From 1c030c88a283cf4d81020831d2462e61298703af Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sat, 22 Feb 2014 01:25:07 -0200 Subject: linux-libre-grsec-3.13.4-1: updating version --- ...re-that-gss_auth-isn-t-freed-before-its-u.patch | 82 ++++++ .../0001-quirk-asm_volatile_goto.patch | 51 ++++ ...te-a-new-dummy-pipe-for-gssd-to-hold-open.patch | 241 ++++++++++++++++++ ...use-gcc-alias-instead-of-assembler-aliase.patch | 68 +++++ ...ace-sunrpc_net-gssd_running-flag-with-a-m.patch | 143 +++++++++++ ...f-gssd-is-running-before-attempting-to-us.patch | 50 ++++ ...move-the-clntXX-dir-if-creating-the-pipe-.patch | 32 +++ ...-add-an-info-file-for-the-dummy-gssd-pipe.patch | 100 ++++++++ ...x-cleanup-of-dummy-gssd-directory-when-no.patch | 50 ++++ kernels/linux-libre-grsec/PKGBUILD | 275 ++++++++++----------- kernels/linux-libre-grsec/config.i686 | 175 ++++++++++--- kernels/linux-libre-grsec/config.x86_64 | 203 ++++++++++++--- kernels/linux-libre-grsec/i8042-fix-aliases.patch | 113 +++++++++ .../nfs-check-gssd-running-before-krb5i-auth.patch | 48 ---- ...my-gssd-directory-when-notification-fails.patch | 50 ---- ...the-clntXX-dir-if-creating-the-pipe-fails.patch | 32 --- ...-add-an-info-file-for-the-dummy-gssd-pipe.patch | 96 ------- ...te-a-new-dummy-pipe-for-gssd-to-hold-open.patch | 233 ----------------- ...ace-gssd_running-with-more-reliable-check.patch | 139 ----------- 19 files changed, 1367 insertions(+), 814 deletions(-) create mode 100644 kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch create mode 100644 kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch create mode 100644 kernels/linux-libre-grsec/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch create mode 100644 kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch create mode 100644 kernels/linux-libre-grsec/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch create mode 100644 kernels/linux-libre-grsec/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch create mode 100644 kernels/linux-libre-grsec/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch create mode 100644 kernels/linux-libre-grsec/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch create mode 100644 kernels/linux-libre-grsec/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch create mode 100644 kernels/linux-libre-grsec/i8042-fix-aliases.patch delete mode 100644 kernels/linux-libre-grsec/nfs-check-gssd-running-before-krb5i-auth.patch delete mode 100644 kernels/linux-libre-grsec/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch delete mode 100644 kernels/linux-libre-grsec/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch delete mode 100644 kernels/linux-libre-grsec/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch delete mode 100644 kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch delete mode 100644 kernels/linux-libre-grsec/sunrpc-replace-gssd_running-with-more-reliable-check.patch diff --git a/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch b/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch new file mode 100644 index 000000000..93803d2e6 --- /dev/null +++ b/kernels/linux-libre-grsec/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch @@ -0,0 +1,82 @@ +From 2bd7c7b5f011b3d57e4f5625b561a6f3f2f34a81 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Sun, 16 Feb 2014 12:14:13 -0500 +Subject: [PATCH] SUNRPC: Ensure that gss_auth isn't freed before its upcall + messages + +Fix a race in which the RPC client is shutting down while the +gss daemon is processing a downcall. If the RPC client manages to +shut down before the gss daemon is done, then the struct gss_auth +used in gss_release_msg() may have already been freed. + +Link: http://lkml.kernel.org/r/1392494917.71728.YahooMailNeo@web140002.mail.bf1.yahoo.com +Reported-by: John +Reported-by: Borislav Petkov +Cc: stable@vger.kernel.org # 3.12+ +Signed-off-by: Trond Myklebust +--- + net/sunrpc/auth_gss/auth_gss.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c +index 42fdfc6..a642fd616 100644 +--- a/net/sunrpc/auth_gss/auth_gss.c ++++ b/net/sunrpc/auth_gss/auth_gss.c +@@ -108,6 +108,7 @@ struct gss_auth { + static DEFINE_SPINLOCK(pipe_version_lock); + static struct rpc_wait_queue pipe_version_rpc_waitqueue; + static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue); ++static void gss_put_auth(struct gss_auth *gss_auth); + + static void gss_free_ctx(struct gss_cl_ctx *); + static const struct rpc_pipe_ops gss_upcall_ops_v0; +@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg) + if (gss_msg->ctx != NULL) + gss_put_ctx(gss_msg->ctx); + rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue); ++ gss_put_auth(gss_msg->auth); + kfree(gss_msg); + } + +@@ -500,6 +502,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, + if (err) + goto err_free_msg; + }; ++ kref_get(&gss_auth->kref); + return gss_msg; + err_free_msg: + kfree(gss_msg); +@@ -1071,6 +1074,12 @@ gss_free_callback(struct kref *kref) + } + + static void ++gss_put_auth(struct gss_auth *gss_auth) ++{ ++ kref_put(&gss_auth->kref, gss_free_callback); ++} ++ ++static void + gss_destroy(struct rpc_auth *auth) + { + struct gss_auth *gss_auth = container_of(auth, +@@ -1091,7 +1100,7 @@ gss_destroy(struct rpc_auth *auth) + gss_auth->gss_pipe[1] = NULL; + rpcauth_destroy_credcache(auth); + +- kref_put(&gss_auth->kref, gss_free_callback); ++ gss_put_auth(gss_auth); + } + + /* +@@ -1262,7 +1271,7 @@ gss_destroy_nullcred(struct rpc_cred *cred) + call_rcu(&cred->cr_rcu, gss_free_cred_callback); + if (ctx) + gss_put_ctx(ctx); +- kref_put(&gss_auth->kref, gss_free_callback); ++ gss_put_auth(gss_auth); + } + + static void +-- +1.9.0 + diff --git a/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch b/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch new file mode 100644 index 000000000..c9ee40400 --- /dev/null +++ b/kernels/linux-libre-grsec/0001-quirk-asm_volatile_goto.patch @@ -0,0 +1,51 @@ +From a9f180345f5378ac87d80ed0bea55ba421d83859 Mon Sep 17 00:00:00 2001 +From: Steven Noonan +Date: Thu, 13 Feb 2014 07:01:07 +0000 +Subject: compiler/gcc4: Make quirk for asm_volatile_goto() unconditional + +I started noticing problems with KVM guest destruction on Linux +3.12+, where guest memory wasn't being cleaned up. I bisected it +down to the commit introducing the new 'asm goto'-based atomics, +and found this quirk was later applied to those. + +Unfortunately, even with GCC 4.8.2 (which ostensibly fixed the +known 'asm goto' bug) I am still getting some kind of +miscompilation. If I enable the asm_volatile_goto quirk for my +compiler, KVM guests are destroyed correctly and the memory is +cleaned up. + +So make the quirk unconditional for now, until bug is found +and fixed. + +Suggested-by: Linus Torvalds +Signed-off-by: Steven Noonan +Cc: Peter Zijlstra +Cc: Steven Rostedt +Cc: Jakub Jelinek +Cc: Richard Henderson +Cc: Andrew Morton +Cc: Oleg Nesterov +Cc: +Link: http://lkml.kernel.org/r/1392274867-15236-1-git-send-email-steven@uplinklabs.net +Link: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 +Signed-off-by: Ingo Molnar +--- +diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h +index ded4299..2507fd2 100644 +--- a/include/linux/compiler-gcc4.h ++++ b/include/linux/compiler-gcc4.h +@@ -75,11 +75,7 @@ + * + * (asm goto is automatically volatile - the naming reflects this.) + */ +-#if GCC_VERSION <= 40801 +-# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) +-#else +-# define asm_volatile_goto(x...) do { asm goto(x); } while (0) +-#endif ++#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) + + #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP + #if GCC_VERSION >= 40400 +-- +cgit v0.9.2 diff --git a/kernels/linux-libre-grsec/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-grsec/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch new file mode 100644 index 000000000..2d398315e --- /dev/null +++ b/kernels/linux-libre-grsec/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch @@ -0,0 +1,241 @@ +From 4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 14 Nov 2013 07:25:17 -0500 +Subject: [PATCH 1/6] sunrpc: create a new dummy pipe for gssd to hold open + +rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows +up under rpc_pipefs. That behavior gives us a reliable mechanism to tell +whether it's actually running or not. + +Create a new toplevel "gssd" directory in rpc_pipefs when it's mounted. +Under that directory create another directory called "clntXX", and then +within that a pipe called "gssd". + +We'll never send an upcall along that pipe, and any downcall written to +it will just return -EINVAL. + +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +--- + include/linux/sunrpc/rpc_pipe_fs.h | 3 +- + net/sunrpc/netns.h | 1 + + net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++++-- + net/sunrpc/sunrpc_syms.c | 8 +++- + 4 files changed, 100 insertions(+), 5 deletions(-) + +diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h +index a353e03..85f1342 100644 +--- a/include/linux/sunrpc/rpc_pipe_fs.h ++++ b/include/linux/sunrpc/rpc_pipe_fs.h +@@ -84,7 +84,8 @@ enum { + + extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb, + const unsigned char *dir_name); +-extern void rpc_pipefs_init_net(struct net *net); ++extern int rpc_pipefs_init_net(struct net *net); ++extern void rpc_pipefs_exit_net(struct net *net); + extern struct super_block *rpc_get_sb_net(const struct net *net); + extern void rpc_put_sb_net(const struct net *net); + +diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h +index 779742c..8a8e841 100644 +--- a/net/sunrpc/netns.h ++++ b/net/sunrpc/netns.h +@@ -14,6 +14,7 @@ struct sunrpc_net { + struct cache_detail *rsi_cache; + + struct super_block *pipefs_sb; ++ struct rpc_pipe *gssd_dummy; + struct mutex pipefs_sb_lock; + + struct list_head all_clients; +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index bf04b30..c23458b 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c +@@ -38,7 +38,7 @@ + #define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "") + + static struct file_system_type rpc_pipe_fs_type; +- ++static const struct rpc_pipe_ops gssd_dummy_pipe_ops; + + static struct kmem_cache *rpc_inode_cachep __read_mostly; + +@@ -1159,6 +1159,7 @@ enum { + RPCAUTH_nfsd4_cb, + RPCAUTH_cache, + RPCAUTH_nfsd, ++ RPCAUTH_gssd, + RPCAUTH_RootEOF + }; + +@@ -1195,6 +1196,10 @@ static const struct rpc_filelist files[] = { + .name = "nfsd", + .mode = S_IFDIR | S_IRUGO | S_IXUGO, + }, ++ [RPCAUTH_gssd] = { ++ .name = "gssd", ++ .mode = S_IFDIR | S_IRUGO | S_IXUGO, ++ }, + }; + + /* +@@ -1208,13 +1213,25 @@ struct dentry *rpc_d_lookup_sb(const struct super_block *sb, + } + EXPORT_SYMBOL_GPL(rpc_d_lookup_sb); + +-void rpc_pipefs_init_net(struct net *net) ++int rpc_pipefs_init_net(struct net *net) + { + struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); + ++ sn->gssd_dummy = rpc_mkpipe_data(&gssd_dummy_pipe_ops, 0); ++ if (IS_ERR(sn->gssd_dummy)) ++ return PTR_ERR(sn->gssd_dummy); ++ + mutex_init(&sn->pipefs_sb_lock); + sn->gssd_running = 1; + sn->pipe_version = -1; ++ return 0; ++} ++ ++void rpc_pipefs_exit_net(struct net *net) ++{ ++ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); ++ ++ rpc_destroy_pipe_data(sn->gssd_dummy); + } + + /* +@@ -1244,11 +1261,73 @@ void rpc_put_sb_net(const struct net *net) + } + EXPORT_SYMBOL_GPL(rpc_put_sb_net); + ++static const struct rpc_filelist gssd_dummy_clnt_dir[] = { ++ [0] = { ++ .name = "clntXX", ++ .mode = S_IFDIR | S_IRUGO | S_IXUGO, ++ }, ++}; ++ ++static ssize_t ++dummy_downcall(struct file *filp, const char __user *src, size_t len) ++{ ++ return -EINVAL; ++} ++ ++static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { ++ .upcall = rpc_pipe_generic_upcall, ++ .downcall = dummy_downcall, ++}; ++ ++/** ++ * rpc_gssd_dummy_populate - create a dummy gssd pipe ++ * @root: root of the rpc_pipefs filesystem ++ * @pipe_data: pipe data created when netns is initialized ++ * ++ * Create a dummy set of directories and a pipe that gssd can hold open to ++ * indicate that it is up and running. ++ */ ++static struct dentry * ++rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) ++{ ++ int ret = 0; ++ struct dentry *gssd_dentry; ++ struct dentry *clnt_dentry = NULL; ++ struct dentry *pipe_dentry = NULL; ++ struct qstr q = QSTR_INIT(files[RPCAUTH_gssd].name, ++ strlen(files[RPCAUTH_gssd].name)); ++ ++ /* We should never get this far if "gssd" doesn't exist */ ++ gssd_dentry = d_hash_and_lookup(root, &q); ++ if (!gssd_dentry) ++ return ERR_PTR(-ENOENT); ++ ++ ret = rpc_populate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1, NULL); ++ if (ret) { ++ pipe_dentry = ERR_PTR(ret); ++ goto out; ++ } ++ ++ q.name = gssd_dummy_clnt_dir[0].name; ++ q.len = strlen(gssd_dummy_clnt_dir[0].name); ++ clnt_dentry = d_hash_and_lookup(gssd_dentry, &q); ++ if (!clnt_dentry) { ++ pipe_dentry = ERR_PTR(-ENOENT); ++ goto out; ++ } ++ ++ pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); ++out: ++ dput(clnt_dentry); ++ dput(gssd_dentry); ++ return pipe_dentry; ++} ++ + static int + rpc_fill_super(struct super_block *sb, void *data, int silent) + { + struct inode *inode; +- struct dentry *root; ++ struct dentry *root, *gssd_dentry; + struct net *net = data; + struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); + int err; +@@ -1266,6 +1345,13 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) + return -ENOMEM; + if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL)) + return -ENOMEM; ++ ++ gssd_dentry = rpc_gssd_dummy_populate(root, sn->gssd_dummy); ++ if (IS_ERR(gssd_dentry)) { ++ __rpc_depopulate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF); ++ return PTR_ERR(gssd_dentry); ++ } ++ + dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n", + net, NET_NAME(net)); + mutex_lock(&sn->pipefs_sb_lock); +@@ -1280,6 +1366,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) + return 0; + + err_depopulate: ++ dput(gssd_dentry); + blocking_notifier_call_chain(&rpc_pipefs_notifier_list, + RPC_PIPEFS_UMOUNT, + sb); +diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c +index 3d6498a..cd30120 100644 +--- a/net/sunrpc/sunrpc_syms.c ++++ b/net/sunrpc/sunrpc_syms.c +@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(struct net *net) + if (err) + goto err_unixgid; + +- rpc_pipefs_init_net(net); ++ err = rpc_pipefs_init_net(net); ++ if (err) ++ goto err_pipefs; ++ + INIT_LIST_HEAD(&sn->all_clients); + spin_lock_init(&sn->rpc_client_lock); + spin_lock_init(&sn->rpcb_clnt_lock); + return 0; + ++err_pipefs: ++ unix_gid_cache_destroy(net); + err_unixgid: + ip_map_cache_destroy(net); + err_ipmap: +@@ -60,6 +65,7 @@ err_proc: + + static __net_exit void sunrpc_exit_net(struct net *net) + { ++ rpc_pipefs_exit_net(net); + unix_gid_cache_destroy(net); + ip_map_cache_destroy(net); + rpc_proc_exit(net); +-- +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch b/kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch new file mode 100644 index 000000000..c4242e0ae --- /dev/null +++ b/kernels/linux-libre-grsec/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch @@ -0,0 +1,68 @@ +From 83460ec8dcac14142e7860a01fa59c267ac4657c Mon Sep 17 00:00:00 2001 +From: Andi Kleen +Date: Tue, 12 Nov 2013 15:08:36 -0800 +Subject: [PATCH] syscalls.h: use gcc alias instead of assembler aliases for + syscalls + +Use standard gcc __attribute__((alias(foo))) to define the syscall aliases +instead of custom assembler macros. + +This is far cleaner, and also fixes my LTO kernel build. + +Signed-off-by: Andi Kleen +Cc: Al Viro +Cc: Geert Uytterhoeven +Cc: Tetsuo Handa +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +--- + include/linux/compat.h | 4 ++-- + include/linux/syscalls.h | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/include/linux/compat.h b/include/linux/compat.h +index 345da00..ada34c9 100644 +--- a/include/linux/compat.h ++++ b/include/linux/compat.h +@@ -41,14 +41,14 @@ + COMPAT_SYSCALL_DEFINEx(6, _##name, __VA_ARGS__) + + #define COMPAT_SYSCALL_DEFINEx(x, name, ...) \ +- asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ ++ asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\ ++ __attribute__((alias(__stringify(compat_SyS##name)))); \ + static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ + asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));\ + asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\ + { \ + return C_SYSC##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \ + } \ +- SYSCALL_ALIAS(compat_sys##name, compat_SyS##name); \ + static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + + #ifndef compat_user_stack_pointer +diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h +index 7fac04e..c27f846 100644 +--- a/include/linux/syscalls.h ++++ b/include/linux/syscalls.h +@@ -184,7 +184,8 @@ extern struct trace_event_functions exit_syscall_print_funcs; + + #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__) + #define __SYSCALL_DEFINEx(x, name, ...) \ +- asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ ++ asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \ ++ __attribute__((alias(__stringify(SyS##name)))); \ + static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ + asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ +@@ -194,7 +195,6 @@ extern struct trace_event_functions exit_syscall_print_funcs; + __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \ + return ret; \ + } \ +- SYSCALL_ALIAS(sys##name, SyS##name); \ + static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + + asmlinkage long sys_time(time_t __user *tloc); +-- +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch b/kernels/linux-libre-grsec/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch new file mode 100644 index 000000000..19e04da5d --- /dev/null +++ b/kernels/linux-libre-grsec/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch @@ -0,0 +1,143 @@ +From 89f842435c630f8426f414e6030bc2ffea0d6f81 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 14 Nov 2013 07:25:18 -0500 +Subject: [PATCH 2/6] sunrpc: replace sunrpc_net->gssd_running flag with a more + reliable check + +Now that we have a more reliable method to tell if gssd is running, we +can replace the sn->gssd_running flag with a function that will query to +see if it's up and running. + +There's also no need to attempt an upcall that we know will fail, so +just return -EACCES if gssd isn't running. Finally, fix the warn_gss() +message not to claim that that the upcall timed out since we don't +necesarily perform one now when gssd isn't running, and remove the +extraneous newline from the message. + +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +--- + include/linux/sunrpc/rpc_pipe_fs.h | 2 ++ + net/sunrpc/auth_gss/auth_gss.c | 17 +++++++---------- + net/sunrpc/netns.h | 2 -- + net/sunrpc/rpc_pipe.c | 14 ++++++++++---- + 4 files changed, 19 insertions(+), 16 deletions(-) + +diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h +index 85f1342..7f490be 100644 +--- a/include/linux/sunrpc/rpc_pipe_fs.h ++++ b/include/linux/sunrpc/rpc_pipe_fs.h +@@ -131,5 +131,7 @@ extern int rpc_unlink(struct dentry *); + extern int register_rpc_pipefs(void); + extern void unregister_rpc_pipefs(void); + ++extern bool gssd_running(struct net *net); ++ + #endif + #endif +diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c +index 42fdfc6..0a2aee0 100644 +--- a/net/sunrpc/auth_gss/auth_gss.c ++++ b/net/sunrpc/auth_gss/auth_gss.c +@@ -536,8 +536,7 @@ static void warn_gssd(void) + unsigned long now = jiffies; + + if (time_after(now, ratelimit)) { +- printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n" +- "Please check user daemon is running.\n"); ++ pr_warn("RPC: AUTH_GSS upcall failed. Please check user daemon is running.\n"); + ratelimit = now + 15*HZ; + } + } +@@ -600,7 +599,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) + struct rpc_pipe *pipe; + struct rpc_cred *cred = &gss_cred->gc_base; + struct gss_upcall_msg *gss_msg; +- unsigned long timeout; + DEFINE_WAIT(wait); + int err; + +@@ -608,17 +606,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) + __func__, from_kuid(&init_user_ns, cred->cr_uid)); + retry: + err = 0; +- /* Default timeout is 15s unless we know that gssd is not running */ +- timeout = 15 * HZ; +- if (!sn->gssd_running) +- timeout = HZ >> 2; ++ /* if gssd is down, just skip upcalling altogether */ ++ if (!gssd_running(net)) { ++ warn_gssd(); ++ return -EACCES; ++ } + gss_msg = gss_setup_upcall(gss_auth, cred); + if (PTR_ERR(gss_msg) == -EAGAIN) { + err = wait_event_interruptible_timeout(pipe_version_waitqueue, +- sn->pipe_version >= 0, timeout); ++ sn->pipe_version >= 0, 15 * HZ); + if (sn->pipe_version < 0) { +- if (err == 0) +- sn->gssd_running = 0; + warn_gssd(); + err = -EACCES; + } +diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h +index 8a8e841..94e506f 100644 +--- a/net/sunrpc/netns.h ++++ b/net/sunrpc/netns.h +@@ -33,8 +33,6 @@ struct sunrpc_net { + int pipe_version; + atomic_t pipe_users; + struct proc_dir_entry *use_gssp_proc; +- +- unsigned int gssd_running; + }; + + extern int sunrpc_net_id; +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index c23458b..5cd7ad1 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c +@@ -216,14 +216,11 @@ rpc_destroy_inode(struct inode *inode) + static int + rpc_pipe_open(struct inode *inode, struct file *filp) + { +- struct net *net = inode->i_sb->s_fs_info; +- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); + struct rpc_pipe *pipe; + int first_open; + int res = -ENXIO; + + mutex_lock(&inode->i_mutex); +- sn->gssd_running = 1; + pipe = RPC_I(inode)->pipe; + if (pipe == NULL) + goto out; +@@ -1222,7 +1219,6 @@ int rpc_pipefs_init_net(struct net *net) + return PTR_ERR(sn->gssd_dummy); + + mutex_init(&sn->pipefs_sb_lock); +- sn->gssd_running = 1; + sn->pipe_version = -1; + return 0; + } +@@ -1376,6 +1372,16 @@ err_depopulate: + return err; + } + ++bool ++gssd_running(struct net *net) ++{ ++ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); ++ struct rpc_pipe *pipe = sn->gssd_dummy; ++ ++ return pipe->nreaders || pipe->nwriters; ++} ++EXPORT_SYMBOL_GPL(gssd_running); ++ + static struct dentry * + rpc_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data) +-- +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch b/kernels/linux-libre-grsec/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch new file mode 100644 index 000000000..87b54fc3e --- /dev/null +++ b/kernels/linux-libre-grsec/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch @@ -0,0 +1,50 @@ +From 6aa23d76a7b549521a03b63b6d5b7880ea87eab7 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 14 Nov 2013 07:25:19 -0500 +Subject: [PATCH 3/6] nfs: check if gssd is running before attempting to use + krb5i auth in SETCLIENTID call + +Currently, the client will attempt to use krb5i in the SETCLIENTID call +even if rpc.gssd isn't running. When that fails, it'll then fall back to +RPC_AUTH_UNIX. This introduced a delay when mounting if rpc.gssd isn't +running, and causes warning messages to pop up in the ring buffer. + +Check to see if rpc.gssd is running before even attempting to use krb5i +auth, and just silently skip trying to do so if it isn't. In the event +that the admin is actually trying to mount with krb5*, it will still +fail at a later stage of the mount attempt. + +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +--- + fs/nfs/nfs4client.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c +index b4a160a..c1b7a80 100644 +--- a/fs/nfs/nfs4client.c ++++ b/fs/nfs/nfs4client.c +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + #include "internal.h" + #include "callback.h" + #include "delegation.h" +@@ -370,7 +371,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, + __set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags); + __set_bit(NFS_CS_DISCRTRY, &clp->cl_flags); + __set_bit(NFS_CS_NO_RETRANS_TIMEOUT, &clp->cl_flags); +- error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I); ++ ++ error = -EINVAL; ++ if (gssd_running(clp->cl_net)) ++ error = nfs_create_rpc_client(clp, timeparms, ++ RPC_AUTH_GSS_KRB5I); + if (error == -EINVAL) + error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX); + if (error < 0) +-- +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch b/kernels/linux-libre-grsec/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch new file mode 100644 index 000000000..5f2c3dae8 --- /dev/null +++ b/kernels/linux-libre-grsec/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch @@ -0,0 +1,32 @@ +From 3396f92f8be606ea485b0a82d4e7749a448b013b Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 5 Dec 2013 07:33:49 -0500 +Subject: [PATCH 4/6] rpc_pipe: remove the clntXX dir if creating the pipe + fails + +In the event that we create the gssd/clntXX dir, but the pipe creation +subsequently fails, then we should remove the clntXX dir before +returning. + +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +--- + net/sunrpc/rpc_pipe.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index 5cd7ad1..0b74c61 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c +@@ -1313,6 +1313,8 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) + } + + pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); ++ if (IS_ERR(pipe_dentry)) ++ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); + out: + dput(clnt_dentry); + dput(gssd_dentry); +-- +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch b/kernels/linux-libre-grsec/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch new file mode 100644 index 000000000..8ef6fe25c --- /dev/null +++ b/kernels/linux-libre-grsec/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch @@ -0,0 +1,100 @@ +From e2f0c83a9de331d9352185ca3642616c13127539 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 5 Dec 2013 07:34:44 -0500 +Subject: [PATCH 5/6] sunrpc: add an "info" file for the dummy gssd pipe + +rpc.gssd expects to see an "info" file in each clntXX dir. Since adding +the dummy gssd pipe, users that run rpc.gssd see a lot of these messages +spamming the logs: + + rpc.gssd[508]: ERROR: can't open /var/lib/nfs/rpc_pipefs/gssd/clntXX/info: No such file or directory + rpc.gssd[508]: ERROR: failed to read service info + +Add a dummy gssd/clntXX/info file to help silence these messages. + +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +--- + net/sunrpc/rpc_pipe.