_HASH=m CONFIG_CRYPTO_USER_API_SKCIPHER=m +CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_HW=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m @@ -6533,6 +6633,7 @@ CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y +CONFIG_KVM_VFIO=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_INTEL=m @@ -6569,6 +6670,7 @@ CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m CONFIG_AUDIT_GENERIC=y +# CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_LZO_COMPRESS=y @@ -6602,6 +6704,7 @@ CONFIG_TEXTSEARCH_KMP=m CONFIG_TEXTSEARCH_BM=m CONFIG_TEXTSEARCH_FSM=m CONFIG_BTREE=y +CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y diff --git a/kernels/linux-libre-grsec/config.x86_64 b/kernels/linux-libre-grsec/config.x86_64 index 31b5c76ac..f89860f78 100644 --- a/kernels/linux-libre-grsec/config.x86_64 +++ b/kernels/linux-libre-grsec/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.12.7-1 Kernel Configuration +# Linux/x86 3.13.0 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -39,7 +39,6 @@ CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_64_SMP=y CONFIG_X86_HT=y CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" -CONFIG_ARCH_CPU_PROBE_RELEASE=y CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" CONFIG_IRQ_WORK=y @@ -76,7 +75,6 @@ CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y -CONFIG_AUDIT_LOGINUID_IMMUTABLE=y # # IRQ subsystem @@ -143,6 +141,7 @@ CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=19 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y CONFIG_ARCH_USES_NUMA_PROT_NONE=y CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y @@ -167,6 +166,7 @@ CONFIG_CFS_BANDWIDTH=y CONFIG_RT_GROUP_SCHED=y CONFIG_BLK_CGROUP=y # CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CHECKPOINT_RESTORE=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y @@ -246,7 +246,6 @@ CONFIG_HAVE_OPTPROBES=y CONFIG_HAVE_KPROBES_ON_FTRACE=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_HAVE_DMA_ATTRS=y -CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y @@ -266,10 +265,12 @@ CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y CONFIG_HAVE_ARCH_SOFT_DIRTY=y CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y CONFIG_OLD_SIGSUSPEND3=y CONFIG_COMPAT_OLD_SIGACTION=y @@ -281,6 +282,7 @@ CONFIG_COMPAT_OLD_SIGACTION=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -412,6 +414,7 @@ CONFIG_MICROCODE=m # CONFIG_MICROCODE_INTEL is not set # CONFIG_MICROCODE_AMD is not set CONFIG_MICROCODE_OLD_INTERFACE=y +CONFIG_X86_MSR=m CONFIG_X86_CPUID=m CONFIG_ARCH_PHYS_ADDR_T_64BIT=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y @@ -426,6 +429,7 @@ CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SPARSEMEM_DEFAULT=y CONFIG_ARCH_SELECT_MEMORY_MODEL=y CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 CONFIG_SELECT_MEMORY_MODEL=y CONFIG_SPARSEMEM_MANUAL=y @@ -447,6 +451,7 @@ CONFIG_MEMORY_HOTPLUG_SPARSE=y CONFIG_MEMORY_HOTREMOVE=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y CONFIG_BALLOON_COMPACTION=y CONFIG_COMPACTION=y CONFIG_MIGRATION=y @@ -459,6 +464,7 @@ CONFIG_KSM=y CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y CONFIG_MEMORY_FAILURE=y +CONFIG_HWPOISON_INJECT=m CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set @@ -468,6 +474,7 @@ CONFIG_FRONTSWAP=y # CONFIG_CMA is not set CONFIG_ZBUD=y CONFIG_ZSWAP=y +CONFIG_MEM_SOFT_DIRTY=y CONFIG_X86_CHECK_BIOS_CORRUPTION=y CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y CONFIG_X86_RESERVE_LOW=64 @@ -489,13 +496,16 @@ CONFIG_HZ_300=y # CONFIG_HZ_1000 is not set CONFIG_HZ=300 CONFIG_SCHED_HRTICK=y +CONFIG_KEXEC=y # CONFIG_CRASH_DUMP is not set +CONFIG_KEXEC_JUMP=y CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set # CONFIG_DEBUG_HOTPLUG_CPU0 is not set +# CONFIG_COMPAT_VDSO is not set # CONFIG_CMDLINE_BOOL is not set CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y @@ -504,9 +514,12 @@ CONFIG_USE_PERCPU_NUMA_NODE_ID=y # # Power management and ACPI options # +CONFIG_ARCH_HIBERNATION_HEADER=y CONFIG_SUSPEND=y CONFIG_SUSPEND_FREEZER=y CONFIG_HIBERNATE_CALLBACKS=y +CONFIG_HIBERNATION=y +CONFIG_PM_STD_PARTITION="" CONFIG_PM_SLEEP=y CONFIG_PM_SLEEP_SMP=y CONFIG_PM_AUTOSLEEP=y @@ -519,13 +532,13 @@ CONFIG_PM_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y # CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_SLEEP_DEBUG=y +# CONFIG_DPM_WATCHDOG is not set CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y # CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set CONFIG_ACPI=y CONFIG_ACPI_SLEEP=y # CONFIG_ACPI_PROCFS is not set -# CONFIG_ACPI_PROCFS_POWER is not set CONFIG_ACPI_EC_DEBUGFS=m CONFIG_ACPI_AC=m CONFIG_ACPI_BATTERY=m @@ -541,7 +554,6 @@ CONFIG_ACPI_THERMAL=m CONFIG_ACPI_NUMA=y # CONFIG_ACPI_CUSTOM_DSDT is not set CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y -CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=y CONFIG_X86_PM_TIMER=y @@ -553,16 +565,17 @@ CONFIG_ACPI_CUSTOM_METHOD=m CONFIG_ACPI_BGRT=y CONFIG_ACPI_APEI=y CONFIG_ACPI_APEI_GHES=y +CONFIG_ACPI_APEI_PCIEAER=y CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_EINJ=m CONFIG_ACPI_APEI_ERST_DEBUG=m +CONFIG_ACPI_EXTLOG=m CONFIG_SFI=y # # CPU Frequency scaling # CONFIG_CPU_FREQ=y -CONFIG_CPU_FREQ_TABLE=y CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=m CONFIG_CPU_FREQ_STAT_DETAILS=y @@ -617,7 +630,17 @@ CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y CONFIG_PCI_XEN=y CONFIG_PCI_DOMAINS=y -# CONFIG_PCIEPORTBUS is not set +CONFIG_PCIEPORTBUS=y +CONFIG_HOTPLUG_PCI_PCIE=y +CONFIG_PCIEAER=y +# CONFIG_PCIE_ECRC is not set +# CONFIG_PCIEAER_INJECT is not set +CONFIG_PCIEASPM=y +# CONFIG_PCIEASPM_DEBUG is not set +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y CONFIG_PCI_MSI=y # CONFIG_PCI_DEBUG is not set CONFIG_PCI_REALLOC_ENABLE_AUTO=y @@ -661,6 +684,7 @@ CONFIG_HOTPLUG_PCI_CPCI_ZT5550=m CONFIG_HOTPLUG_PCI_CPCI_GENERIC=m CONFIG_HOTPLUG_PCI_SHPC=m CONFIG_RAPIDIO=y +CONFIG_RAPIDIO_TSI721=y CONFIG_RAPIDIO_DISC_TIMEOUT=30 # CONFIG_RAPIDIO_ENABLE_RX_TX_PORTS is not set CONFIG_RAPIDIO_DMA_ENGINE=y @@ -764,7 +788,6 @@ CONFIG_DEFAULT_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y -CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y @@ -778,6 +801,7 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_INET6_XFRM_MODE_BEET=m CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m +CONFIG_IPV6_VTI=m CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y @@ -840,6 +864,17 @@ CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_SIP=m CONFIG_NF_NAT_TFTP=m CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=m +CONFIG_NFT_EXTHDR=m +CONFIG_NFT_META=m +CONFIG_NFT_CT=m +CONFIG_NFT_RBTREE=m +CONFIG_NFT_HASH=m +CONFIG_NFT_COUNTER=m +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_NAT=m +CONFIG_NFT_COMPAT=m CONFIG_NETFILTER_XTABLES=m # @@ -934,7 +969,9 @@ CONFIG_IP_SET_HASH_IP=m CONFIG_IP_SET_HASH_IPPORT=m CONFIG_IP_SET_HASH_IPPORTIP=m CONFIG_IP_SET_HASH_IPPORTNET=m +CONFIG_IP_SET_HASH_NETPORTNET=m CONFIG_IP_SET_HASH_NET=m +CONFIG_IP_SET_HASH_NETNET=m CONFIG_IP_SET_HASH_NETPORT=m CONFIG_IP_SET_HASH_NETIFACE=m CONFIG_IP_SET_LIST_SET=m @@ -985,6 +1022,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m # CONFIG_NF_CONNTRACK_PROC_COMPAT is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m @@ -1017,6 +1059,9 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m +CONFIG_NF_TABLES_IPV6=m +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m @@ -1037,6 +1082,7 @@ CONFIG_IP6_NF_SECURITY=m CONFIG_NF_NAT_IPV6=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -1169,6 +1215,7 @@ CONFIG_NET_CLS_RSVP=m CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=y +CONFIG_NET_CLS_BPF=m # CONFIG_NET_EMATCH is not set CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=m @@ -1198,6 +1245,7 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m CONFIG_NETLINK_MMAP=y CONFIG_NETLINK_DIAG=m CONFIG_NET_MPLS_GSO=m +CONFIG_HSR=m CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1361,6 +1409,7 @@ CONFIG_WIMAX_DEBUG_LEVEL=8 CONFIG_RFKILL=m CONFIG_RFKILL_LEDS=y CONFIG_RFKILL_INPUT=y +CONFIG_RFKILL_GPIO=m CONFIG_NET_9P=m CONFIG_NET_9P_VIRTIO=m # CONFIG_NET_9P_DEBUG is not set @@ -1372,6 +1421,7 @@ CONFIG_CEPH_LIB=m # CONFIG_CEPH_LIB_PRETTYDEBUG is not set # CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set CONFIG_NFC=m +CONFIG_NFC_DIGITAL=m CONFIG_NFC_NCI=m # CONFIG_NFC_NCI_SPI is not set CONFIG_NFC_HCI=m @@ -1384,6 +1434,7 @@ CONFIG_NFC_PN533=m CONFIG_NFC_WILINK=m CONFIG_NFC_MEI_PHY=m CONFIG_NFC_SIM=m +CONFIG_NFC_PORT100=m CONFIG_NFC_PN544=m CONFIG_NFC_PN544_MEI=m CONFIG_NFC_MICROREAD=m @@ -1530,6 +1581,7 @@ CONFIG_MTD_UBI_BEB_LIMIT=20 # CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set CONFIG_PARPORT=m +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set @@ -1547,10 +1599,10 @@ CONFIG_PNP=y # CONFIG_PNPACPI=y CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set CONFIG_BLK_DEV_FD=m # CONFIG_PARIDE is not set CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m -CONFIG_BLK_CPQ_DA=m CONFIG_BLK_CPQ_CISS_DA=m # CONFIG_CISS_SCSI_TAPE is not set CONFIG_BLK_DEV_DAC960=m @@ -1563,6 +1615,7 @@ CONFIG_BLK_DEV_DRBD=m # CONFIG_DRBD_FAULT_INJECTION is not set CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_NVME=m +CONFIG_BLK_DEV_SKD=m CONFIG_BLK_DEV_OSD=m CONFIG_BLK_DEV_SX8=m CONFIG_BLK_DEV_RAM=m @@ -1647,6 +1700,16 @@ CONFIG_ALTERA_STAPL=m CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m