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 49 insertions(+), 1 deletion(-) + +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index 0b74c61..5d973b2 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -1275,6 +1276,44 @@ static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { + .downcall = dummy_downcall, + }; + ++/* ++ * Here we present a bogus "info" file to keep rpc.gssd happy. We don't expect ++ * that it will ever use this info to handle an upcall, but rpc.gssd expects ++ * that this file will be there and have a certain format. ++ */ ++static int ++rpc_show_dummy_info(struct seq_file *m, void *v) ++{ ++ seq_printf(m, "RPC server: %s\n", utsname()->nodename); ++ seq_printf(m, "service: foo (1) version 0\n"); ++ seq_printf(m, "address: 127.0.0.1\n"); ++ seq_printf(m, "protocol: tcp\n"); ++ seq_printf(m, "port: 0\n"); ++ return 0; ++} ++ ++static int ++rpc_dummy_info_open(struct inode *inode, struct file *file) ++{ ++ return single_open(file, rpc_show_dummy_info, NULL); ++} ++ ++static const struct file_operations rpc_dummy_info_operations = { ++ .owner = THIS_MODULE, ++ .open = rpc_dummy_info_open, ++ .read = seq_read, ++ .llseek = seq_lseek, ++ .release = single_release, ++}; ++ ++static const struct rpc_filelist gssd_dummy_info_file[] = { ++ [0] = { ++ .name = "info", ++ .i_fop = &rpc_dummy_info_operations, ++ .mode = S_IFREG | S_IRUSR, ++ }, ++}; ++ + /** + * rpc_gssd_dummy_populate - create a dummy gssd pipe + * @root: root of the rpc_pipefs filesystem +@@ -1312,9 +1351,18 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) + goto out; + } + ++ ret = rpc_populate(clnt_dentry, gssd_dummy_info_file, 0, 1, NULL); ++ if (ret) { ++ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); ++ pipe_dentry = ERR_PTR(ret); ++ goto out; ++ } ++ + pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); +- if (IS_ERR(pipe_dentry)) ++ if (IS_ERR(pipe_dentry)) { ++ __rpc_depopulate(clnt_dentry, gssd_dummy_info_file, 0, 1); + __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); ++ } + out: + dput(clnt_dentry); + dput(gssd_dentry); +-- +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch b/kernels/linux-libre-grsec/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch new file mode 100644 index 000000000..75505c30d --- /dev/null +++ b/kernels/linux-libre-grsec/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch @@ -0,0 +1,50 @@ +From 23e66ba97127ff3b064d4c6c5138aa34eafc492f Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Mon, 9 Dec 2013 09:38:00 -0500 +Subject: [PATCH 6/6] rpc_pipe: fix cleanup of dummy gssd directory when + notification fails + +Currently, it could leak dentry references in some cases. Make sure +we clean up properly. + +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +--- + net/sunrpc/rpc_pipe.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c +index 5d973b2..b185548 100644 +--- a/net/sunrpc/rpc_pipe.c ++++ b/net/sunrpc/rpc_pipe.c +@@ -1369,6 +1369,18 @@ out: + return pipe_dentry; + } + ++static void ++rpc_gssd_dummy_depopulate(struct dentry *pipe_dentry) ++{ ++ struct dentry *clnt_dir = pipe_dentry->d_parent; ++ struct dentry *gssd_dir = clnt_dir->d_parent; ++ ++ __rpc_rmpipe(clnt_dir->d_inode, pipe_dentry); ++ __rpc_depopulate(clnt_dir, gssd_dummy_info_file, 0, 1); ++ __rpc_depopulate(gssd_dir, gssd_dummy_clnt_dir, 0, 1); ++ dput(pipe_dentry); ++} ++ + static int + rpc_fill_super(struct super_block *sb, void *data, int silent) + { +@@ -1412,7 +1424,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) + return 0; + + err_depopulate: +- dput(gssd_dentry); ++ rpc_gssd_dummy_depopulate(gssd_dentry); + blocking_notifier_call_chain(&rpc_pipefs_notifier_list, + RPC_PIPEFS_UMOUNT, + sb); +-- +1.8.5.3 + diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD index fde1a6099..b5aad3bbb 100644 --- a/kernels/linux-libre-grsec/PKGBUILD +++ b/kernels/linux-libre-grsec/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 204288 2014-01-16 11:41:25Z tpowa $ +# $Id: PKGBUILD 206177 2014-02-20 22:43:41Z thomas $ # Maintainer: Tobias Powalowski # Maintainer: Thomas Baechler # Maintainer (Parabola): André Silva @@ -9,13 +9,13 @@ pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel #pkgbase=linux-libre-custom # Build kernel with a different name -_basekernel=3.12 -_sublevel=8 +_basekernel=3.13 +_sublevel=4 _grsecver=3.0 -_timestamp=201401191015 +_timestamp=201402201908 pkgver=${_basekernel}.${_sublevel} pkgrel=1 -_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -33,37 +33,39 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'boot-logo.patch' 'change-default-console-loglevel.patch' 'criu-no-expert.patch' - 'sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch' - 'sunrpc-replace-gssd_running-with-more-reliable-check.patch' - 'nfs-check-gssd-running-before-krb5i-auth.patch' - 'rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch' - 'sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch' - 'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch' - 'module-blacklist.conf' - 'sysctl.conf' - 'known-exploit-detection.patch' + '0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch' + '0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch' + '0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch' + '0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch' + '0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch' + '0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch' + '0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch' + '0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch' + '0001-quirk-asm_volatile_goto.patch' + 'i8042-fix-aliases.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") -md5sums=('254f59707b6676b59ce5ca5c3c698319' - '392f920129940c4f83c7d204468213f3' - 'a7dd09d05b98cca3b7c00098698bdd38' - 'ce2f5067862192ce2dcb897e362b24f6' - '93ff5264c547d894cc68e0c30a0dbdd8' +md5sums=('98a8e803e0ed08557f3cdd4d56b0ddc1' + '3659d30b1d06dd5b7874ae04c946863b' + '98bb51189e0fe96a10362ddcbb79a134' + 'a2718a1b47c6c3b0774ce786488d22c3' + 'cbe58a543b96ae282c674875b1940e59' '5f66bed97a5c37e48eb2f71b2d354b9a' '2967cecc3af9f954ccc822fd63dca6ff' '8267264d9a8966e57fdacd1fa1fc65c4' '14bb375a8a1d86d2875f72fcbaa03f3e' '0892ce6045478bea4a005a6d82c0819e' 'b5509f6c3889a1b32f2e1f90ee2508f1' - 'd4a75f77e6bd5d700dcd534cd5f0dfce' - 'dc86fdc37615c97f03c1e0c31b7b833a' - '88eef9d3b5012ef7e82af1af8cc4e517' - 'cec0bb8981936eab2943b2009b7a6fff' - '88d9cddf9e0050a76ec4674f264fb2a1' - 'cb9016630212ef07b168892fbcfd4e5d' - 'f93ef6157fbb23820bd5ae08fd3f451e' - '0db7629711f4ed76bd1f9da9f97bc4ea' - '34f7e421a25ebc3c1406e04db56accfa' - '0569e96c071703cc244f1ea7ee87d40a') + 'dd2adb99cd3feed6f11022562901965c' + 'b00cc399d3797cb0793e18b5bf387a50' + '7cbd2349cdf046acc37b652c06ba36be' + '10dbaf863e22b2437e68f9190d65c861' + 'd5907a721b97299f0685c583499f7820' + 'a724515b350b29c53f20e631c6cf9a14' + '1ae4ec847f41fa1b6d488f956e94c893' + 'e6fa278c092ad83780e2dd0568e24ca6' + '6baa312bc166681f48e972824f3f6649' + '93dbf73af819b77f03453a9c6de2bb47' + 'ac92b702b8497d2be14f96e077a7f48f') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] @@ -77,7 +79,7 @@ prepare() { cd "${srcdir}/linux-${_basekernel}" if [ "${_basekernel}" != "${pkgver}" ]; then - patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu" + patch -p1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu" fi # add grsecurity patches @@ -85,42 +87,55 @@ prepare() { rm localversion-grsec # add freedo as boot logo - patch -Np1 -i "${srcdir}/boot-logo.patch" + patch -p1 -i "${srcdir}/boot-logo.patch" - # fix issue on Hal8188EFWImg_CE.c deblobbed file - sed -i "\|DEBLOBBED| s|,||" drivers/staging/rtl8188eu/hal/Hal8188EFWImg_CE.c + # add latest fixes from stable queue, if needed + # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) - patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch" + patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" - # allow criu without expert option set - # patch from fedora - patch -Np1 -i "${srcdir}/criu-no-expert.patch" + # allow Checkpoint/restore (for criu) without EXPERT=y + patch -p1 -i "${srcdir}/criu-no-expert.patch" # fix 15 seconds nfs delay - patch -Np1 -i "${srcdir}/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch" - patch -Np1 -i "${srcdir}/sunrpc-replace-gssd_running-with-more-reliable-check.patch" - patch -Np1 -i "${srcdir}/nfs-check-gssd-running-before-krb5i-auth.patch" - # fix nfs kernel oops - # #37866 - patch -Np1 -i "${srcdir}/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch" - patch -Np1 -i "${srcdir}/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch" - - patch -Np1 -i "${srcdir}/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=4b9a445e3eeb8bd9278b1ae51c1b3a651e370cd6 + patch -p1 -i "${srcdir}/0001-sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=89f842435c630f8426f414e6030bc2ffea0d6f81 + patch -p1 -i "${srcdir}/0002-sunrpc-replace-sunrpc_net-gssd_running-flag-with-a-m.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=6aa23d76a7b549521a03b63b6d5b7880ea87eab7 + patch -p1 -i "${srcdir}/0003-nfs-check-if-gssd-is-running-before-attempting-to-us.patch" - # add known exploit detection patch - # http://lkml.org/lkml/2013/12/12/358 - patch -Np1 -i "${srcdir}/known-exploit-detection.patch" + # fix nfs kernel oops + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=3396f92f8be606ea485b0a82d4e7749a448b013b + patch -p1 -i "${srcdir}/0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=e2f0c83a9de331d9352185ca3642616c13127539 + patch -p1 -i "${srcdir}/0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch" + # http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=23e66ba97127ff3b064d4c6c5138aa34eafc492f + patch -p1 -i "${srcdir}/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch" + + # Fix FS#38921 + # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9eb2ddb48ce3a7bd745c14a933112994647fa3cd + patch -p1 -i "${srcdir}/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch" + + # Fix symbols: Revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83460ec8dcac14142e7860a01fa59c267ac4657c + patch -Rp1 -i "${srcdir}/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch" + + # Fix i8042 aliases + patch -p1 -i "${srcdir}/i8042-fix-aliases.patch" + # Fix compile issues + # http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=a9f180345f5378ac87d80ed0bea55ba421d83859 + patch -Np1 -i "${srcdir}/0001-quirk-asm_volatile_goto.patch" if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ < "${srcdir}/lxo-config.patch" > lxo-config.patch msg2 "Adding loongson-community patches" - patch -Np1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch - patch -Np0 -i lxo-config.patch + patch -p1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch + patch -p0 -i lxo-config.patch # ensure N32, add localversion, remove uevent helper as per # https://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=README @@ -146,10 +161,6 @@ prepare() { # don't run depmod on 'make install'. We'll do this ourselves in packaging sed -i '2iexit 0' scripts/depmod.sh -} - -build() { - cd "${srcdir}/linux-${_basekernel}" # get kernel version make prepare @@ -164,21 +175,11 @@ build() { # rewrite configuration yes "" | make config >/dev/null +} - # save configuration for later reuse - if [ "${CARCH}" = "x86_64" ]; then - cat .config > "${startdir}/config.x86_64.last" - else - cat .config > "${startdir}/config.i686.last" - fi - - #################### - # stop here - # this is useful to configure the kernel - #msg "Stopping build"; return 1 - #################### +build() { + cd "${srcdir}/linux-${_basekernel}" - # build! if [ "$CARCH" == "mips64el" ]; then # The build system passes it directly to linker, disable to avoid # having unknown -Wl,... options. @@ -227,12 +228,9 @@ _package() { cp vmlinuz "${pkgdir}/boot/vmlinuz-${pkgbase}" cp vmlinux "${pkgdir}/boot/vmlinux-${pkgbase}" else - cp "arch/${KARCH}/boot/bzImage" "${pkgdir}/boot/vmlinuz-${pkgbase}" + cp arch/${KARCH}/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" fi - # add vmlinux - install -D -m644 vmlinux "${pkgdir}/usr/src/linux-${_kernver}/vmlinux" - # set correct depmod command for install cp -f "${startdir}/${install}" "${startdir}/${install}.pkg" true && install=${install}.pkg @@ -269,16 +267,20 @@ _package() { echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}/version" # Now we call depmod... - depmod -b "$pkgdir" -F System.map "$_kernver" + depmod -b "${pkgdir}" -F System.map "${_kernver}" # move module tree /lib -> /usr/lib - mv "$pkgdir/lib" "$pkgdir/usr" + mkdir -p "${pkgdir}/usr" + mv "${pkgdir}/lib" "${pkgdir}/usr/" # copy sysctl configuration install -Dm600 "$srcdir/sysctl.conf" "$pkgdir/etc/sysctl.d/05-grsecurity.conf" # copy kernel module blacklist install -Dm600 "$srcdir/module-blacklist.conf" "$pkgdir/etc/modprobe.d/dma.conf" + + # add vmlinux + install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" } _package-headers() { @@ -298,130 +300,127 @@ _package-headers() { install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" - cd "${pkgdir}/usr/lib/modules/${_kernver}" - ln -sf ../../../src/linux-${_kernver} build - cd "${srcdir}/linux-${_basekernel}" install -D -m644 Makefile \ - "${pkgdir}/usr/src/linux-${_kernver}/Makefile" + "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile" install -D -m644 kernel/Makefile \ - "${pkgdir}/usr/src/linux-${_kernver}/kernel/Makefile" + "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile" install -D -m644 .config \ - "${pkgdir}/usr/src/linux-${_kernver}/.config" + "${pkgdir}/usr/lib/modules/${_kernver}/build/.config" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include" for i in acpi asm-generic config crypto drm generated keys linux math-emu \ media net pcmcia scsi sound trace uapi video xen; do - cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/" + cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/" done # copy arch includes for external modules - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}" - cp -a "arch/${KARCH}/include" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}" + cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" # copy files necessary for later builds - cp Module.symvers "${pkgdir}/usr/src/linux-${_kernver}" - cp -a scripts "${pkgdir}/usr/src/linux-${_kernver}" + cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build" if [ "$CARCH" = "mips64el" ]; then - cp "arch/${KARCH}/Kbuild" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" - cp -a "arch/${KARCH}/loongson" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" - cp "${srcdir}/Kbuild.platforms" "${pkgdir}/usr/src/linux-${_kernver}/arch/$KARCH/" + cp arch/${KARCH}/Kbuild "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + cp -a arch/${KARCH}/loongson "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + cp ${srcdir}/Kbuild.platforms "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" fi # fix permissions on scripts dir - chmod og-w -R "${pkgdir}/usr/src/linux-${_kernver}/scripts" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/.tmp_versions" + chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel" - cp arch/${KARCH}/Makefile "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" if [ "${CARCH}" = "i686" ]; then - cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" fi - cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel/" + cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/" # add headers for lirc package # pci for i in bt8xx cx88 saa7134; do - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}" - cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}" + cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/pci/${i}" done # usb for i in cpia2 em28xx pwc sn9c102; do - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}" - cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}" + cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/${i}" done # i2c - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c" - cp drivers/media/i2c/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c" + cp drivers/media/i2c/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" for i in cx25840; do - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}" - cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}" + cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/${i}" done # add docbook makefile install -D -m644 Documentation/DocBook/Makefile \ - "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" + "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" # add dm headers - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" - cp drivers/md/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" + cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" # add inotify.h - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/linux" - cp include/linux/inotify.h "${pkgdir}/usr/src/linux-${_kernver}/include/linux/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux" + cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/" # add wireless headers - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" - cp net/mac80211/*.h "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" + cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" # add dvb headers for external modules # in reference to: # http://bugs.archlinux.org/task/9912 - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core" - cp drivers/media/dvb-core/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core" + cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/" # and... # http://bugs.archlinux.org/task/11194 - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" - cp include/config/dvb/*.h "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" + cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new # in reference to: # http://bugs.archlinux.org/task/13146 - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" - cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" - cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" # add dvb headers # in reference to: # http://bugs.archlinux.org/task/20402 - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb" - cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb/" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends" - cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners" - cp drivers/media/tuners/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb" + cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends" + cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners" + cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/" # add xfs and shmem for aufs building - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/mm" - cp fs/xfs/xfs_sb.h "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs/xfs_sb.h" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm" + cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h" # copy in Kconfig files - for i in `find . -name "Kconfig*"`; do - mkdir -p "${pkgdir}"/usr/src/linux-${_kernver}/`echo ${i} | sed 's|/Kconfig.*||'` - cp ${i} "${pkgdir}/usr/src/linux-${_kernver}/${i}" + for i in $(find . -name "Kconfig*"); do + mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'` + cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}" done - chown -R root.root "${pkgdir}/usr/src/linux-${_kernver}" - find "${pkgdir}/usr/src/linux-${_kernver}" -type d -exec chmod 755 {} \; + chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build" + find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \; # strip scripts directory - find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do + find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do case "$(file -bi "${binary}")" in *application/x-sharedlib*) # Libraries (.so) /usr/bin/strip ${STRIP_SHARED} "${binary}";; @@ -433,11 +432,11 @@ _package-headers() { done # remove unneeded architectures - rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} + rm -rf "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} if [ "$CARCH" = "mips64el" ]; then - rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/x86 + rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/x86 else - rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/mips + rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/mips fi } @@ -449,13 +448,13 @@ _package-docs() { cd "${srcdir}/linux-${_basekernel}" - mkdir -p "${pkgdir}/usr/src/linux-${_kernver}" - cp -al Documentation "${pkgdir}/usr/src/linux-${_kernver}" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build" find "${pkgdir}" -type f -exec chmod 444 {} \; find "${pkgdir}" -type d -exec chmod 755 {} \; # remove a file already in linux package - rm -f "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" + rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" } pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") diff --git a/kernels/linux-libre-grsec/config.i686 b/kernels/linux-libre-grsec/config.i686 index c3c5d2d9c..3d48a9b03 100644 --- a/kernels/linux-libre-grsec/config.i686 +++ b/kernels/linux-libre-grsec/config.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.12.7-1 Kernel Configuration +# Linux/x86 3.13.0 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -38,7 +38,6 @@ CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_32_SMP=y CONFIG_X86_HT=y CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx" -CONFIG_ARCH_CPU_PROBE_RELEASE=y CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" CONFIG_IRQ_WORK=y @@ -75,7 +74,6 @@ CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y -CONFIG_AUDIT_LOGINUID_IMMUTABLE=y # # IRQ subsystem @@ -159,7 +157,7 @@ CONFIG_CFS_BANDWIDTH=y CONFIG_RT_GROUP_SCHED=y CONFIG_BLK_CGROUP=y # CONFIG_DEBUG_BLK_CGROUP is not set -# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_CHECKPOINT_RESTORE=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y @@ -240,7 +238,6 @@ CONFIG_HAVE_KPROBES_ON_FTRACE=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_HAVE_DMA_ATTRS=y CONFIG_HAVE_DMA_CONTIGUOUS=y -CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y @@ -274,6 +271,7 @@ CONFIG_HAVE_GENERIC_DMA_COHERENT=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -469,6 +467,7 @@ CONFIG_FRONTSWAP=y # CONFIG_CMA is not set CONFIG_ZBUD=y CONFIG_ZSWAP=y +CONFIG_MEM_SOFT_DIRTY=y # CONFIG_HIGHPTE is not set CONFIG_X86_CHECK_BIOS_CORRUPTION=y CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y @@ -492,11 +491,13 @@ CONFIG_HZ_300=y # CONFIG_HZ_1000 is not set CONFIG_HZ=300 CONFIG_SCHED_HRTICK=y +CONFIG_KEXEC=y # CONFIG_CRASH_DUMP is not set +# CONFIG_KEXEC_JUMP is not set CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y CONFIG_X86_NEED_RELOCS=y -CONFIG_PHYSICAL_ALIGN=0x1000000 +CONFIG_PHYSICAL_ALIGN=0x100000 CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set # CONFIG_DEBUG_HOTPLUG_CPU0 is not set @@ -510,6 +511,8 @@ CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_SUSPEND=y CONFIG_SUSPEND_FREEZER=y CONFIG_HIBERNATE_CALLBACKS=y +CONFIG_HIBERNATION=y +CONFIG_PM_STD_PARTITION="" CONFIG_PM_SLEEP=y CONFIG_PM_SLEEP_SMP=y CONFIG_PM_AUTOSLEEP=y @@ -522,13 +525,13 @@ CONFIG_PM_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y # CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_SLEEP_DEBUG=y +# CONFIG_DPM_WATCHDOG is not set CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y CONFIG_ACPI=y CONFIG_ACPI_SLEEP=y # CONFIG_ACPI_PROCFS is not set -# CONFIG_ACPI_PROCFS_POWER is not set CONFIG_ACPI_EC_DEBUGFS=m CONFIG_ACPI_AC=m CONFIG_ACPI_BATTERY=m @@ -543,7 +546,6 @@ CONFIG_ACPI_PROCESSOR_AGGREGATOR=m CONFIG_ACPI_THERMAL=m # CONFIG_ACPI_CUSTOM_DSDT is not set CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y -CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=y CONFIG_X86_PM_TIMER=y @@ -554,9 +556,11 @@ CONFIG_ACPI_CUSTOM_METHOD=m CONFIG_ACPI_BGRT=y CONFIG_ACPI_APEI=y CONFIG_ACPI_APEI_GHES=y +CONFIG_ACPI_APEI_PCIEAER=y CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_EINJ=m CONFIG_ACPI_APEI_ERST_DEBUG=m +CONFIG_ACPI_EXTLOG=m CONFIG_SFI=y CONFIG_X86_APM_BOOT=y CONFIG_APM=y @@ -570,7 +574,6 @@ CONFIG_APM_DO_ENABLE=y # CPU Frequency scaling # CONFIG_CPU_FREQ=y -CONFIG_CPU_FREQ_TABLE=y CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=m CONFIG_CPU_FREQ_STAT_DETAILS=y @@ -636,7 +639,17 @@ CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y CONFIG_PCI_OLPC=y CONFIG_PCI_DOMAINS=y -# CONFIG_PCIEPORTBUS is not set +CONFIG_PCIEPORTBUS=y +CONFIG_HOTPLUG_PCI_PCIE=y +CONFIG_PCIEAER=y +# CONFIG_PCIE_ECRC is not set +# CONFIG_PCIEAER_INJECT is not set +CONFIG_PCIEASPM=y +# CONFIG_PCIEASPM_DEBUG is not set +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y CONFIG_PCI_MSI=y # CONFIG_PCI_DEBUG is not set CONFIG_PCI_REALLOC_ENABLE_AUTO=y @@ -661,7 +674,7 @@ CONFIG_OLPC_XO1_PM=y CONFIG_OLPC_XO1_RTC=y CONFIG_OLPC_XO1_SCI=y CONFIG_OLPC_XO15_SCI=y -# CONFIG_ALIX is not set +CONFIG_ALIX=y # CONFIG_NET5501 is not set # CONFIG_GEOS is not set CONFIG_AMD_NB=y @@ -696,6 +709,7 @@ CONFIG_HOTPLUG_PCI_CPCI_ZT5550=m CONFIG_HOTPLUG_PCI_CPCI_GENERIC=m CONFIG_HOTPLUG_PCI_SHPC=m CONFIG_RAPIDIO=y +CONFIG_RAPIDIO_TSI721=y CONFIG_RAPIDIO_DISC_TIMEOUT=30 # CONFIG_RAPIDIO_ENABLE_RX_TX_PORTS is not set CONFIG_RAPIDIO_DMA_ENGINE=y @@ -791,7 +805,6 @@ CONFIG_DEFAULT_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y -CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y @@ -805,6 +818,7 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_INET6_XFRM_MODE_BEET=m CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m +CONFIG_IPV6_VTI=m CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y @@ -867,6 +881,17 @@ CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_SIP=m CONFIG_NF_NAT_TFTP=m CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=m +CONFIG_NFT_EXTHDR=m +CONFIG_NFT_META=m +CONFIG_NFT_CT=m +CONFIG_NFT_RBTREE=m +CONFIG_NFT_HASH=m +CONFIG_NFT_COUNTER=m +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_NAT=m +CONFIG_NFT_COMPAT=m CONFIG_NETFILTER_XTABLES=m # @@ -961,7 +986,9 @@ CONFIG_IP_SET_HASH_IP=m CONFIG_IP_SET_HASH_IPPORT=m CONFIG_IP_SET_HASH_IPPORTIP=m CONFIG_IP_SET_HASH_IPPORTNET=m +CONFIG_IP_SET_HASH_NETPORTNET=m CONFIG_IP_SET_HASH_NET=m +CONFIG_IP_SET_HASH_NETNET=m CONFIG_IP_SET_HASH_NETPORT=m CONFIG_IP_SET_HASH_NETIFACE=m CONFIG_IP_SET_LIST_SET=m @@ -1012,6 +1039,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m # CONFIG_NF_CONNTRACK_PROC_COMPAT is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m @@ -1044,6 +1076,9 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m +CONFIG_NF_TABLES_IPV6=m +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m @@ -1064,6 +1099,7 @@ CONFIG_IP6_NF_SECURITY=m CONFIG_NF_NAT_IPV6=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -1200,6 +1236,7 @@ CONFIG_NET_CLS_RSVP=m CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=y +CONFIG_NET_CLS_BPF=m # CONFIG_NET_EMATCH is not set CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=m @@ -1229,6 +1266,7 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m CONFIG_NETLINK_MMAP=y CONFIG_NETLINK_DIAG=m CONFIG_NET_MPLS_GSO=m +CONFIG_HSR=m CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1396,6 +1434,7 @@ CONFIG_WIMAX_DEBUG_LEVEL=8 CONFIG_RFKILL=m CONFIG_RFKILL_LEDS=y CONFIG_RFKILL_INPUT=y +CONFIG_RFKILL_GPIO=m CONFIG_NET_9P=m CONFIG_NET_9P_VIRTIO=m # CONFIG_NET_9P_DEBUG is not set @@ -1407,6 +1446,7 @@ CONFIG_CEPH_LIB=m # CONFIG_CEPH_LIB_PRETTYDEBUG is not set # CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set CONFIG_NFC=m +CONFIG_NFC_DIGITAL=m CONFIG_NFC_NCI=m # CONFIG_NFC_NCI_SPI is not set CONFIG_NFC_HCI=m @@ -1419,6 +1459,7 @@ CONFIG_NFC_PN533=m CONFIG_NFC_WILINK=m CONFIG_NFC_MEI_PHY=m CONFIG_NFC_SIM=m +CONFIG_NFC_PORT100=m CONFIG_NFC_PN544=m CONFIG_NFC_PN544_MEI=m CONFIG_NFC_MICROREAD=m @@ -1581,6 +1622,7 @@ CONFIG_OF_PCI=y CONFIG_OF_PCI_IRQ=y CONFIG_OF_MTD=y CONFIG_PARPORT=m +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set @@ -1600,10 +1642,10 @@ CONFIG_ISAPNP=y # CONFIG_PNPBIOS is not set CONFIG_PNPACPI=y CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set CONFIG_BLK_DEV_FD=m # CONFIG_PARIDE is not set CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m -CONFIG_BLK_CPQ_DA=m CONFIG_BLK_CPQ_CISS_DA=m # CONFIG_CISS_SCSI_TAPE is not set CONFIG_BLK_DEV_DAC960=m @@ -1698,6 +1740,14 @@ CONFIG_ALTERA_STAPL=m CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m CONFIG_VMWARE_VMCI=m + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# CONFIG_HAVE_IDE=y # CONFIG_IDE is not set @@ -1989,7 +2039,6 @@ CONFIG_MD_MULTIPATH=m CONFIG_MD_FAULTY=m CONFIG_BCACHE=m # CONFIG_BCACHE_DEBUG is not set -# CONFIG_BCACHE_EDEBUG is not set # CONFIG_BCACHE_CLOSURES_DEBUG is not set CONFIG_BLK_DEV_DM=m # CONFIG_DM_DEBUG is not set @@ -2004,8 +2053,8 @@ CONFIG_DM_CACHE=m CONFIG_DM_CACHE_MQ=m CONFIG_DM_CACHE_CLEANER=m CONFIG_DM_MIRROR=m -CONFIG_DM_RAID=m CONFIG_DM_LOG_USERSPACE=m +CONFIG_DM_RAID=m CONFIG_DM_ZERO=m CONFIG_DM_MULTIPATH=m CONFIG_DM_MULTIPATH_QL=m @@ -2400,6 +2449,7 @@ CONFIG_USB_NET_AX88179_178A=m CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m +CONFIG_USB_NET_HUAWEI_CDC_NCM=m