CONFIG_VMWARE_VMCI=m + +# +# Intel MIC Host Driver +# +CONFIG_INTEL_MIC_HOST=m + +# +# Intel MIC Card Driver +# +CONFIG_INTEL_MIC_CARD=m CONFIG_HAVE_IDE=y # CONFIG_IDE is not set @@ -1914,7 +1977,6 @@ CONFIG_MD_MULTIPATH=m CONFIG_MD_FAULTY=m CONFIG_BCACHE=m # CONFIG_BCACHE_DEBUG is not set -# CONFIG_BCACHE_EDEBUG is not set # CONFIG_BCACHE_CLOSURES_DEBUG is not set CONFIG_BLK_DEV_DM=m # CONFIG_DM_DEBUG is not set @@ -1929,8 +1991,8 @@ CONFIG_DM_CACHE=m CONFIG_DM_CACHE_MQ=m CONFIG_DM_CACHE_CLEANER=m CONFIG_DM_MIRROR=m -CONFIG_DM_RAID=m CONFIG_DM_LOG_USERSPACE=m +CONFIG_DM_RAID=m CONFIG_DM_ZERO=m CONFIG_DM_MULTIPATH=m CONFIG_DM_MULTIPATH_QL=m @@ -2311,6 +2373,7 @@ CONFIG_USB_NET_AX88179_178A=m CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m +CONFIG_USB_NET_HUAWEI_CDC_NCM=m CONFIG_USB_NET_CDC_MBIM=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SR9700=m @@ -2395,6 +2458,8 @@ CONFIG_ATH10K_PCI=m # CONFIG_ATH10K_DEBUG is not set CONFIG_ATH10K_DEBUGFS=y # CONFIG_ATH10K_TRACING is not set +CONFIG_WCN36XX=m +# CONFIG_WCN36XX_DEBUGFS is not set CONFIG_B43=m CONFIG_B43_BCMA=y CONFIG_B43_SSB=y @@ -2495,6 +2560,7 @@ CONFIG_RT2800USB_RT53XX=y CONFIG_RT2800USB_RT55XX=y CONFIG_RT2800USB_UNKNOWN=y CONFIG_RT2800_LIB=m +CONFIG_RT2800_LIB_MMIO=m CONFIG_RT2X00_LIB_MMIO=m CONFIG_RT2X00_LIB_PCI=m CONFIG_RT2X00_LIB_USB=m @@ -2694,7 +2760,7 @@ CONFIG_INPUT_MATRIXKMAP=m # # Userland interfaces # -CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV=m CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 @@ -2708,7 +2774,7 @@ CONFIG_INPUT_EVDEV=m CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ADP5588=m CONFIG_KEYBOARD_ADP5589=m -CONFIG_KEYBOARD_ATKBD=y +CONFIG_KEYBOARD_ATKBD=m CONFIG_KEYBOARD_QT1070=m CONFIG_KEYBOARD_QT2160=m # CONFIG_KEYBOARD_LKKBD is not set @@ -2737,8 +2803,8 @@ CONFIG_MOUSE_PS2_LIFEBOOK=y CONFIG_MOUSE_PS2_TRACKPOINT=y CONFIG_MOUSE_PS2_ELANTECH=y CONFIG_MOUSE_PS2_SENTELIC=y -# CONFIG_MOUSE_PS2_TOUCHKIT is not set -CONFIG_MOUSE_SERIAL=y +CONFIG_MOUSE_PS2_TOUCHKIT=y +CONFIG_MOUSE_SERIAL=m CONFIG_MOUSE_APPLETOUCH=m CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_CYAPA=m @@ -2851,7 +2917,9 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m # CONFIG_TOUCHSCREEN_TSC2005 is not set CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_ST1232=m +CONFIG_TOUCHSCREEN_SUR40=m CONFIG_TOUCHSCREEN_TPS6507X=m +CONFIG_TOUCHSCREEN_ZFORCE=m CONFIG_INPUT_MISC=y CONFIG_INPUT_AD714X=m CONFIG_INPUT_AD714X_I2C=m @@ -2889,17 +2957,18 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m # # Hardware I/O ports # -CONFIG_SERIO=y -CONFIG_SERIO_I8042=y +CONFIG_SERIO=m +CONFIG_SERIO_I8042=m CONFIG_SERIO_SERPORT=m CONFIG_SERIO_CT82C710=m CONFIG_SERIO_PARKBD=m CONFIG_SERIO_PCIPS2=m -CONFIG_SERIO_LIBPS2=y +CONFIG_SERIO_LIBPS2=m CONFIG_SERIO_RAW=m CONFIG_SERIO_ALTERA_PS2=m CONFIG_SERIO_PS2MULT=m CONFIG_SERIO_ARC_PS2=m +CONFIG_HYPERV_KEYBOARD=m CONFIG_GAMEPORT=m CONFIG_GAMEPORT_NS558=m CONFIG_GAMEPORT_L4=m @@ -2934,6 +3003,7 @@ CONFIG_N_HDLC=m CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -2973,7 +3043,6 @@ CONFIG_SERIAL_ARC_NR_PORTS=1 CONFIG_SERIAL_RP2=m CONFIG_SERIAL_RP2_NR_UARTS=32 CONFIG_SERIAL_FSL_LPUART=m -CONFIG_SERIAL_ST_ASC=m CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set CONFIG_PPDEV=m @@ -3010,16 +3079,20 @@ CONFIG_MWAVE=m # CONFIG_RAW_DRIVER is not set CONFIG_HPET=y CONFIG_HPET_MMAP=y +CONFIG_HPET_MMAP_DEFAULT=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS=m +CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m +CONFIG_TCG_TIS_I2C_NUVOTON=m CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m CONFIG_TCG_ST33_I2C=m # CONFIG_TCG_XEN is not set CONFIG_TELCLOCK=m +CONFIG_DEVPORT=y CONFIG_I2C=m CONFIG_I2C_BOARDINFO=y CONFIG_I2C_COMPAT=y @@ -3110,7 +3183,6 @@ CONFIG_SPI_MASTER=y # CONFIG_SPI_BUTTERFLY is not set # CONFIG_SPI_GPIO is not set # CONFIG_SPI_LM70_LLP is not set -# CONFIG_SPI_FSL_DSPI is not set # CONFIG_SPI_OC_TINY is not set CONFIG_SPI_PXA2XX_DMA=y CONFIG_SPI_PXA2XX=m @@ -3153,8 +3225,8 @@ CONFIG_PTP_1588_CLOCK=m CONFIG_DP83640_PHY=m CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y -CONFIG_GPIO_DEVRES=y CONFIG_GPIOLIB=y +CONFIG_GPIO_DEVRES=y CONFIG_GPIO_ACPI=y # CONFIG_DEBUG_GPIO is not set CONFIG_GPIO_SYSFS=y @@ -3186,7 +3258,7 @@ CONFIG_GPIO_ARIZONA=m # CONFIG_GPIO_CS5535=m CONFIG_GPIO_AMD8111=m -CONFIG_GPIO_LANGWELL=y +# CONFIG_GPIO_INTEL_MID is not set # CONFIG_GPIO_PCH is not set # CONFIG_GPIO_ML_IOH is not set # CONFIG_GPIO_RDC321X is not set @@ -3202,7 +3274,7 @@ CONFIG_GPIO_LANGWELL=y # # AC97 GPIO expanders: # -CONFIG_GPIO_UCB1400=y +CONFIG_GPIO_UCB1400=m # # LPC GPIO expanders: @@ -3235,6 +3307,7 @@ CONFIG_TEST_POWER=m # CONFIG_CHARGER_GPIO is not set # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_BQ24190 is not set +CONFIG_CHARGER_BQ24735=m # CONFIG_CHARGER_SMB347 is not set CONFIG_POWER_RESET=y CONFIG_POWER_AVS=y @@ -3957,7 +4030,7 @@ CONFIG_VIDEO_UPD64031A=m CONFIG_VIDEO_UPD64083=m # -# Miscelaneous helper chips +# Miscellaneous helper chips # CONFIG_VIDEO_M52790=m @@ -4033,6 +4106,7 @@ CONFIG_DVB_TUNER_CX24113=m CONFIG_DVB_TDA826X=m CONFIG_DVB_TUA6100=m CONFIG_DVB_CX24116=m +CONFIG_DVB_CX24117=m CONFIG_DVB_SI21XX=m CONFIG_DVB_TS2020=m CONFIG_DVB_DS3000=m @@ -4138,6 +4212,7 @@ CONFIG_VGA_SWITCHEROO=y CONFIG_DRM=m CONFIG_DRM_USB=m CONFIG_DRM_KMS_HELPER=m +CONFIG_DRM_KMS_FB_HELPER=y CONFIG_DRM_LOAD_EDID_FIRMWARE=y CONFIG_DRM_TTM=m @@ -4157,6 +4232,7 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y CONFIG_DRM_I915=m CONFIG_DRM_I915_KMS=y +CONFIG_DRM_I915_FBDEV=y # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set CONFIG_DRM_MGA=m CONFIG_DRM_SIS=m @@ -4271,7 +4347,7 @@ CONFIG_BACKLIGHT_APPLE=m # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set CONFIG_BACKLIGHT_PCF50633=m -# CONFIG_BACKLIGHT_LM3630 is not set +CONFIG_BACKLIGHT_LM3630A=m # CONFIG_BACKLIGHT_LM3639 is not set # CONFIG_BACKLIGHT_LP855X is not set # CONFIG_BACKLIGHT_OT200 is not set @@ -4450,6 +4526,7 @@ CONFIG_SND_USB_6FIRE=m CONFIG_SND_USB_HIFACE=m CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_LIB=m +CONFIG_SND_DICE=m CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m @@ -4527,6 +4604,7 @@ CONFIG_HID_ROCCAT=m CONFIG_HID_SAITEK=m CONFIG_HID_SAMSUNG=m CONFIG_HID_SONY=m +CONFIG_SONY_FF=y CONFIG_HID_SPEEDLINK=m CONFIG_HID_STEELSERIES=m CONFIG_HID_SUNPLUS=m @@ -4757,7 +4835,6 @@ CONFIG_USB_XUSBATM=m # CONFIG_USB_PHY=y CONFIG_NOP_USB_XCEIV=m -# CONFIG_AM335X_PHY_USB is not set CONFIG_SAMSUNG_USBPHY=m CONFIG_SAMSUNG_USB2PHY=m CONFIG_SAMSUNG_USB3PHY=m @@ -4799,6 +4876,7 @@ CONFIG_USB_F_NCM=m CONFIG_USB_F_ECM=m CONFIG_USB_F_SUBSET=m CONFIG_USB_F_RNDIS=m +CONFIG_USB_F_MASS_STORAGE=m # CONFIG_USB_CONFIGFS is not set # CONFIG_USB_ZERO is not set CONFIG_USB_AUDIO=m @@ -4899,6 +4977,7 @@ CONFIG_LEDS_LP5562=m CONFIG_LEDS_CLEVO_MAIL=m CONFIG_LEDS_PCA955X=m # CONFIG_LEDS_PCA963X is not set +CONFIG_LEDS_PCA9685=m # CONFIG_LEDS_DAC124S085 is not set CONFIG_LEDS_BD2802=m CONFIG_LEDS_INTEL_SS4200=m @@ -5055,6 +5134,7 @@ CONFIG_DMA_ACPI=y # CONFIG_ASYNC_TX_DMA=y # CONFIG_DMATEST is not set +CONFIG_DMA_ENGINE_RAID=y CONFIG_DCA=m CONFIG_AUXDISPLAY=y CONFIG_KS0108=m @@ -5255,15 +5335,11 @@ CONFIG_FT1000_PCMCIA=m # CONFIG_SPEAKUP=m CONFIG_SPEAKUP_SYNTH_ACNTSA=m -CONFIG_SPEAKUP_SYNTH_ACNTPC=m CONFIG_SPEAKUP_SYNTH_APOLLO=m CONFIG_SPEAKUP_SYNTH_AUDPTR=m CONFIG_SPEAKUP_SYNTH_BNS=m CONFIG_SPEAKUP_SYNTH_DECTLK=m CONFIG_SPEAKUP_SYNTH_DECEXT=m -CONFIG_SPEAKUP_SYNTH_DECPC=m -CONFIG_SPEAKUP_SYNTH_DTLK=m -CONFIG_SPEAKUP_SYNTH_KEYPC=m CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m @@ -5329,7 +5405,6 @@ CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m CONFIG_ASUS_LAPTOP=m -CONFIG_CHROMEOS_LAPTOP=m CONFIG_DELL_LAPTOP=m CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m @@ -5375,6 +5450,8 @@ CONFIG_APPLE_GMUX=m CONFIG_INTEL_RST=m CONFIG_INTEL_SMARTCONNECT=y CONFIG_PVPANIC=m +CONFIG_CHROME_PLATFORMS=y +CONFIG_CHROMEOS_LAPTOP=m # # Hardware Spinlock drivers @@ -5426,6 +5503,14 @@ CONFIG_FMC_WRITE_EEPROM=m CONFIG_FMC_CHARDEV=m # +# PHY Subsystem +# +CONFIG_GENERIC_PHY=m +CONFIG_PHY_EXYNOS_MIPI_VIDEO=m +CONFIG_POWERCAP=y +CONFIG_INTEL_RAPL=m + +# # Firmware Drivers # CONFIG_EDD=m @@ -5443,6 +5528,7 @@ CONFIG_ISCSI_IBFT=m # EFI (Extensible Firmware Interface) Support # # CONFIG_EFI_VARS is not set +CONFIG_UEFI_CPER=y # # File systems @@ -5549,7 +5635,9 @@ CONFIG_NTFS_RW=y # Pseudo filesystems # CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y @@ -5589,6 +5677,11 @@ CONFIG_UBIFS_FS_ZLIB=y CONFIG_LOGFS=m CONFIG_CRAMFS=m CONFIG_SQUASHFS=m +# CONFIG_SQUASHFS_FILE_CACHE is not set +CONFIG_SQUASHFS_FILE_DIRECT=y +# CONFIG_SQUASHFS_DECOMP_SINGLE is not set +# CONFIG_SQUASHFS_DECOMP_MULTI is not set +CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_LZO=y @@ -5618,6 +5711,7 @@ CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y +CONFIG_F2FS_CHECK_FS=y CONFIG_EFIVAR_FS=y CONFIG_ORE=m CONFIG_NETWORK_FILESYSTEMS=y @@ -5633,6 +5727,7 @@ CONFIG_PNFS_FILE_LAYOUT=m CONFIG_PNFS_BLOCK=m CONFIG_PNFS_OBJLAYOUT=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org" +CONFIG_NFS_V4_1_MIGRATION=y CONFIG_NFS_V4_SECURITY_LABEL=y CONFIG_NFS_FSCACHE=y # CONFIG_NFS_USE_LEGACY_DNS is not set @@ -5770,6 +5865,7 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_FRAME_POINTER=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 CONFIG_DEBUG_KERNEL=y # @@ -5828,7 +5924,7 @@ CONFIG_STACKTRACE=y # CONFIG_DEBUG_KOBJECT is not set CONFIG_DEBUG_BUGVERBOSE=y # CONFIG_DEBUG_WRITECOUNT is not set -CONFIG_DEBUG_LIST=y +# CONFIG_DEBUG_LIST is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set # CONFIG_DEBUG_CREDENTIALS is not set @@ -5846,6 +5942,7 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=60 # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set # CONFIG_NOTIFIER_ERROR_INJECTION is not set # CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y # CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set CONFIG_USER_STACKTRACE_SUPPORT=y @@ -5905,10 +6002,13 @@ CONFIG_LKDTM=m # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_RBTREE_TEST is not set # CONFIG_INTERVAL_TREE_TEST is not set +CONFIG_PERCPU_TEST=m # CONFIG_ATOMIC64_SELFTEST is not set CONFIG_ASYNC_RAID6_TEST=m # CONFIG_TEST_STRING_HELPERS is not set CONFIG_TEST_KSTRTOX=m +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_FIREWIRE_OHCI_REMOTE_DMA is not set # CONFIG_DMA_API_DEBUG is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y @@ -5917,7 +6017,11 @@ CONFIG_STRICT_DEVMEM=y CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set +CONFIG_EARLY_PRINTK_EFI=y # CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA=y +# CONFIG_DEBUG_RODATA_TEST is not set +# CONFIG_DEBUG_SET_MODULE_RONX is not set # CONFIG_DEBUG_NX_TEST is not set CONFIG_DOUBLEFAULT=y # CONFIG_DEBUG_TLBFLUSH is not set @@ -6019,6 +6123,7 @@ CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODHARDEN=y CONFIG_GRKERNSEC_HIDESYM=y +# CONFIG_GRKERNSEC_RANDSTRUCT is not set CONFIG_GRKERNSEC_KERN_LOCKOUT=y # @@ -6121,6 +6226,8 @@ CONFIG_GRKERNSEC_SYSCTL_ON=y CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=6 CONFIG_KEYS=y +CONFIG_PERSISTENT_KEYRINGS=y +CONFIG_BIG_KEYS=y CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEYS_DEBUG_PROC_KEYS is not set @@ -6131,8 +6238,16 @@ CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set -# CONFIG_SECURITY_SELINUX is not set -# CONFIG_SECURITY_SMACK is not set +CONFIG_LSM_MMAP_MIN_ADDR=65536 +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 +# CONFIG_SECURITY_SELINUX_DISABLE is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set +CONFIG_SECURITY_SMACK=y CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 @@ -6142,9 +6257,14 @@ CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_YAMA=y +CONFIG_SECURITY_YAMA_STACKED=y # CONFIG_IMA is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set +# CONFIG_DEFAULT_SECURITY_YAMA is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_EXPLOIT_DETECTION=y @@ -6182,7 +6302,7 @@ CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_TEST=m -CONFIG_CRYPTO_ABLK_HELPER_X86=m +CONFIG_CRYPTO_ABLK_HELPER=m CONFIG_CRYPTO_GLUE_HELPER_X86=m # @@ -6232,7 +6352,7 @@ CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA1_SSSE3=m CONFIG_CRYPTO_SHA256_SSSE3=m CONFIG_CRYPTO_SHA512_SSSE3=m -CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA256=m CONFIG_CRYPTO_SHA512=m CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_WP512=m @@ -6291,6 +6411,7 @@ CONFIG_CRYPTO_ANSI_CPRNG=m CONFIG_CRYPTO_USER_API=m CONFIG_CRYPTO_USER_API_HASH=m CONFIG_CRYPTO_USER_API_SKCIPHER=m +CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_HW=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m @@ -6308,6 +6429,7 @@ CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y +CONFIG_KVM_VFIO=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_INTEL=m @@ -6330,7 +6452,6 @@ CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_IO=y CONFIG_PERCPU_RWSEM=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y -CONFIG_CMPXCHG_LOCKREF=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=m @@ -6344,6 +6465,7 @@ CONFIG_CRC32_SLICEBY8=y CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m +# CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_LZO_COMPRESS=y @@ -6377,6 +6499,7 @@ CONFIG_TEXTSEARCH_KMP=m CONFIG_TEXTSEARCH_BM=m CONFIG_TEXTSEARCH_FSM=m CONFIG_BTREE=y +CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y diff --git a/kernels/linux-libre-grsec/i8042-fix-aliases.patch b/kernels/linux-libre-grsec/i8042-fix-aliases.patch new file mode 100644 index 000000000..961968c78 --- /dev/null +++ b/kernels/linux-libre-grsec/i8042-fix-aliases.patch @@ -0,0 +1,113 @@ +commit 5a420e61e39862c7c3356080eddb23dfe4ccadb7
+Author: Tom Gundersen <teg@jklm.no>
+Date: Sun Jan 26 17:00:32 2014 +0100
+
+ Input: i8042 - fix PNP modaliases when both aux and kdb are enabled
+
+ Commit 78551277e4 exposed the PNP modaliases for the i8042 module. However,
+ when both the aux and the kbd drivers are enabled the aux entries would
+ override the kdb ones.
+
+ Refactor the device_id lists, and unconditionally attempt to load the driver
+ if either a kdb or aux devices is present.