CONFIG_USB_NET_CDC_MBIM=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SR9700=m @@ -2484,6 +2534,8 @@ CONFIG_ATH10K_PCI=m # CONFIG_ATH10K_DEBUG is not set CONFIG_ATH10K_DEBUGFS=y # CONFIG_ATH10K_TRACING is not set +CONFIG_WCN36XX=m +# CONFIG_WCN36XX_DEBUGFS is not set CONFIG_B43=m CONFIG_B43_BCMA=y CONFIG_B43_SSB=y @@ -2584,6 +2636,7 @@ CONFIG_RT2800USB_RT53XX=y CONFIG_RT2800USB_RT55XX=y CONFIG_RT2800USB_UNKNOWN=y CONFIG_RT2800_LIB=m +CONFIG_RT2800_LIB_MMIO=m CONFIG_RT2X00_LIB_MMIO=m CONFIG_RT2X00_LIB_PCI=m CONFIG_RT2X00_LIB_USB=m @@ -2797,7 +2850,7 @@ CONFIG_INPUT_MATRIXKMAP=m # # Userland interfaces # -CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV=m CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 @@ -2811,7 +2864,7 @@ CONFIG_INPUT_EVDEV=m CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ADP5588=m CONFIG_KEYBOARD_ADP5589=m -CONFIG_KEYBOARD_ATKBD=y +CONFIG_KEYBOARD_ATKBD=m CONFIG_KEYBOARD_QT1070=m CONFIG_KEYBOARD_QT2160=m # CONFIG_KEYBOARD_LKKBD is not set @@ -2842,7 +2895,7 @@ CONFIG_MOUSE_PS2_ELANTECH=y CONFIG_MOUSE_PS2_SENTELIC=y # CONFIG_MOUSE_PS2_TOUCHKIT is not set CONFIG_MOUSE_PS2_OLPC=y -CONFIG_MOUSE_SERIAL=y +CONFIG_MOUSE_SERIAL=m CONFIG_MOUSE_APPLETOUCH=m CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_CYAPA=m @@ -2961,7 +3014,9 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m # CONFIG_TOUCHSCREEN_TSC2005 is not set CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_ST1232=m +CONFIG_TOUCHSCREEN_SUR40=m CONFIG_TOUCHSCREEN_TPS6507X=m +CONFIG_TOUCHSCREEN_ZFORCE=m CONFIG_INPUT_MISC=y CONFIG_INPUT_AD714X=m CONFIG_INPUT_AD714X_I2C=m @@ -2987,7 +3042,6 @@ CONFIG_INPUT_RETU_PWRBUTTON=m CONFIG_INPUT_UINPUT=m CONFIG_INPUT_PCF50633_PMU=m CONFIG_INPUT_PCF8574=m -# CONFIG_INPUT_PWM_BEEPER is not set CONFIG_INPUT_GPIO_ROTARY_ENCODER=m CONFIG_INPUT_ADXL34X=m CONFIG_INPUT_ADXL34X_I2C=m @@ -3000,19 +3054,20 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m # # Hardware I/O ports # -CONFIG_SERIO=y -CONFIG_SERIO_I8042=y +CONFIG_SERIO=m +CONFIG_SERIO_I8042=m CONFIG_SERIO_SERPORT=m CONFIG_SERIO_CT82C710=m CONFIG_SERIO_PARKBD=m CONFIG_SERIO_PCIPS2=m -CONFIG_SERIO_LIBPS2=y +CONFIG_SERIO_LIBPS2=m CONFIG_SERIO_RAW=m CONFIG_SERIO_ALTERA_PS2=m CONFIG_SERIO_PS2MULT=m CONFIG_SERIO_ARC_PS2=m CONFIG_SERIO_APBPS2=m CONFIG_SERIO_OLPC_APSP=m +CONFIG_HYPERV_KEYBOARD=m CONFIG_GAMEPORT=m CONFIG_GAMEPORT_NS558=m CONFIG_GAMEPORT_L4=m @@ -3089,7 +3144,6 @@ CONFIG_SERIAL_ARC_NR_PORTS=1 CONFIG_SERIAL_RP2=m CONFIG_SERIAL_RP2_NR_UARTS=32 CONFIG_SERIAL_FSL_LPUART=m -CONFIG_SERIAL_ST_ASC=m CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set CONFIG_PPDEV=m @@ -3128,10 +3182,13 @@ CONFIG_NSC_GPIO=m # CONFIG_RAW_DRIVER is not set CONFIG_HPET=y CONFIG_HPET_MMAP=y +CONFIG_HPET_MMAP_DEFAULT=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS=m +CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m +CONFIG_TCG_TIS_I2C_NUVOTON=m CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m @@ -3233,7 +3290,6 @@ CONFIG_SPI_MASTER=y # CONFIG_SPI_GPIO is not set # CONFIG_SPI_LM70_LLP is not set # CONFIG_SPI_FSL_SPI is not set -# CONFIG_SPI_FSL_DSPI is not set # CONFIG_SPI_OC_TINY is not set # CONFIG_SPI_PXA2XX is not set # CONFIG_SPI_PXA2XX_PCI is not set @@ -3275,8 +3331,8 @@ CONFIG_PTP_1588_CLOCK=m CONFIG_DP83640_PHY=m CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y -CONFIG_GPIO_DEVRES=y CONFIG_GPIOLIB=y +CONFIG_GPIO_DEVRES=y CONFIG_OF_GPIO=y CONFIG_GPIO_ACPI=y # CONFIG_DEBUG_GPIO is not set @@ -3311,7 +3367,7 @@ CONFIG_GPIO_ARIZONA=m # CONFIG_GPIO_CS5535=y CONFIG_GPIO_AMD8111=m -# CONFIG_GPIO_LANGWELL is not set +# CONFIG_GPIO_INTEL_MID is not set # CONFIG_GPIO_PCH is not set # CONFIG_GPIO_ML_IOH is not set # CONFIG_GPIO_SODAVILLE is not set @@ -3328,7 +3384,7 @@ CONFIG_GPIO_AMD8111=m # # AC97 GPIO expanders: # -CONFIG_GPIO_UCB1400=y +CONFIG_GPIO_UCB1400=m # # LPC GPIO expanders: @@ -3337,6 +3393,7 @@ CONFIG_GPIO_UCB1400=y # # MODULbus GPIO expanders: # +# CONFIG_GPIO_BCM_KONA is not set # # USB GPIO expanders: @@ -3362,6 +3419,7 @@ CONFIG_BATTERY_OLPC=m # CONFIG_CHARGER_GPIO is not set # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_BQ24190 is not set +CONFIG_CHARGER_BQ24735=m # CONFIG_CHARGER_SMB347 is not set CONFIG_POWER_RESET=y CONFIG_POWER_RESET_GPIO=y @@ -4093,7 +4151,7 @@ CONFIG_VIDEO_UPD64031A=m CONFIG_VIDEO_UPD64083=m # -# Miscelaneous helper chips +# Miscellaneous helper chips # CONFIG_VIDEO_M52790=m @@ -4169,6 +4227,7 @@ CONFIG_DVB_TUNER_CX24113=m CONFIG_DVB_TDA826X=m CONFIG_DVB_TUA6100=m CONFIG_DVB_CX24116=m +CONFIG_DVB_CX24117=m CONFIG_DVB_SI21XX=m CONFIG_DVB_TS2020=m CONFIG_DVB_DS3000=m @@ -4280,6 +4339,7 @@ CONFIG_VGA_SWITCHEROO=y CONFIG_DRM=m CONFIG_DRM_USB=m CONFIG_DRM_KMS_HELPER=m +CONFIG_DRM_KMS_FB_HELPER=y CONFIG_DRM_LOAD_EDID_FIRMWARE=y CONFIG_DRM_TTM=m @@ -4299,6 +4359,7 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y CONFIG_DRM_I915=m CONFIG_DRM_I915_KMS=y +CONFIG_DRM_I915_FBDEV=y # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set CONFIG_DRM_MGA=m CONFIG_DRM_SIS=m @@ -4417,7 +4478,7 @@ CONFIG_BACKLIGHT_APPLE=m # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set CONFIG_BACKLIGHT_PCF50633=m -# CONFIG_BACKLIGHT_LM3630 is not set +CONFIG_BACKLIGHT_LM3630A=m # CONFIG_BACKLIGHT_LM3639 is not set # CONFIG_BACKLIGHT_LP855X is not set # CONFIG_BACKLIGHT_OT200 is not set @@ -4636,6 +4697,7 @@ CONFIG_SND_USB_6FIRE=m CONFIG_SND_USB_HIFACE=m CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_LIB=m +CONFIG_SND_DICE=m CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m @@ -4713,6 +4775,7 @@ CONFIG_HID_ROCCAT=m CONFIG_HID_SAITEK=m CONFIG_HID_SAMSUNG=m CONFIG_HID_SONY=m +CONFIG_SONY_FF=y CONFIG_HID_SPEEDLINK=m CONFIG_HID_STEELSERIES=m CONFIG_HID_SUNPLUS=m @@ -4945,7 +5008,6 @@ CONFIG_USB_XUSBATM=m # CONFIG_USB_PHY=y CONFIG_NOP_USB_XCEIV=m -# CONFIG_AM335X_PHY_USB is not set CONFIG_SAMSUNG_USBPHY=m CONFIG_SAMSUNG_USB2PHY=m CONFIG_SAMSUNG_USB3PHY=m @@ -4988,6 +5050,7 @@ CONFIG_USB_F_NCM=m CONFIG_USB_F_ECM=m CONFIG_USB_F_SUBSET=m CONFIG_USB_F_RNDIS=m +CONFIG_USB_F_MASS_STORAGE=m # CONFIG_USB_CONFIGFS is not set # CONFIG_USB_ZERO is not set CONFIG_USB_AUDIO=m @@ -5087,6 +5150,7 @@ CONFIG_LEDS_LP5562=m CONFIG_LEDS_CLEVO_MAIL=m CONFIG_LEDS_PCA955X=m # CONFIG_LEDS_PCA963X is not set +CONFIG_LEDS_PCA9685=m # CONFIG_LEDS_DAC124S085 is not set # CONFIG_LEDS_PWM is not set CONFIG_LEDS_BD2802=m @@ -5248,6 +5312,7 @@ CONFIG_DMA_OF=y # CONFIG_ASYNC_TX_DMA=y # CONFIG_DMATEST is not set +CONFIG_DMA_ENGINE_RAID=y CONFIG_DCA=m CONFIG_AUXDISPLAY=y CONFIG_KS0108=m @@ -5548,7 +5613,6 @@ CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m CONFIG_ASUS_LAPTOP=m -CONFIG_CHROMEOS_LAPTOP=m CONFIG_DELL_LAPTOP=m CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m @@ -5596,6 +5660,8 @@ CONFIG_APPLE_GMUX=m CONFIG_INTEL_RST=y CONFIG_INTEL_SMARTCONNECT=y CONFIG_PVPANIC=m +CONFIG_CHROME_PLATFORMS=y +CONFIG_CHROMEOS_LAPTOP=m # # Hardware Spinlock drivers @@ -5648,6 +5714,15 @@ CONFIG_FMC_TRIVIAL=m CONFIG_FMC_WRITE_EEPROM=m CONFIG_FMC_CHARDEV=m +# +# PHY Subsystem +# +CONFIG_GENERIC_PHY=m +CONFIG_PHY_EXYNOS_MIPI_VIDEO=m +CONFIG_PHY_EXYNOS_DP_VIDEO=m +CONFIG_POWERCAP=y +CONFIG_INTEL_RAPL=m + # # Firmware Drivers # @@ -5666,6 +5741,7 @@ CONFIG_ISCSI_IBFT=m # EFI (Extensible Firmware Interface) Support # # CONFIG_EFI_VARS is not set +CONFIG_UEFI_CPER=y # # File systems @@ -5798,9 +5874,7 @@ CONFIG_JFFS2_FS_DEBUG=0 CONFIG_JFFS2_FS_WRITEBUFFER=y # CONFIG_JFFS2_FS_WBUF_VERIFY is not set # CONFIG_JFFS2_SUMMARY is not set -CONFIG_JFFS2_FS_XATTR=y -CONFIG_JFFS2_FS_POSIX_ACL=y -CONFIG_JFFS2_FS_SECURITY=y +# CONFIG_JFFS2_FS_XATTR is not set # CONFIG_JFFS2_COMPRESSION_OPTIONS is not set CONFIG_JFFS2_ZLIB=y # CONFIG_JFFS2_LZO is not set @@ -5813,6 +5887,11 @@ CONFIG_UBIFS_FS_ZLIB=y CONFIG_LOGFS=m CONFIG_CRAMFS=m CONFIG_SQUASHFS=m +# CONFIG_SQUASHFS_FILE_CACHE is not set +CONFIG_SQUASHFS_FILE_DIRECT=y +# CONFIG_SQUASHFS_DECOMP_SINGLE is not set +# CONFIG_SQUASHFS_DECOMP_MULTI is not set +CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_LZO=y @@ -5842,6 +5921,7 @@ CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y +CONFIG_F2FS_CHECK_FS=y CONFIG_EFIVAR_FS=y CONFIG_ORE=m CONFIG_NETWORK_FILESYSTEMS=y @@ -5857,6 +5937,7 @@ CONFIG_PNFS_FILE_LAYOUT=m CONFIG_PNFS_BLOCK=m CONFIG_PNFS_OBJLAYOUT=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org" +CONFIG_NFS_V4_1_MIGRATION=y CONFIG_NFS_V4_SECURITY_LABEL=y CONFIG_NFS_FSCACHE=y # CONFIG_NFS_USE_LEGACY_DNS is not set @@ -5994,6 +6075,7 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_FRAME_POINTER=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 CONFIG_DEBUG_KERNEL=y # @@ -6130,6 +6212,7 @@ CONFIG_LKDTM=m # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_RBTREE_TEST is not set # CONFIG_INTERVAL_TREE_TEST is not set +CONFIG_PERCPU_TEST=m # CONFIG_ATOMIC64_SELFTEST is not set CONFIG_ASYNC_RAID6_TEST=m # CONFIG_TEST_STRING_HELPERS is not set @@ -6144,6 +6227,7 @@ CONFIG_STRICT_DEVMEM=y CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set +CONFIG_EARLY_PRINTK_EFI=y # CONFIG_X86_PTDUMP is not set CONFIG_DEBUG_RODATA=y # CONFIG_DEBUG_RODATA_TEST is not set @@ -6253,6 +6337,7 @@ CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODHARDEN=y CONFIG_GRKERNSEC_HIDESYM=y +# CONFIG_GRKERNSEC_RANDSTRUCT is not set CONFIG_GRKERNSEC_KERN_LOCKOUT=y # @@ -6355,6 +6440,8 @@ CONFIG_GRKERNSEC_SYSCTL_ON=y CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=6 CONFIG_KEYS=y +CONFIG_PERSISTENT_KEYRINGS=y +CONFIG_BIG_KEYS=y CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEYS_DEBUG_PROC_KEYS is not set @@ -6365,8 +6452,16 @@ CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set -# CONFIG_SECURITY_SELINUX is not set -# CONFIG_SECURITY_SMACK is not set +CONFIG_LSM_MMAP_MIN_ADDR=65536 +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 +# CONFIG_SECURITY_SELINUX_DISABLE is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set +CONFIG_SECURITY_SMACK=y CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 @@ -6379,6 +6474,8 @@ CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_YAMA_STACKED=y # CONFIG_IMA is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set # CONFIG_DEFAULT_SECURITY_YAMA is not set @@ -6419,7 +6516,7 @@ CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_TEST=m -CONFIG_CRYPTO_ABLK_HELPER_X86=m +CONFIG_CRYPTO_ABLK_HELPER=m CONFIG_CRYPTO_GLUE_HELPER_X86=m # @@ -6513,6 +6610,7 @@ CONFIG_CRYPTO_ANSI_CPRNG=m CONFIG_CRYPTO_USER_API=m CONFIG_CRYPTO_USER_API_HASH=m CONFIG_CRYPTO_USER_API_SKCIPHER=m +CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_HW=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m @@ -6533,6 +6631,7 @@ CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y +CONFIG_KVM_VFIO=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_INTEL=m @@ -6569,6 +6668,7 @@ CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m CONFIG_AUDIT_GENERIC=y +# CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_LZO_COMPRESS=y @@ -6602,6 +6702,7 @@ CONFIG_TEXTSEARCH_KMP=m CONFIG_TEXTSEARCH_BM=m CONFIG_TEXTSEARCH_FSM=m CONFIG_BTREE=y +CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y diff --git a/kernels/linux-libre-grsec/config.x86_64 b/kernels/linux-libre-grsec/config.x86_64 index 31b5c76ac..0269c67cc 100644 --- a/kernels/linux-libre-grsec/config.x86_64 +++ b/kernels/linux-libre-grsec/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.12.7-1 Kernel Configuration +# Linux/x86 3.13.0 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -39,7 +39,6 @@ CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_64_SMP=y CONFIG_X86_HT=y CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" -CONFIG_ARCH_CPU_PROBE_RELEASE=y CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" CONFIG_IRQ_WORK=y @@ -76,7 +75,6 @@ CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y -CONFIG_AUDIT_LOGINUID_IMMUTABLE=y # # IRQ subsystem @@ -143,6 +141,7 @@ CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=19 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y CONFIG_ARCH_USES_NUMA_PROT_NONE=y CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y @@ -167,6 +166,7 @@ CONFIG_CFS_BANDWIDTH=y CONFIG_RT_GROUP_SCHED=y CONFIG_BLK_CGROUP=y # CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CHECKPOINT_RESTORE=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y @@ -246,7 +246,6 @@ CONFIG_HAVE_OPTPROBES=y CONFIG_HAVE_KPROBES_ON_FTRACE=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_HAVE_DMA_ATTRS=y -CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y @@ -266,10 +265,12 @@ CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y CONFIG_HAVE_ARCH_SOFT_DIRTY=y CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y CONFIG_OLD_SIGSUSPEND3=y CONFIG_COMPAT_OLD_SIGACTION=y @@ -281,6 +282,7 @@ CONFIG_COMPAT_OLD_SIGACTION=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -412,6 +414,7 @@ CONFIG_MICROCODE=m # CONFIG_MICROCODE_INTEL is not set # CONFIG_MICROCODE_AMD is not set CONFIG_MICROCODE_OLD_INTERFACE=y +CONFIG_X86_MSR=m CONFIG_X86_CPUID=m CONFIG_ARCH_PHYS_ADDR_T_64BIT=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y @@ -426,6 +429,7 @@ CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SPARSEMEM_DEFAULT=y CONFIG_ARCH_SELECT_MEMORY_MODEL=y CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 CONFIG_SELECT_MEMORY_MODEL=y CONFIG_SPARSEMEM_MANUAL=y @@ -447,6 +451,7 @@ CONFIG_MEMORY_HOTPLUG_SPARSE=y CONFIG_MEMORY_HOTREMOVE=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y CONFIG_BALLOON_COMPACTION=y CONFIG_COMPACTION=y CONFIG_MIGRATION=y @@ -459,6 +464,7 @@ CONFIG_KSM=y CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y CONFIG_MEMORY_FAILURE=y +CONFIG_HWPOISON_INJECT=m CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set @@ -468,6 +474,7 @@ CONFIG_FRONTSWAP=y # CONFIG_CMA is not set CONFIG_ZBUD=y CONFIG_ZSWAP=y +CONFIG_MEM_SOFT_DIRTY=y CONFIG_X86_CHECK_BIOS_CORRUPTION=y CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y