+
+ Signed-off-by: Tom Gundersen <teg@jklm.no>
+
+diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
+index 0ec9abb..dbc6958 100644
+--- a/drivers/input/serio/i8042-x86ia64io.h
++++ b/drivers/input/serio/i8042-x86ia64io.h
+@@ -747,25 +747,27 @@ static int i8042_pnp_aux_probe(struct pnp_dev *dev, const struct pnp_device_id *
+ return 0;
+ }
+
+-static struct pnp_device_id pnp_kbd_devids[] = {
+- { .id = "PNP0300", .driver_data = 0 },
+- { .id = "PNP0301", .driver_data = 0 },
+- { .id = "PNP0302", .driver_data = 0 },
+- { .id = "PNP0303", .driver_data = 0 },
+- { .id = "PNP0304", .driver_data = 0 },
+- { .id = "PNP0305", .driver_data = 0 },
+- { .id = "PNP0306", .driver_data = 0 },
+- { .id = "PNP0309", .driver_data = 0 },
+- { .id = "PNP030a", .driver_data = 0 },
+- { .id = "PNP030b", .driver_data = 0 },
+- { .id = "PNP0320", .driver_data = 0 },
+- { .id = "PNP0343", .driver_data = 0 },
+- { .id = "PNP0344", .driver_data = 0 },
+- { .id = "PNP0345", .driver_data = 0 },
++#define KBD_DEVIDS \
++ { .id = "PNP0300", .driver_data = 0 }, \
++ { .id = "PNP0301", .driver_data = 0 }, \
++ { .id = "PNP0302", .driver_data = 0 }, \
++ { .id = "PNP0303", .driver_data = 0 }, \
++ { .id = "PNP0304", .driver_data = 0 }, \
++ { .id = "PNP0305", .driver_data = 0 }, \
++ { .id = "PNP0306", .driver_data = 0 }, \
++ { .id = "PNP0309", .driver_data = 0 }, \
++ { .id = "PNP030a", .driver_data = 0 }, \
++ { .id = "PNP030b", .driver_data = 0 }, \
++ { .id = "PNP0320", .driver_data = 0 }, \
++ { .id = "PNP0343", .driver_data = 0 }, \
++ { .id = "PNP0344", .driver_data = 0 }, \
++ { .id = "PNP0345", .driver_data = 0 }, \
+ { .id = "CPQA0D7", .driver_data = 0 },
++
++static struct pnp_device_id pnp_kbd_devids[] = {
++ KBD_DEVIDS
+ { .id = "", },
+ };
+-MODULE_DEVICE_TABLE(pnp, pnp_kbd_devids);
+
+ static struct pnp_driver i8042_pnp_kbd_driver = {
+ .name = "i8042 kbd",
+@@ -773,21 +775,23 @@ static struct pnp_driver i8042_pnp_kbd_driver = {
+ .probe = i8042_pnp_kbd_probe,
+ };
+
+-static struct pnp_device_id pnp_aux_devids[] = {
+- { .id = "AUI0200", .driver_data = 0 },
+- { .id = "FJC6000", .driver_data = 0 },
+- { .id = "FJC6001", .driver_data = 0 },
+- { .id = "PNP0f03", .driver_data = 0 },
+- { .id = "PNP0f0b", .driver_data = 0 },
+- { .id = "PNP0f0e", .driver_data = 0 },
+- { .id = "PNP0f12", .driver_data = 0 },
+- { .id = "PNP0f13", .driver_data = 0 },
+- { .id = "PNP0f19", .driver_data = 0 },
+- { .id = "PNP0f1c", .driver_data = 0 },
++#define AUX_DEVIDS \
++ { .id = "AUI0200", .driver_data = 0 }, \
++ { .id = "FJC6000", .driver_data = 0 }, \
++ { .id = "FJC6001", .driver_data = 0 }, \
++ { .id = "PNP0f03", .driver_data = 0 }, \
++ { .id = "PNP0f0b", .driver_data = 0 }, \
++ { .id = "PNP0f0e", .driver_data = 0 }, \
++ { .id = "PNP0f12", .driver_data = 0 }, \
++ { .id = "PNP0f13", .driver_data = 0 }, \
++ { .id = "PNP0f19", .driver_data = 0 }, \
++ { .id = "PNP0f1c", .driver_data = 0 }, \
+ { .id = "SYN0801", .driver_data = 0 },
++
++static struct pnp_device_id pnp_aux_devids[] = {
++ AUX_DEVIDS
+ { .id = "", },
+ };
+-MODULE_DEVICE_TABLE(pnp, pnp_aux_devids);
+
+ static struct pnp_driver i8042_pnp_aux_driver = {
+ .name = "i8042 aux",
+@@ -795,6 +799,13 @@ static struct pnp_driver i8042_pnp_aux_driver = {
+ .probe = i8042_pnp_aux_probe,
+ };
+
++static struct pnp_device_id pnp_kdb_aux_devids[] = {
++ KBD_DEVIDS
++ AUX_DEVIDS
++ { .id = "", },
++};
++MODULE_DEVICE_TABLE(pnp, pnp_kdb_aux_devids);
++
+ static void i8042_pnp_exit(void)
+ {
+ if (i8042_pnp_kbd_registered) {
diff --git a/kernels/linux-libre-grsec/known-exploit-detection.patch b/kernels/linux-libre-grsec/known-exploit-detection.patch index 4837a9ce5..7629b4d85 100644 --- a/kernels/linux-libre-grsec/known-exploit-detection.patch +++ b/kernels/linux-libre-grsec/known-exploit-detection.patch @@ -1,147 +1,29 @@ -diff --git a/include/linux/exploit.h b/include/linux/exploit.h -new file mode 100644 -index 0000000..a8df72a ---- /dev/null -+++ b/include/linux/exploit.h -@@ -0,0 +1,23 @@ -+#ifndef _LINUX_EXPLOIT_H -+#define _LINUX_EXPLOIT_H -+ -+#ifdef CONFIG_EXPLOIT_DETECTION -+extern void _exploit(const char *id); -+ -+#define exploit_on(cond, id) \ -+ do { \ -+ if (unlikely(cond)) \ -+ _exploit(id); \ -+ } while (0) -+ -+#else -+ -+#define exploit_on(cond, id) \ -+ do { \ -+ } while (0) -+ -+#endif -+ -+#define exploit(id) exploit_on(true, id) -+ -+#endif -diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..a828dfb 100644 ---- a/security/Kconfig -+++ b/security/Kconfig -@@ -167,5 +167,17 @@ config DEFAULT_SECURITY - default "yama" if DEFAULT_SECURITY_YAMA - default "" if DEFAULT_SECURITY_DAC - --endmenu -+config EXPLOIT_DETECTION -+ bool "Known exploit detection" -+ depends on PRINTK -+ default y -+ help -+ This option enables the detection of users/programs who attempt to -+ break into the kernel using publicly known (past) exploits. -+ -+ Upon detection, a message will be printed in the kernel log. - -+ The runtime overhead of enabling this option is extremely small, so -+ you are recommended to say Y. -+ -+endmenu -diff --git a/security/Makefile b/security/Makefile -index c26c81e..d152a1d 100644 ---- a/security/Makefile -+++ b/security/Makefile -@@ -28,3 +28,5 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o - # Object integrity file lists - subdir-$(CONFIG_INTEGRITY) += integrity - obj-$(CONFIG_INTEGRITY) += integrity/built-in.o -+ -+obj-$(CONFIG_EXPLOIT_DETECTION) += exploit.o -diff --git a/security/exploit.c b/security/exploit.c -new file mode 100644 -index 0000000..a732613 ---- /dev/null -+++ b/security/exploit.c -@@ -0,0 +1,28 @@ -+#include <linux/cred.h> +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index 3432443..f5af562 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -38,6 +38,7 @@ + #include <linux/uaccess.h> + #include <linux/gfp.h> + #include <linux/grsecurity.h> +#include <linux/exploit.h> -+#include <linux/printk.h> -+#include <linux/ratelimit.h> -+#include <linux/sched.h> -+ -+void _exploit(const char *id) -+{ -+ /* -+ * This function needs to be super defensive/conservative, since -+ * userspace can easily get to it from several different contexts. -+ * We don't