CONFIG_X86_RESERVE_LOW=64 @@ -489,13 +496,16 @@ CONFIG_HZ_300=y # CONFIG_HZ_1000 is not set CONFIG_HZ=300 CONFIG_SCHED_HRTICK=y +CONFIG_KEXEC=y # CONFIG_CRASH_DUMP is not set +CONFIG_KEXEC_JUMP=y CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set # CONFIG_DEBUG_HOTPLUG_CPU0 is not set +# CONFIG_COMPAT_VDSO is not set # CONFIG_CMDLINE_BOOL is not set CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y @@ -504,9 +514,12 @@ CONFIG_USE_PERCPU_NUMA_NODE_ID=y # # Power management and ACPI options # +CONFIG_ARCH_HIBERNATION_HEADER=y CONFIG_SUSPEND=y CONFIG_SUSPEND_FREEZER=y CONFIG_HIBERNATE_CALLBACKS=y +CONFIG_HIBERNATION=y +CONFIG_PM_STD_PARTITION="" CONFIG_PM_SLEEP=y CONFIG_PM_SLEEP_SMP=y CONFIG_PM_AUTOSLEEP=y @@ -519,13 +532,13 @@ CONFIG_PM_DEBUG=y CONFIG_PM_ADVANCED_DEBUG=y # CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_SLEEP_DEBUG=y +# CONFIG_DPM_WATCHDOG is not set CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y # CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set CONFIG_ACPI=y CONFIG_ACPI_SLEEP=y # CONFIG_ACPI_PROCFS is not set -# CONFIG_ACPI_PROCFS_POWER is not set CONFIG_ACPI_EC_DEBUGFS=m CONFIG_ACPI_AC=m CONFIG_ACPI_BATTERY=m @@ -541,7 +554,6 @@ CONFIG_ACPI_THERMAL=m CONFIG_ACPI_NUMA=y # CONFIG_ACPI_CUSTOM_DSDT is not set CONFIG_ACPI_INITRD_TABLE_OVERRIDE=y -CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=y CONFIG_X86_PM_TIMER=y @@ -553,16 +565,17 @@ CONFIG_ACPI_CUSTOM_METHOD=m CONFIG_ACPI_BGRT=y CONFIG_ACPI_APEI=y CONFIG_ACPI_APEI_GHES=y +CONFIG_ACPI_APEI_PCIEAER=y CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_EINJ=m CONFIG_ACPI_APEI_ERST_DEBUG=m +CONFIG_ACPI_EXTLOG=m CONFIG_SFI=y # # CPU Frequency scaling # CONFIG_CPU_FREQ=y -CONFIG_CPU_FREQ_TABLE=y CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=m CONFIG_CPU_FREQ_STAT_DETAILS=y @@ -617,7 +630,17 @@ CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y CONFIG_PCI_XEN=y CONFIG_PCI_DOMAINS=y -# CONFIG_PCIEPORTBUS is not set +CONFIG_PCIEPORTBUS=y +CONFIG_HOTPLUG_PCI_PCIE=y +CONFIG_PCIEAER=y +# CONFIG_PCIE_ECRC is not set +# CONFIG_PCIEAER_INJECT is not set +CONFIG_PCIEASPM=y +# CONFIG_PCIEASPM_DEBUG is not set +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y CONFIG_PCI_MSI=y # CONFIG_PCI_DEBUG is not set CONFIG_PCI_REALLOC_ENABLE_AUTO=y @@ -661,6 +684,7 @@ CONFIG_HOTPLUG_PCI_CPCI_ZT5550=m CONFIG_HOTPLUG_PCI_CPCI_GENERIC=m CONFIG_HOTPLUG_PCI_SHPC=m CONFIG_RAPIDIO=y +CONFIG_RAPIDIO_TSI721=y CONFIG_RAPIDIO_DISC_TIMEOUT=30 # CONFIG_RAPIDIO_ENABLE_RX_TX_PORTS is not set CONFIG_RAPIDIO_DMA_ENGINE=y @@ -764,7 +788,6 @@ CONFIG_DEFAULT_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set CONFIG_IPV6=y -CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y @@ -778,6 +801,7 @@ CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_INET6_XFRM_MODE_BEET=m CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m +CONFIG_IPV6_VTI=m CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y @@ -840,6 +864,17 @@ CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_SIP=m CONFIG_NF_NAT_TFTP=m CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=m +CONFIG_NFT_EXTHDR=m +CONFIG_NFT_META=m +CONFIG_NFT_CT=m +CONFIG_NFT_RBTREE=m +CONFIG_NFT_HASH=m +CONFIG_NFT_COUNTER=m +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_NAT=m +CONFIG_NFT_COMPAT=m CONFIG_NETFILTER_XTABLES=m # @@ -934,7 +969,9 @@ CONFIG_IP_SET_HASH_IP=m CONFIG_IP_SET_HASH_IPPORT=m CONFIG_IP_SET_HASH_IPPORTIP=m CONFIG_IP_SET_HASH_IPPORTNET=m +CONFIG_IP_SET_HASH_NETPORTNET=m CONFIG_IP_SET_HASH_NET=m +CONFIG_IP_SET_HASH_NETNET=m CONFIG_IP_SET_HASH_NETPORT=m CONFIG_IP_SET_HASH_NETIFACE=m CONFIG_IP_SET_LIST_SET=m @@ -985,6 +1022,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m # CONFIG_NF_CONNTRACK_PROC_COMPAT is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m @@ -1017,6 +1059,9 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m +CONFIG_NF_TABLES_IPV6=m +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m @@ -1037,6 +1082,7 @@ CONFIG_IP6_NF_SECURITY=m CONFIG_NF_NAT_IPV6=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -1169,6 +1215,7 @@ CONFIG_NET_CLS_RSVP=m CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=y +CONFIG_NET_CLS_BPF=m # CONFIG_NET_EMATCH is not set CONFIG_NET_CLS_ACT=y CONFIG_NET_ACT_POLICE=m @@ -1198,6 +1245,7 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m CONFIG_NETLINK_MMAP=y CONFIG_NETLINK_DIAG=m CONFIG_NET_MPLS_GSO=m +CONFIG_HSR=m CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1361,6 +1409,7 @@ CONFIG_WIMAX_DEBUG_LEVEL=8 CONFIG_RFKILL=m CONFIG_RFKILL_LEDS=y CONFIG_RFKILL_INPUT=y +CONFIG_RFKILL_GPIO=m CONFIG_NET_9P=m CONFIG_NET_9P_VIRTIO=m # CONFIG_NET_9P_DEBUG is not set @@ -1372,6 +1421,7 @@ CONFIG_CEPH_LIB=m # CONFIG_CEPH_LIB_PRETTYDEBUG is not set # CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set CONFIG_NFC=m +CONFIG_NFC_DIGITAL=m CONFIG_NFC_NCI=m # CONFIG_NFC_NCI_SPI is not set CONFIG_NFC_HCI=m @@ -1384,6 +1434,7 @@ CONFIG_NFC_PN533=m CONFIG_NFC_WILINK=m CONFIG_NFC_MEI_PHY=m CONFIG_NFC_SIM=m +CONFIG_NFC_PORT100=m CONFIG_NFC_PN544=m CONFIG_NFC_PN544_MEI=m CONFIG_NFC_MICROREAD=m @@ -1530,6 +1581,7 @@ CONFIG_MTD_UBI_BEB_LIMIT=20 # CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set CONFIG_PARPORT=m +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set @@ -1547,10 +1599,10 @@ CONFIG_PNP=y # CONFIG_PNPACPI=y CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set CONFIG_BLK_DEV_FD=m # CONFIG_PARIDE is not set CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m -CONFIG_BLK_CPQ_DA=m CONFIG_BLK_CPQ_CISS_DA=m # CONFIG_CISS_SCSI_TAPE is not set CONFIG_BLK_DEV_DAC960=m @@ -1563,6 +1615,7 @@ CONFIG_BLK_DEV_DRBD=m # CONFIG_DRBD_FAULT_INJECTION is not set CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_NVME=m +CONFIG_BLK_DEV_SKD=m CONFIG_BLK_DEV_OSD=m CONFIG_BLK_DEV_SX8=m CONFIG_BLK_DEV_RAM=m @@ -1647,6 +1700,16 @@ CONFIG_ALTERA_STAPL=m CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m CONFIG_VMWARE_VMCI=m + +# +# Intel MIC Host Driver +# +CONFIG_INTEL_MIC_HOST=m + +# +# Intel MIC Card Driver +# +CONFIG_INTEL_MIC_CARD=m CONFIG_HAVE_IDE=y # CONFIG_IDE is not set @@ -1914,7 +1977,6 @@ CONFIG_MD_MULTIPATH=m CONFIG_MD_FAULTY=m CONFIG_BCACHE=m # CONFIG_BCACHE_DEBUG is not set -# CONFIG_BCACHE_EDEBUG is not set # CONFIG_BCACHE_CLOSURES_DEBUG is not set CONFIG_BLK_DEV_DM=m # CONFIG_DM_DEBUG is not set @@ -1929,8 +1991,8 @@ CONFIG_DM_CACHE=m CONFIG_DM_CACHE_MQ=m CONFIG_DM_CACHE_CLEANER=m CONFIG_DM_MIRROR=m -CONFIG_DM_RAID=m CONFIG_DM_LOG_USERSPACE=m +CONFIG_DM_RAID=m CONFIG_DM_ZERO=m CONFIG_DM_MULTIPATH=m CONFIG_DM_MULTIPATH_QL=m @@ -2311,6 +2373,7 @@ CONFIG_USB_NET_AX88179_178A=m CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m +CONFIG_USB_NET_HUAWEI_CDC_NCM=m CONFIG_USB_NET_CDC_MBIM=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SR9700=m @@ -2395,6 +2458,8 @@ CONFIG_ATH10K_PCI=m # CONFIG_ATH10K_DEBUG is not set CONFIG_ATH10K_DEBUGFS=y # CONFIG_ATH10K_TRACING is not set +CONFIG_WCN36XX=m +# CONFIG_WCN36XX_DEBUGFS is not set CONFIG_B43=m CONFIG_B43_BCMA=y CONFIG_B43_SSB=y @@ -2495,6 +2560,7 @@ CONFIG_RT2800USB_RT53XX=y CONFIG_RT2800USB_RT55XX=y CONFIG_RT2800USB_UNKNOWN=y CONFIG_RT2800_LIB=m +CONFIG_RT2800_LIB_MMIO=m CONFIG_RT2X00_LIB_MMIO=m CONFIG_RT2X00_LIB_PCI=m CONFIG_RT2X00_LIB_USB=m @@ -2694,7 +2760,7 @@ CONFIG_INPUT_MATRIXKMAP=m # # Userland interfaces # -CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV=m CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 @@ -2708,7 +2774,7 @@ CONFIG_INPUT_EVDEV=m CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ADP5588=m CONFIG_KEYBOARD_ADP5589=m -CONFIG_KEYBOARD_ATKBD=y +CONFIG_KEYBOARD_ATKBD=m CONFIG_KEYBOARD_QT1070=m CONFIG_KEYBOARD_QT2160=m # CONFIG_KEYBOARD_LKKBD is not set @@ -2737,8 +2803,8 @@ CONFIG_MOUSE_PS2_LIFEBOOK=y CONFIG_MOUSE_PS2_TRACKPOINT=y CONFIG_MOUSE_PS2_ELANTECH=y CONFIG_MOUSE_PS2_SENTELIC=y -# CONFIG_MOUSE_PS2_TOUCHKIT is not set -CONFIG_MOUSE_SERIAL=y +CONFIG_MOUSE_PS2_TOUCHKIT=y +CONFIG_MOUSE_SERIAL=m CONFIG_MOUSE_APPLETOUCH=m CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_CYAPA=m @@ -2851,7 +2917,9 @@ CONFIG_TOUCHSCREEN_TSC_SERIO=m # CONFIG_TOUCHSCREEN_TSC2005 is not set CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_ST1232=m +CONFIG_TOUCHSCREEN_SUR40=m CONFIG_TOUCHSCREEN_TPS6507X=m +CONFIG_TOUCHSCREEN_ZFORCE=m CONFIG_INPUT_MISC=y CONFIG_INPUT_AD714X=m CONFIG_INPUT_AD714X_I2C=m @@ -2889,17 +2957,18 @@ CONFIG_INPUT_IDEAPAD_SLIDEBAR=m # # Hardware I/O ports # -CONFIG_SERIO=y -CONFIG_SERIO_I8042=y +CONFIG_SERIO=m +CONFIG_SERIO_I8042=m CONFIG_SERIO_SERPORT=m CONFIG_SERIO_CT82C710=m CONFIG_SERIO_PARKBD=m CONFIG_SERIO_PCIPS2=m -CONFIG_SERIO_LIBPS2=y +CONFIG_SERIO_LIBPS2=m CONFIG_SERIO_RAW=m CONFIG_SERIO_ALTERA_PS2=m CONFIG_SERIO_PS2MULT=m CONFIG_SERIO_ARC_PS2=m +CONFIG_HYPERV_KEYBOARD=m CONFIG_GAMEPORT=m CONFIG_GAMEPORT_NS558=m CONFIG_GAMEPORT_L4=m @@ -2934,6 +3003,7 @@ CONFIG_N_HDLC=m CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -2973,7 +3043,6 @@ CONFIG_SERIAL_ARC_NR_PORTS=1 CONFIG_SERIAL_RP2=m CONFIG_SERIAL_RP2_NR_UARTS=32 CONFIG_SERIAL_FSL_LPUART=m -CONFIG_SERIAL_ST_ASC=m CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set CONFIG_PPDEV=m @@ -3010,16 +3079,20 @@ CONFIG_MWAVE=m # CONFIG_RAW_DRIVER is not set CONFIG_HPET=y CONFIG_HPET_MMAP=y +CONFIG_HPET_MMAP_DEFAULT=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS=m +CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m +CONFIG_TCG_TIS_I2C_NUVOTON=m CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m CONFIG_TCG_ST33_I2C=m # CONFIG_TCG_XEN is not set CONFIG_TELCLOCK=m +CONFIG_DEVPORT=y CONFIG_I2C=m CONFIG_I2C_BOARDINFO=y CONFIG_I2C_COMPAT=y @@ -3110,7 +3183,6 @@ CONFIG_SPI_MASTER=y # CONFIG_SPI_BUTTERFLY is not set # CONFIG_SPI_GPIO is not set # CONFIG_SPI_LM70_LLP is not set -# CONFIG_SPI_FSL_DSPI is not set # CONFIG_SPI_OC_TINY is not set CONFIG_SPI_PXA2XX_DMA=y CONFIG_SPI_PXA2XX=m @@ -3153,8 +3225,8 @@ CONFIG_PTP_1588_CLOCK=m CONFIG_DP83640_PHY=m CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y -CONFIG_GPIO_DEVRES=y CONFIG_GPIOLIB=y +CONFIG_GPIO_DEVRES=y CONFIG_GPIO_ACPI=y # CONFIG_DEBUG_GPIO is not set CONFIG_GPIO_SYSFS=y @@ -3186,7 +3258,7 @@ CONFIG_GPIO_ARIZONA=m # CONFIG_GPIO_CS5535=m CONFIG_GPIO_AMD8111=m -CONFIG_GPIO_LANGWELL=y +# CONFIG_GPIO_INTEL_MID is not set # CONFIG_GPIO_PCH is not set # CONFIG_GPIO_ML_IOH is not set # CONFIG_GPIO_RDC321X is not set @@ -3202,7 +3274,7 @@ CONFIG_GPIO_LANGWELL=y # # AC97 GPIO expanders: # -CONFIG_GPIO_UCB1400=y +CONFIG_GPIO_UCB1400=m # # LPC GPIO expanders: @@ -3235,6 +3307,7 @@ CONFIG_TEST_POWER=m # CONFIG_CHARGER_GPIO is not set # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_BQ24190 is not set +CONFIG_CHARGER_BQ24735=m # CONFIG_CHARGER_SMB347 is not set CONFIG_POWER_RESET=y CONFIG_POWER_AVS=y @@ -3957,7 +4030,7 @@ CONFIG_VIDEO_UPD64031A=m CONFIG_VIDEO_UPD64083=m # -# Miscelaneous helper chips +# Miscellaneous helper chips # CONFIG_VIDEO_M52790=m @@ -4033,6 +4106,7 @@ CONFIG_DVB_TUNER_CX24113=m CONFIG_DVB_TDA826X=m CONFIG_DVB_TUA6100=m CONFIG_DVB_CX24116=m +CONFIG_DVB_CX24117=m CONFIG_DVB_SI21XX=m CONFIG_DVB_TS2020=m CONFIG_DVB_DS3000=m @@ -4138,6 +4212,7 @@ CONFIG_VGA_SWITCHEROO=y CONFIG_DRM=m CONFIG_DRM_USB=m CONFIG_DRM_KMS_HELPER=m +CONFIG_DRM_KMS_FB_HELPER=y CONFIG_DRM_LOAD_EDID_FIRMWARE=y CONFIG_DRM_TTM=m @@ -4157,6 +4232,7 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y CONFIG_DRM_I915=m CONFIG_DRM_I915_KMS=y +CONFIG_DRM_I915_FBDEV=y # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set CONFIG_DRM_MGA=m CONFIG_DRM_SIS=m @@ -4271,7 +4347,7 @@ CONFIG_BACKLIGHT_APPLE=m # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set CONFIG_BACKLIGHT_PCF50633=m -# CONFIG_BACKLIGHT_LM3630 is not set +CONFIG_BACKLIGHT_LM3630A=m # CONFIG_BACKLIGHT_LM3639 is not set # CONFIG_BACKLIGHT_LP855X is not set # CONFIG_BACKLIGHT_OT200 is not set @@ -4450,6 +4526,7 @@ CONFIG_SND_USB_6FIRE=m CONFIG_SND_USB_HIFACE=m CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_LIB=m +CONFIG_SND_DICE=m CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m @@ -4527,6 +4604,7 @@ CONFIG_HID_ROCCAT=m CONFIG_HID_SAITEK=m CONFIG_HID_SAMSUNG=m CONFIG_HID_SONY=m +CONFIG_SONY_FF=y CONFIG_HID_SPEEDLINK=m CONFIG_HID_STEELSERIES=m CONFIG_HID_SUNPLUS=m @@ -4757,7 +4835,6 @@ CONFIG_USB_XUSBATM=m # CONFIG_USB_PHY=y CONFIG_NOP_USB_XCEIV=m -# CONFIG_AM335X_PHY_USB is not set CONFIG_SAMSUNG_USBPHY=m CONFIG_SAMSUNG_USB2PHY=m CONFIG_SAMSUNG_USB3PHY=m @@ -4799,6 +4876,7 @@ CONFIG_USB_F_NCM=m CONFIG_USB_F_ECM=m CONFIG_USB_F_SUBSET=m CONFIG_USB_F_RNDIS=m +CONFIG_USB_F_MASS_STORAGE=m # CONFIG_USB_CONFIGFS is not set # CONFIG_USB_ZERO is not set CONFIG_USB_AUDIO=m @@ -4899,6 +4977,7 @@ CONFIG_LEDS_LP5562=m CONFIG_LEDS_CLEVO_MAIL=m CONFIG_LEDS_PCA955X=m # CONFIG_LEDS_PCA963X is not set +CONFIG_LEDS_PCA9685=m # CONFIG_LEDS_DAC124S085 is not set CONFIG_LEDS_BD2802=m CONFIG_LEDS_INTEL_SS4200=m @@ -5055,6 +5134,7 @@ CONFIG_DMA_ACPI=y # CONFIG_ASYNC_TX_DMA=y # CONFIG_DMATEST is not set +CONFIG_DMA_ENGINE_RAID=y CONFIG_DCA=m CONFIG_AUXDISPLAY=y CONFIG_KS0108=m @@ -5255,15 +5335,11 @@ CONFIG_FT1000_PCMCIA=m # CONFIG_SPEAKUP=m CONFIG_SPEAKUP_SYNTH_ACNTSA=m -CONFIG_SPEAKUP_SYNTH_ACNTPC=m CONFIG_SPEAKUP_SYNTH_APOLLO=m CONFIG_SPEAKUP_SYNTH_AUDPTR=m CONFIG_SPEAKUP_SYNTH_BNS=m CONFIG_SPEAKUP_SYNTH_DECTLK=m CONFIG_SPEAKUP_SYNTH_DECEXT=m -CONFIG_SPEAKUP_SYNTH_DECPC=m -CONFIG_SPEAKUP_SYNTH_DTLK=m -CONFIG_SPEAKUP_SYNTH_KEYPC=m CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m @@ -5329,7 +5405,6 @@ CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m CONFIG_ASUS_LAPTOP=m -CONFIG_CHROMEOS_LAPTOP=m CONFIG_DELL_LAPTOP=m CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m @@ -5375,6 +5450,8 @@ CONFIG_APPLE_GMUX=m CONFIG_INTEL_RST=m CONFIG_INTEL_SMARTCONNECT=y CONFIG_PVPANIC=m +CONFIG_CHROME_PLATFORMS=y +CONFIG_CHROMEOS_LAPTOP=m # # Hardware Spinlock drivers @@ -5425,6 +5502,14 @@ CONFIG_FMC_TRIVIAL=m CONFIG_FMC_WRITE_EEPROM=m CONFIG_FMC_CHARDEV=m +# +# PHY Subsystem +# +CONFIG_GENERIC_PHY=m +CONFIG_PHY_EXYNOS_MIPI_VIDEO=m +CONFIG_POWERCAP=y +CONFIG_INTEL_RAPL=m + # # Firmware Drivers # @@ -5443,6 +5528,7 @@ CONFIG_ISCSI_IBFT=m # EFI (Extensible Firmware Interface) Support # # CONFIG_EFI_VARS is not set +CONFIG_UEFI_CPER=y # # File systems @@ -5549,7 +5635,9 @@ CONFIG_NTFS_RW=y # Pseudo filesystems # CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y @@ -5574,9 +5662,7 @@ CONFIG_JFFS2_FS_DEBUG=0 CONFIG_JFFS2_FS_WRITEBUFFER=y # CONFIG_JFFS2_FS_WBUF_VERIFY is not set # CONFIG_JFFS2_SUMMARY is not set -CONFIG_JFFS2_FS_XATTR=y -CONFIG_JFFS2_FS_POSIX_ACL=y -CONFIG_JFFS2_FS_SECURITY=y +# CONFIG_JFFS2_FS_XATTR is not set # CONFIG_JFFS2_COMPRESSION_OPTIONS is not set CONFIG_JFFS2_ZLIB=y # CONFIG_JFFS2_LZO is not set @@ -5589,6 +5675,11 @@ CONFIG_UBIFS_FS_ZLIB=y CONFIG_LOGFS=m CONFIG_CRAMFS=m CONFIG_SQUASHFS=m +# CONFIG_SQUASHFS_FILE_CACHE is not set +CONFIG_SQUASHFS_FILE_DIRECT=y +# CONFIG_SQUASHFS_DECOMP_SINGLE is not set +# CONFIG_SQUASHFS_DECOMP_MULTI is not set +CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_LZO=y @@ -5618,6 +5709,7 @@ CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y +CONFIG_F2FS_CHECK_FS=y CONFIG_EFIVAR_FS=y CONFIG_ORE=m CONFIG_NETWORK_FILESYSTEMS=y @@ -5633,6 +5725,7 @@ CONFIG_PNFS_FILE_LAYOUT=m CONFIG_PNFS_BLOCK=m CONFIG_PNFS_OBJLAYOUT=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="linux-libre.fsfla.org" +CONFIG_NFS_V4_1_MIGRATION=y CONFIG_NFS_V4_SECURITY_LABEL=y CONFIG_NFS_FSCACHE=y # CONFIG_NFS_USE_LEGACY_DNS is not set @@ -5770,6 +5863,7 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_FRAME_POINTER=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 CONFIG_DEBUG_KERNEL=y # @@ -5828,7 +5922,7 @@ CONFIG_STACKTRACE=y # CONFIG_DEBUG_KOBJECT is not set CONFIG_DEBUG_BUGVERBOSE=y # CONFIG_DEBUG_WRITECOUNT is not set -CONFIG_DEBUG_LIST=y +# CONFIG_DEBUG_LIST is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set # CONFIG_DEBUG_CREDENTIALS is not set @@ -5846,6 +5940,7 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=60 # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set # CONFIG_NOTIFIER_ERROR_INJECTION is not set # CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y # CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set CONFIG_USER_STACKTRACE_SUPPORT=y @@ -5905,10 +6000,13 @@ CONFIG_LKDTM=m # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_RBTREE_TEST is not set # CONFIG_INTERVAL_TREE_TEST is not set +CONFIG_PERCPU_TEST=m # CONFIG_ATOMIC64_SELFTEST is not set CONFIG_ASYNC_RAID6_TEST=m # CONFIG_TEST_STRING_HELPERS is not set CONFIG_TEST_KSTRTOX=m +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_FIREWIRE_OHCI_REMOTE_DMA is not set # CONFIG_DMA_API_DEBUG is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y @@ -5917,7 +6015,11 @@ CONFIG_STRICT_DEVMEM=y CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set +CONFIG_EARLY_PRINTK_EFI=y # CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA=y +# CONFIG_DEBUG_RODATA_TEST is not set +# CONFIG_DEBUG_SET_MODULE_RONX is not set # CONFIG_DEBUG_NX_TEST is not set CONFIG_DOUBLEFAULT=y # CONFIG_DEBUG_TLBFLUSH is not set @@ -6019,6 +6121,7 @@ CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODHARDEN=y CONFIG_GRKERNSEC_HIDESYM=y +# CONFIG_GRKERNSEC_RANDSTRUCT is not set CONFIG_GRKERNSEC_KERN_LOCKOUT=y # @@ -6121,6 +6224,8 @@ CONFIG_GRKERNSEC_SYSCTL_ON=y CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=6 CONFIG_KEYS=y +CONFIG_PERSISTENT_KEYRINGS=y +CONFIG_BIG_KEYS=y CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m # CONFIG_KEYS_DEBUG_PROC_KEYS is not set @@ -6131,8 +6236,16 @@ CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set -# CONFIG_SECURITY_SELINUX is not set -# CONFIG_SECURITY_SMACK is not set +CONFIG_LSM_MMAP_MIN_ADDR=65536 +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 +# CONFIG_SECURITY_SELINUX_DISABLE is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set +CONFIG_SECURITY_SMACK=y CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 @@ -6142,9 +6255,14 @@ CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_YAMA=y +CONFIG_SECURITY_YAMA_STACKED=y # CONFIG_IMA is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set +# CONFIG_DEFAULT_SECURITY_YAMA is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_EXPLOIT_DETECTION=y @@ -6182,7 +6300,7 @@ CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_TEST=m -CONFIG_CRYPTO_ABLK_HELPER_X86=m +CONFIG_CRYPTO_ABLK_HELPER=m CONFIG_CRYPTO_GLUE_HELPER_X86=m # @@ -6232,7 +6350,7 @@ CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA1_SSSE3=m CONFIG_CRYPTO_SHA256_SSSE3=m CONFIG_CRYPTO_SHA512_SSSE3=m -CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA256=m CONFIG_CRYPTO_SHA512=m CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_WP512=m @@ -6291,6 +6409,7 @@ CONFIG_CRYPTO_ANSI_CPRNG=m CONFIG_CRYPTO_USER_API=m CONFIG_CRYPTO_USER_API_HASH=m CONFIG_CRYPTO_USER_API_SKCIPHER=m +CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_HW=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m @@ -6308,6 +6427,7 @@ CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y +CONFIG_KVM_VFIO=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_INTEL=m @@ -6330,7 +6450,6 @@ CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_IO=y CONFIG_PERCPU_RWSEM=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y -CONFIG_CMPXCHG_LOCKREF=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=m @@ -6344,6 +6463,7 @@ CONFIG_CRC32_SLICEBY8=y CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m +# CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y CONFIG_LZO_COMPRESS=y @@ -6377,6 +6497,7 @@ CONFIG_TEXTSEARCH_KMP=m CONFIG_TEXTSEARCH_BM=m CONFIG_TEXTSEARCH_FSM=m CONFIG_BTREE=y +CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y diff --git a/kernels/linux-libre-grsec/i8042-fix-aliases.patch b/kernels/linux-libre-grsec/i8042-fix-aliases.patch new file mode 100644 index 000000000..961968c78 --- /dev/null +++ b/kernels/linux-libre-grsec/i8042-fix-aliases.patch @@ -0,0 +1,113 @@ +commit 5a420e61e39862c7c3356080eddb23dfe4ccadb7 +Author: Tom Gundersen +Date: Sun Jan 26 17:00:32 2014 +0100 + + Input: i8042 - fix PNP modaliases when both aux and kdb are enabled + + Commit 78551277e4 exposed the PNP modaliases for the i8042 module. However, + when both the aux and the kbd drivers are enabled the aux entries would + override the kdb ones. + + Refactor the device_id lists, and unconditionally attempt to load the driver + if either a kdb or aux devices is present. + + Signed-off-by: Tom Gundersen + +diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h +index 0ec9abb..dbc6958 100644 +--- a/drivers/input/serio/i8042-x86ia64io.h ++++ b/drivers/input/serio/i8042-x86ia64io.h +@@ -747,25 +747,27 @@ static int i8042_pnp_aux_probe(struct pnp_dev *dev, const struct pnp_device_id * + return 0; + } + +-static struct pnp_device_id pnp_kbd_devids[] = { +- { .id = "PNP0300", .driver_data = 0 }, +- { .id = "PNP0301", .driver_data = 0 }, +- { .id = "PNP0302", .driver_data = 0 }, +- { .id = "PNP0303", .driver_data = 0 }, +- { .id = "PNP0304", .driver_data = 0 }, +- { .id = "PNP0305", .driver_data = 0 }, +- { .id = "PNP0306", .driver_data = 0 }, +- { .id = "PNP0309", .driver_data = 0 }, +- { .id = "PNP030a", .driver_data = 0 }, +- { .id = "PNP030b", .driver_data = 0 }, +- { .id = "PNP0320", .driver_data = 0 }, +- { .id = "PNP0343", .driver_data = 0 }, +- { .id = "PNP0344", .driver_data = 0 }, +- { .id = "PNP0345", .driver_data = 0 }, ++#define KBD_DEVIDS \ ++ { .id = "PNP0300", .driver_data = 0 }, \ ++ { .id = "PNP0301", .driver_data = 0 }, \ ++ { .id = "PNP0302", .driver_data = 0 }, \ ++ { .id = "PNP0303", .driver_data = 0 }, \ ++ { .id = "PNP0304", .driver_data = 0 }, \ ++ { .id = "PNP0305", .driver_data = 0 }, \ ++ { .id = "PNP0306", .driver_data = 0 }, \ ++ { .id = "PNP0309", .driver_data = 0 }, \ ++ { .id = "PNP030a", .driver_data = 0 }, \ ++ { .id = "PNP030b", .driver_data = 0 }, \ ++ { .id = "PNP0320", .driver_data = 0 }, \ ++ { .id = "PNP0343", .driver_data = 0 }, \ ++ { .id = "PNP0344", .driver_data = 0 }, \ ++ { .id = "PNP0345", .driver_data = 0 }, \ + { .id = "CPQA0D7", .driver_data = 0 }, ++ ++static struct pnp_device_id pnp_kbd_devids[] = { ++ KBD_DEVIDS + { .id = "", }, + }; +-MODULE_DEVICE_TABLE(pnp, pnp_kbd_devids); + + static struct pnp_driver i8042_pnp_kbd_driver = { + .name = "i8042 kbd", +@@ -773,21 +775,23 @@ static struct pnp_driver i8042_pnp_kbd_driver = { + .probe = i8042_pnp_kbd_probe, + }; + +-static struct pnp_device_id pnp_aux_devids[] = { +- { .id = "AUI0200", .driver_data = 0 }, +- { .id = "FJC6000", .driver_data = 0 }, +- { .id = "FJC6001", .driver_data = 0 }, +- { .id = "PNP0f03", .driver_data = 0 }, +- { .id = "PNP0f0b", .driver_data = 0 }, +- { .id = "PNP0f0e", .driver_data = 0 }, +- { .id = "PNP0f12", .driver_data = 0 }, +- { .id = "PNP0f13", .driver_data = 0 }, +- { .id = "PNP0f19", .driver_data = 0 }, +- { .id = "PNP0f1c", .driver_data = 0 }, ++#define AUX_DEVIDS \ ++ { .id = "AUI0200", .driver_data = 0 }, \ ++ { .id = "FJC6000", .driver_data = 0 }, \ ++ { .id = "FJC6001", .driver_data = 0 }, \ ++ { .id = "PNP0f03", .driver_data = 0 }, \ ++ { .id = "PNP0f0b", .driver_data = 0 }, \ ++ { .id = "PNP0f0e", .driver_data = 0 }, \ ++ { .id = "PNP0f12", .driver_data = 0 }, \ ++ { .id = "PNP0f13", .driver_data = 0 }, \ ++ { .id = "PNP0f19", .driver_data = 0 }, \ ++ { .id = "PNP0f1c", .driver_data = 0 }, \ + { .id = "SYN0801", .driver_data = 0 }, ++ ++static struct pnp_device_id pnp_aux_devids[] = { ++ AUX_DEVIDS + { .id = "", }, + }; +-MODULE_DEVICE_TABLE(pnp, pnp_aux_devids); + + static struct pnp_driver i8042_pnp_aux_driver = { + .name = "i8042 aux", +@@ -795,6 +799,13 @@ static struct pnp_driver i8042_pnp_aux_driver = { + .probe = i8042_pnp_aux_probe, + }; + ++static struct pnp_device_id pnp_kdb_aux_devids[] = { ++ KBD_DEVIDS ++ AUX_DEVIDS ++ { .id = "", }, ++}; ++MODULE_DEVICE_TABLE(pnp, pnp_kdb_aux_devids); ++ + static void i8042_pnp_exit(void) + { + if (i8042_pnp_kbd_registered) { diff --git a/kernels/linux-libre-grsec/nfs-check-gssd-running-before-krb5i-auth.patch b/kernels/linux-libre-grsec/nfs-check-gssd-running-before-krb5i-auth.patch deleted file mode 100644 index be81fec76..000000000 --- a/kernels/linux-libre-grsec/nfs-check-gssd-running-before-krb5i-auth.patch +++ /dev/null @@ -1,48 +0,0 @@ -Bugzilla: N/A -Upstream-status: queued in NFS git tree (for 3.13/3.14?) - -Currently, the client will attempt to use krb5i in the SETCLIENTID call -even if rpc.gssd isn't running. When that fails, it'll then fall back to -RPC_AUTH_UNIX. This introduced a delay when mounting if rpc.gssd isn't -running, and causes warning messages to pop up in the ring buffer. - -Check to see if rpc.gssd is running before even attempting to use krb5i -auth, and just silently skip trying to do so if it isn't. In the event -that the admin is actually trying to mount with krb5*, it will still -fail at a later stage of the mount attempt. - -Signed-off-by: Jeff Layton -Signed-off-by: Trond Myklebust ---- - fs/nfs/nfs4client.c | 7 ++++++- - 1 files changed, 6 insertions(+), 1 deletions(-) - -diff -up linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c ---- linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/fs/nfs/nfs4client.c 2013-11-21 10:20:27.288286000 -0500 -@@ -10,6 +10,7 @@ - #include - #include - #include -+#include - #include "internal.h" - #include "callback.h" - #include "delegation.h" -@@ -206,7 +207,11 @@ struct nfs_client *nfs4_init_client(stru - if (clp->cl_minorversion != 0) - __set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags); - __set_bit(NFS_CS_DISCRTRY, &clp->cl_flags); -- error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I); -+ -+ error = -EINVAL; -+ if (gssd_running(clp->cl_net)) -+ error = nfs_create_rpc_client(clp, timeparms, -+ RPC_AUTH_GSS_KRB5I); - if (error == -EINVAL) - error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX); - if (error < 0) - -_______________________________________________ -kernel mailing list -kernel@lists.fedoraproject.org -https://admin.fedoraproject.org/mailman/listinfo/kernel diff --git a/kernels/linux-libre-grsec/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch b/kernels/linux-libre-grsec/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch deleted file mode 100644 index ed03f34dd..000000000 --- a/kernels/linux-libre-grsec/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch +++ /dev/null @@ -1,50 +0,0 @@ -Bugzilla: 1037793 -Upstream-status: submitted for 3.14 - -Currently, it could leak dentry references in some cases. Make sure -we clean up properly. - -Signed-off-by: Jeff Layton ---- - net/sunrpc/rpc_pipe.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 5d973b2..b185548 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -1369,6 +1369,18 @@ out: - return pipe_dentry; - } - -+static void -+rpc_gssd_dummy_depopulate(struct dentry *pipe_dentry) -+{ -+ struct dentry *clnt_dir = pipe_dentry->d_parent; -+ struct dentry *gssd_dir = clnt_dir->d_parent; -+ -+ __rpc_rmpipe(clnt_dir->d_inode, pipe_dentry); -+ __rpc_depopulate(clnt_dir, gssd_dummy_info_file, 0, 1); -+ __rpc_depopulate(gssd_dir, gssd_dummy_clnt_dir, 0, 1); -+ dput(pipe_dentry); -+} -+ - static int - rpc_fill_super(struct super_block *sb, void *data, int silent) - { -@@ -1412,7 +1424,7 @@ rpc_fill_super(struct super_block *sb, void *data, int silent) - return 0; - - err_depopulate: -- dput(gssd_dentry); -+ rpc_gssd_dummy_depopulate(gssd_dentry); - blocking_notifier_call_chain(&rpc_pipefs_notifier_list, - RPC_PIPEFS_UMOUNT, - sb); --- -1.8.4.2 - --- -To unsubscribe from this list: send the line "unsubscribe linux-nfs" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/kernels/linux-libre-grsec/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch b/kernels/linux-libre-grsec/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch deleted file mode 100644 index e4b1a255f..000000000 --- a/kernels/linux-libre-grsec/rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch +++ /dev/null @@ -1,32 +0,0 @@ -Bugzilla: 1037793 -Upstream-status: submitted for 3.14 - -In the event that we create the gssd/clntXX dir, but the pipe creation -subsequently fails, then we should remove the clntXX dir before -returning. - -Signed-off-by: Jeff Layton ---- - net/sunrpc/rpc_pipe.