want it to become an attack vector in itself! -+ * -+ * We can assume that we're in process context, but spinlocks may -+ * be held, etc. -+ */ -+ -+ struct task_struct *task = current; -+ pid_t pid = task_pid_nr(task); -+ uid_t uid = from_kuid(&init_user_ns, current_uid()); -+ char comm[sizeof(task->comm)]; -+ -+ get_task_comm(comm, task); -+ -+ pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n", -+ id, pid, uid, comm); -+} -+EXPORT_SYMBOL(_exploit); -diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h -index 75cef3f..65811d4 100644 ---- a/include/uapi/linux/audit.h -+++ b/include/uapi/linux/audit.h -@@ -131,6 +131,7 @@ - #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ - #define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */ - #define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */ -+#define AUDIT_ANOM_EXPLOIT 1703 /* Known exploit attempt */ - #define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */ - #define AUDIT_INTEGRITY_METADATA 1801 /* Metadata integrity verification */ - #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */ -diff --git a/security/exploit.c b/security/exploit.c -index a732613..3d8ee5b 100644 ---- a/security/exploit.c -+++ b/security/exploit.c -@@ -1,3 +1,4 @@ -+#include <linux/audit.h> - #include <linux/cred.h> - #include <linux/exploit.h> - #include <linux/printk.h> -@@ -19,9 +20,24 @@ void _exploit(const char *id) - pid_t pid = task_pid_nr(task); - uid_t uid = from_kuid(&init_user_ns, current_uid()); - char comm[sizeof(task->comm)]; -+#ifdef CONFIG_AUDIT -+ struct audit_buffer *ab; -+#endif - get_task_comm(comm, task); + #include <asm/processor.h> + #include <asm/msr.h> +@@ -184,8 +185,10 @@ static int msr_open(struct inode *inode, struct file *file) + unsigned int cpu = iminor(file_inode(file)); + struct cpuinfo_x86 *c; -+#ifdef CONFIG_AUDIT -+ ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_ANOM_EXPLOIT); -+ if (ab) { -+ audit_log_format(ab, "exploit id=%s pid=%u uid=%u auid=%u ses=%u comm=", -+ id, pid, uid, -+ from_kuid(&init_user_ns, audit_get_loginuid(task)), -+ audit_get_sessionid(task)); -+ audit_log_untrustedstring(ab, comm); -+ audit_log_end(ab); +- if (!capable(CAP_SYS_RAWIO)) ++ if (!capable(CAP_SYS_RAWIO)) { ++ exploit("CVE-2013-0268"); + return -EPERM; + } -+#endif -+ - pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n", - id, pid, uid, comm); - } + + if (cpu >= nr_cpu_ids || !cpu_online(cpu)) + return -ENXIO; /* No such CPU */ diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index bf34577..48490c1 100644 +index ee52ddd..be4c296 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -32,6 +32,7 @@ @@ -150,9 +32,9 @@ index bf34577..48490c1 100644 #include <linux/dma_remapping.h> +#include <linux/exploit.h> - struct eb_objects { - struct list_head objects; -@@ -785,8 +786,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec, + #define __EXEC_OBJECT_HAS_PIN (1<<31) + #define __EXEC_OBJECT_HAS_FENCE (1<<30) +@@ -878,8 +879,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec, * the worst case where we need to allocate the entire * relocation tree as a single array. */ @@ -164,30 +46,6 @@ index bf34577..48490c1 100644 relocs_total += exec[i].relocation_count; length = exec[i].relocation_count * -diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index 88458fa..fad04f1 100644 ---- a/arch/x86/kernel/msr.c -+++ b/arch/x86/kernel/msr.c -@@ -37,6 +37,7 @@ - #include <linux/notifier.h> - #include <linux/uaccess.h> - #include <linux/gfp.h> -+#include <linux/exploit.h> - - #include <asm/processor.h> - #include <asm/msr.h> -@@ -174,8 +175,10 @@ static int msr_open(struct inode *inode, struct file *file) - unsigned int cpu = iminor(file_inode(file)); - struct cpuinfo_x86 *c; - -- if (!capable(CAP_SYS_RAWIO)) -+ if (!capable(CAP_SYS_RAWIO)) { -+ exploit("CVE-2013-0268"); - return -EPERM; -+ } - - if (cpu >= nr_cpu_ids || !cpu_online(cpu)) - return -ENXIO; /* No such CPU */ diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c index b1ce4c7..2fe83f0 100644 --- a/fs/hfs/trans.c @@ -212,50 +70,6 @@ index b1ce4c7..2fe83f0 100644 dst = out; dstlen = HFS_MAX_NAMELEN; if (nls_io) { -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 13fb113..df7a51a 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -22,6 +22,7 @@ - #include <linux/ctype.h> - #include <linux/projid.h> - #include <linux/fs_struct.h> -+#include <linux/exploit.h> - - static struct kmem_cache *user_ns_cachep __read_mostly; - -@@ -806,11 +807,15 @@ static bool new_idmap_permitted(const struct file *file, - kuid_t uid = make_kuid(ns->parent, id); - if (uid_eq(uid, file->f_cred->fsuid)) - return true; -+ -+ exploit_on(uid_eq(uid, current_fsuid()), "CVE-2013-1959"); - } - else if (cap_setid == CAP_SETGID) { - kgid_t gid = make_kgid(ns->parent, id); - if (gid_eq(gid, file->f_cred->fsgid)) - return true; -+ -+ exploit_on(gid_eq(gid, current_fsgid()), "CVE-2013-1959"); - } - } - -@@ -822,9 +827,12 @@ static bool new_idmap_permitted(const struct file *file, - * (CAP_SETUID or CAP_SETGID) over the parent user namespace. - * And the opener of the id file also had the approprpiate capability. - */ -- if (ns_capable(ns->parent, cap_setid) && -- file_ns_capable(file, ns->parent, cap_setid)) -- return true; -+ if (ns_capable(ns->parent, cap_setid)) { -+ if (file_ns_capable(file, ns->parent, cap_setid)) -+ return true; -+ -+ exploit("CVE-2013-1959"); -+ } - - return false; - } diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c index 968ce41..5f47a1a 100644 --- a/fs/hfsplus/catalog.c @@ -304,8 +118,49 @@ index 4a4fea0..2d5e283 100644 err = -EIO; goto out; } +diff --git a/include/linux/exploit.h b/include/linux/exploit.h +new file mode 100644 +index 0000000..a8df72a +--- /dev/null ++++ b/include/linux/exploit.h +@@ -0,0 +1,23 @@ ++#ifndef _LINUX_EXPLOIT_H ++#define _LINUX_EXPLOIT_H ++ ++#ifdef CONFIG_EXPLOIT_DETECTION ++extern void _exploit(const char *id); ++ ++#define exploit_on(cond, id) \ ++ do { \ ++ if (unlikely(cond)) \ ++ _exploit(id); \ ++ } while (0) ++ ++#else ++ ++#define exploit_on(cond, id) \ ++ do { \ ++ } while (0) ++ ++#endif ++ ++#define exploit(id) exploit_on(true, id) ++ ++#endif +diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h +index 44b05a0..0a820b4 100644 +--- a/include/uapi/linux/audit.h ++++ b/include/uapi/linux/audit.h +@@ -134,6 +134,7 @@ + #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ + #define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */ + #define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */ ++#define AUDIT_ANOM_EXPLOIT 1703 /* Known exploit attempt */ + #define AUDIT_INTEGRITY_DATA 1800 /* Data integrity verification */ + #define AUDIT_INTEGRITY_METADATA 1801 /* Metadata integrity verification */ + #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */ diff --git a/kernel/events/core.c b/kernel/events/core.c -index 953c143..32b9383 100644 +index 11b21f0..a881843 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -39,6 +39,7 @@ @@ -316,7 +171,7 @@ index 953c143..32b9383 100644 #include "internal.h" -@@ -5721,6 +5722,7 @@ static void sw_perf_event_destroy(struct perf_event *event) +@@ -5772,6 +5773,7 @@ static void sw_perf_event_destroy(struct perf_event *event) static int perf_swevent_init(struct perf_event *event) { u64 event_id = event->attr.config; @@ -324,8 +179,52 @@ index 953c143..32b9383 100644 if (event->attr.type != PERF_TYPE_SOFTWARE) return -ENOENT; +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index 583473e..4614b6e 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -22,6 +22,7 @@ + #include <linux/ctype.h> + #include <linux/projid.h> + #include <linux/fs_struct.h> ++#include <linux/exploit.h> + + static struct kmem_cache *user_ns_cachep __read_mostly; + +@@ -827,11 +828,15 @@ static bool new_idmap_permitted(const struct file *file, + kuid_t uid = make_kuid(ns->parent, id); + if (uid_eq(uid, file->f_cred->fsuid)) + return true; ++ ++ exploit_on(uid_eq(uid, current_fsuid()), "CVE-2013-1959"); + } + else if (cap_setid == CAP_SETGID) { + kgid_t gid = make_kgid(ns->parent, id); + if (gid_eq(gid, file->f_cred->fsgid)) + return true; ++ ++ exploit_on(gid_eq(gid, current_fsgid()), "CVE-2013-1959"); + } + } + +@@ -843,9 +848,12 @@ static bool new_idmap_permitted(const struct file *file, + * (CAP_SETUID or CAP_SETGID) over the parent user namespace. + * And the opener of the id file also had the approprpiate capability. + */ +- if (ns_capable(ns->parent, cap_setid) && +- file_ns_capable(file, ns->parent, cap_setid)) +- return true; ++ if (ns_capable(ns->parent, cap_setid)) { ++ if (file_ns_capable(file, ns->parent, cap_setid)) ++ return true; ++ ++ exploit("CVE-2013-1959"); ++ } + + return false; + } diff --git a/net/core/sock.c b/net/core/sock.c -index 0b39e7a..c16246f 100644 +index 997c88b..5fc9f05 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -117,6 +117,7 @@ @@ -336,7 +235,7 @@ index 0b39e7a..c16246f 100644 #include <asm/uaccess.h> -@@ -1753,8 +1754,10 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len, +@@ -1758,8 +1759,10 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len, int i; err = -EMSGSIZE; @@ -348,3 +247,86 @@ index 0b39e7a..c16246f 100644 timeo = sock_sndtimeo(sk, noblock); while (!skb) { +diff --git a/security/Kconfig b/security/Kconfig +index 0ebde71..9afec5d 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -1120,5 +1120,17 @@ config DEFAULT_SECURITY + default "yama" if DEFAULT_SECURITY_YAMA + default "" if DEFAULT_SECURITY_DAC + +-endmenu ++config EXPLOIT_DETECTION ++ bool "Known exploit detection" ++ depends on PRINTK ++ default y ++ help ++ This option enables the detection of users/programs who attempt to ++ break into the kernel using publicly known (past) exploits. + ++ Upon detection, a message will be printed in the kernel log. ++ ++ The runtime overhead of enabling this option is extremely small, so ++ you are recommended to say Y. ++ ++endmenu +diff --git a/security/Makefile b/security/Makefile +index a5918e0..abc70cd 100644 +--- a/security/Makefile ++++ b/security/Makefile +@@ -27,3 +27,5 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o + # Object integrity file lists + subdir-$(CONFIG_INTEGRITY) += integrity + obj-$(CONFIG_INTEGRITY) += integrity/built-in.o ++ ++obj-$(CONFIG_EXPLOIT_DETECTION) += exploit.o +diff --git a/security/exploit.c b/security/exploit.c +new file mode 100644 +index 0000000..3d8ee5b +--- /dev/null ++++ b/security/exploit.c +@@ -0,0 +1,44 @@ ++#include <linux/audit.h> ++#include <linux/cred.h> ++#include <linux/exploit.h> ++#include <linux/printk.h> ++#include <linux/ratelimit.h> ++#include <linux/sched.h> ++ ++void _exploit(const char *id) ++{ ++ /* ++ * This function needs to be super defensive/conservative, since ++ * userspace can easily get to it from several different contexts. ++ * We don't want it to become an attack vector in itself! ++ * ++ * We can assume that we're in process context, but spinlocks may ++ * be held, etc. ++ */ ++ ++ struct task_struct *task = current; ++ pid_t pid = task_pid_nr(task); ++ uid_t uid = from_kuid(&init_user_ns, current_uid()); ++ char comm[sizeof(task->comm)]; ++#ifdef CONFIG_AUDIT ++ struct audit_buffer *ab; ++#endif ++ ++ get_task_comm(comm, task); ++ ++#ifdef CONFIG_AUDIT ++ ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_ANOM_EXPLOIT); ++ if (ab) { ++ audit_log_format(ab, "exploit id=%s pid=%u uid=%u auid=%u ses=%u comm=", ++ id, pid, uid, ++ from_kuid(&init_user_ns, audit_get_loginuid(task)), ++ audit_get_sessionid(task)); ++ audit_log_untrustedstring(ab, comm); ++ audit_log_end(ab); ++ } ++#endif ++ ++ pr_warn_ratelimited("warning: possible %s exploit attempt by pid=%u uid=%u comm=%s\n", ++ id, pid, uid, comm); ++} ++EXPORT_SYMBOL(_exploit); diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install index dfdf39530..68eb041c0 100644 --- a/kernels/linux-libre-grsec/linux-libre-grsec.install +++ b/kernels/linux-libre-grsec/linux-libre-grsec.install @@ -100,6 +100,12 @@ post_upgrade() { mkinitcpio -p linux-libre${KERNEL_NAME} fi + if [ $(vercmp $2 3.13) -lt 0 ]; then + echo ">>> WARNING: AT keyboard support is no longer built into the kernel." + echo ">>> In order to use your keyboard during early init, you MUST" + echo ">>> include the 'keyboard' hook in your mkinitcpio.conf." + fi + _add_groups _fix_permissions |