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 5cd7ad1..0b74c61 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -1313,6 +1313,8 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) - } - - pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); -+ if (IS_ERR(pipe_dentry)) -+ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); - out: - dput(clnt_dentry); - dput(gssd_dentry); --- -1.8.4.2 - --- -To unsubscribe from this list: send the line "unsubscribe linux-nfs" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/kernels/linux-libre-grsec/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch b/kernels/linux-libre-grsec/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch deleted file mode 100644 index dd3b5ba2f..000000000 --- a/kernels/linux-libre-grsec/sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch +++ /dev/null @@ -1,96 +0,0 @@ -Bugzilla: 1037793 -Upstream-status: submitted for 3.14 - -rpc.gssd expects to see an "info" file in each clntXX dir. Since adding -the dummy gssd pipe, users that run rpc.gssd see a lot of these messages -spamming the logs: - - rpc.gssd[508]: ERROR: can't open /var/lib/nfs/rpc_pipefs/gssd/clntXX/info: No such file or directory - rpc.gssd[508]: ERROR: failed to read service info - -Add a dummy gssd/clntXX/info file to help silence these messages. - -Signed-off-by: Jeff Layton ---- - net/sunrpc/rpc_pipe.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 49 insertions(+), 1 deletion(-) - -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 0b74c61..5d973b2 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -17,6 +17,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -1275,6 +1276,44 @@ static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { - .downcall = dummy_downcall, - }; - -+/* -+ * Here we present a bogus "info" file to keep rpc.gssd happy. We don't expect -+ * that it will ever use this info to handle an upcall, but rpc.gssd expects -+ * that this file will be there and have a certain format. -+ */ -+static int -+rpc_show_dummy_info(struct seq_file *m, void *v) -+{ -+ seq_printf(m, "RPC server: %s\n", utsname()->nodename); -+ seq_printf(m, "service: foo (1) version 0\n"); -+ seq_printf(m, "address: 127.0.0.1\n"); -+ seq_printf(m, "protocol: tcp\n"); -+ seq_printf(m, "port: 0\n"); -+ return 0; -+} -+ -+static int -+rpc_dummy_info_open(struct inode *inode, struct file *file) -+{ -+ return single_open(file, rpc_show_dummy_info, NULL); -+} -+ -+static const struct file_operations rpc_dummy_info_operations = { -+ .owner = THIS_MODULE, -+ .open = rpc_dummy_info_open, -+ .read = seq_read, -+ .llseek = seq_lseek, -+ .release = single_release, -+}; -+ -+static const struct rpc_filelist gssd_dummy_info_file[] = { -+ [0] = { -+ .name = "info", -+ .i_fop = &rpc_dummy_info_operations, -+ .mode = S_IFREG | S_IRUSR, -+ }, -+}; -+ - /** - * rpc_gssd_dummy_populate - create a dummy gssd pipe - * @root: root of the rpc_pipefs filesystem -@@ -1312,9 +1351,18 @@ rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) - goto out; - } - -+ ret = rpc_populate(clnt_dentry, gssd_dummy_info_file, 0, 1, NULL); -+ if (ret) { -+ __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); -+ pipe_dentry = ERR_PTR(ret); -+ goto out; -+ } -+ - pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); -- if (IS_ERR(pipe_dentry)) -+ if (IS_ERR(pipe_dentry)) { -+ __rpc_depopulate(clnt_dentry, gssd_dummy_info_file, 0, 1); - __rpc_depopulate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1); -+ } - out: - dput(clnt_dentry); - dput(gssd_dentry); --- -1.8.4.2 diff --git a/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch b/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch deleted file mode 100644 index 805498a70..000000000 --- a/kernels/linux-libre-grsec/sunrpc-create-a-new-dummy-pipe-for-gssd-to-hold-open.patch +++ /dev/null @@ -1,233 +0,0 @@ -Bugzilla: N/A -Upstream-status: queued in NFS git tree (for 3.13/3.14?) - -rpc.gssd will naturally hold open any pipe named */clnt*/gssd that shows -up under rpc_pipefs. That behavior gives us a reliable mechanism to tell -whether it's actually running or not. - -Create a new toplevel "gssd" directory in rpc_pipefs when it's mounted. -Under that directory create another directory called "clntXX", and then -within that a pipe called "gssd". - -We'll never send an upcall along that pipe, and any downcall written to -it will just return -EINVAL. - -Signed-off-by: Jeff Layton -Signed-off-by: Trond Myklebust ---- - include/linux/sunrpc/rpc_pipe_fs.h | 3 +- - net/sunrpc/netns.h | 1 + - net/sunrpc/rpc_pipe.c | 93 ++++++++++++++++++++++++++++++++++- - net/sunrpc/sunrpc_syms.c | 8 +++- - 4 files changed, 100 insertions(+), 5 deletions(-) - -diff -up linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h ---- linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/include/linux/sunrpc/rpc_pipe_fs.h 2013-11-21 10:11:17.893026000 -0500 -@@ -64,7 +64,8 @@ enum { - - extern struct dentry *rpc_d_lookup_sb(const struct super_block *sb, - const unsigned char *dir_name); --extern void rpc_pipefs_init_net(struct net *net); -+extern int rpc_pipefs_init_net(struct net *net); -+extern void rpc_pipefs_exit_net(struct net *net); - extern struct super_block *rpc_get_sb_net(const struct net *net); - extern void rpc_put_sb_net(const struct net *net); - -diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h ---- linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/netns.h 2013-11-21 10:11:17.897029000 -0500 -@@ -14,6 +14,7 @@ struct sunrpc_net { - struct cache_detail *rsi_cache; - - struct super_block *pipefs_sb; -+ struct rpc_pipe *gssd_dummy; - struct mutex pipefs_sb_lock; - - struct list_head all_clients; -diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c ---- linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/rpc_pipe.c 2013-11-21 10:11:17.903026000 -0500 -@@ -38,7 +38,7 @@ - #define NET_NAME(net) ((net == &init_net) ? " (init_net)" : "") - - static struct file_system_type rpc_pipe_fs_type; -- -+static const struct rpc_pipe_ops gssd_dummy_pipe_ops; - - static struct kmem_cache *rpc_inode_cachep __read_mostly; - -@@ -1019,6 +1019,7 @@ enum { - RPCAUTH_nfsd4_cb, - RPCAUTH_cache, - RPCAUTH_nfsd, -+ RPCAUTH_gssd, - RPCAUTH_RootEOF - }; - -@@ -1055,6 +1056,10 @@ static const struct rpc_filelist files[] - .name = "nfsd", - .mode = S_IFDIR | S_IRUGO | S_IXUGO, - }, -+ [RPCAUTH_gssd] = { -+ .name = "gssd", -+ .mode = S_IFDIR | S_IRUGO | S_IXUGO, -+ }, - }; - - /* -@@ -1068,13 +1073,25 @@ struct dentry *rpc_d_lookup_sb(const str - } - EXPORT_SYMBOL_GPL(rpc_d_lookup_sb); - --void rpc_pipefs_init_net(struct net *net) -+int rpc_pipefs_init_net(struct net *net) - { - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - -+ sn->gssd_dummy = rpc_mkpipe_data(&gssd_dummy_pipe_ops, 0); -+ if (IS_ERR(sn->gssd_dummy)) -+ return PTR_ERR(sn->gssd_dummy); -+ - mutex_init(&sn->pipefs_sb_lock); - sn->gssd_running = 1; - sn->pipe_version = -1; -+ return 0; -+} -+ -+void rpc_pipefs_exit_net(struct net *net) -+{ -+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); -+ -+ rpc_destroy_pipe_data(sn->gssd_dummy); - } - - /* -@@ -1104,11 +1121,73 @@ void rpc_put_sb_net(const struct net *ne - } - EXPORT_SYMBOL_GPL(rpc_put_sb_net); - -+static const struct rpc_filelist gssd_dummy_clnt_dir[] = { -+ [0] = { -+ .name = "clntXX", -+ .mode = S_IFDIR | S_IRUGO | S_IXUGO, -+ }, -+}; -+ -+static ssize_t -+dummy_downcall(struct file *filp, const char __user *src, size_t len) -+{ -+ return -EINVAL; -+} -+ -+static const struct rpc_pipe_ops gssd_dummy_pipe_ops = { -+ .upcall = rpc_pipe_generic_upcall, -+ .downcall = dummy_downcall, -+}; -+ -+/** -+ * rpc_gssd_dummy_populate - create a dummy gssd pipe -+ * @root: root of the rpc_pipefs filesystem -+ * @pipe_data: pipe data created when netns is initialized -+ * -+ * Create a dummy set of directories and a pipe that gssd can hold open to -+ * indicate that it is up and running. -+ */ -+static struct dentry * -+rpc_gssd_dummy_populate(struct dentry *root, struct rpc_pipe *pipe_data) -+{ -+ int ret = 0; -+ struct dentry *gssd_dentry; -+ struct dentry *clnt_dentry = NULL; -+ struct dentry *pipe_dentry = NULL; -+ struct qstr q = QSTR_INIT(files[RPCAUTH_gssd].name, -+ strlen(files[RPCAUTH_gssd].name)); -+ -+ /* We should never get this far if "gssd" doesn't exist */ -+ gssd_dentry = d_hash_and_lookup(root, &q); -+ if (!gssd_dentry) -+ return ERR_PTR(-ENOENT); -+ -+ ret = rpc_populate(gssd_dentry, gssd_dummy_clnt_dir, 0, 1, NULL); -+ if (ret) { -+ pipe_dentry = ERR_PTR(ret); -+ goto out; -+ } -+ -+ q.name = gssd_dummy_clnt_dir[0].name; -+ q.len = strlen(gssd_dummy_clnt_dir[0].name); -+ clnt_dentry = d_hash_and_lookup(gssd_dentry, &q); -+ if (!clnt_dentry) { -+ pipe_dentry = ERR_PTR(-ENOENT); -+ goto out; -+ } -+ -+ pipe_dentry = rpc_mkpipe_dentry(clnt_dentry, "gssd", NULL, pipe_data); -+out: -+ dput(clnt_dentry); -+ dput(gssd_dentry); -+ return pipe_dentry; -+} -+ - static int - rpc_fill_super(struct super_block *sb, void *data, int silent) - { - struct inode *inode; -- struct dentry *root; -+ struct dentry *root, *gssd_dentry; - struct net *net = data; - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - int err; -@@ -1126,6 +1205,13 @@ rpc_fill_super(struct super_block *sb, v - return -ENOMEM; - if (rpc_populate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF, NULL)) - return -ENOMEM; -+ -+ gssd_dentry = rpc_gssd_dummy_populate(root, sn->gssd_dummy); -+ if (IS_ERR(gssd_dentry)) { -+ __rpc_depopulate(root, files, RPCAUTH_lockd, RPCAUTH_RootEOF); -+ return PTR_ERR(gssd_dentry); -+ } -+ - dprintk("RPC: sending pipefs MOUNT notification for net %p%s\n", - net, NET_NAME(net)); - mutex_lock(&sn->pipefs_sb_lock); -@@ -1140,6 +1226,7 @@ rpc_fill_super(struct super_block *sb, v - return 0; - - err_depopulate: -+ dput(gssd_dentry); - blocking_notifier_call_chain(&rpc_pipefs_notifier_list, - RPC_PIPEFS_UMOUNT, - sb); -diff -up linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c ---- linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c.orig 2013-09-02 16:46:10.000000000 -0400 -+++ linux-3.11.9-200.fc19.x86_64/net/sunrpc/sunrpc_syms.c 2013-11-21 10:11:17.908026000 -0500 -@@ -44,12 +44,17 @@ static __net_init int sunrpc_init_net(st - if (err) - goto err_unixgid; - -- rpc_pipefs_init_net(net); -+ err = rpc_pipefs_init_net(net); -+ if (err) -+ goto err_pipefs; -+ - INIT_LIST_HEAD(&sn->all_clients); - spin_lock_init(&sn->rpc_client_lock); - spin_lock_init(&sn->rpcb_clnt_lock); - return 0; - -+err_pipefs: -+ unix_gid_cache_destroy(net); - err_unixgid: - ip_map_cache_destroy(net); - err_ipmap: -@@ -60,6 +65,7 @@ err_proc: - - static __net_exit void sunrpc_exit_net(struct net *net) - { -+ rpc_pipefs_exit_net(net); - unix_gid_cache_destroy(net); - ip_map_cache_destroy(net); - rpc_proc_exit(net); - diff --git a/kernels/linux-libre-grsec/sunrpc-replace-gssd_running-with-more-reliable-check.patch b/kernels/linux-libre-grsec/sunrpc-replace-gssd_running-with-more-reliable-check.patch deleted file mode 100644 index 8cd5c0090..000000000 --- a/kernels/linux-libre-grsec/sunrpc-replace-gssd_running-with-more-reliable-check.patch +++ /dev/null @@ -1,139 +0,0 @@ -Bugzilla: N/A -Upstream-status: queued in NFS git tree (for 3.13/3.14?) - -Now that we have a more reliable method to tell if gssd is running, we -can replace the sn->gssd_running flag with a function that will query to -see if it's up and running. - -There's also no need to attempt an upcall that we know will fail, so -just return -EACCES if gssd isn't running. Finally, fix the warn_gss() -message not to claim that that the upcall timed out since we don't -necesarily perform one now when gssd isn't running, and remove the -extraneous newline from the message. - -Signed-off-by: Jeff Layton -Signed-off-by: Trond Myklebust ---- - Fixed up to apply to 3.12.1 by Josh Boyer - - include/linux/sunrpc/rpc_pipe_fs.h | 2 ++ - net/sunrpc/auth_gss/auth_gss.c | 17 +++++++---------- - net/sunrpc/netns.h | 2 -- - net/sunrpc/rpc_pipe.c | 14 ++++++++++---- - 4 files changed, 19 insertions(+), 16 deletions(-) - -diff --git a/include/linux/sunrpc/rpc_pipe_fs.h b/include/linux/sunrpc/rpc_pipe_fs.h -index 85f1342..7f490be 100644 ---- a/include/linux/sunrpc/rpc_pipe_fs.h -+++ b/include/linux/sunrpc/rpc_pipe_fs.h -@@ -131,5 +131,7 @@ extern int rpc_unlink(struct dentry *); - extern int register_rpc_pipefs(void); - extern void unregister_rpc_pipefs(void); - -+extern bool gssd_running(struct net *net); -+ - #endif - #endif -diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c -index 0846566..1ada878 100644 ---- a/net/sunrpc/auth_gss/auth_gss.c -+++ b/net/sunrpc/auth_gss/auth_gss.c -@@ -517,8 +517,7 @@ static void warn_gssd(void) - unsigned long now = jiffies; - - if (time_after(now, ratelimit)) { -- printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n" -- "Please check user daemon is running.\n"); -+ pr_warn("RPC: AUTH_GSS upcall failed. Please check user daemon is running.\n"); - ratelimit = now + 15*HZ; - } - } -@@ -581,7 +580,6 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) - struct rpc_pipe *pipe; - struct rpc_cred *cred = &gss_cred->gc_base; - struct gss_upcall_msg *gss_msg; -- unsigned long timeout; - DEFINE_WAIT(wait); - int err; - -@@ -589,17 +587,16 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) - __func__, from_kuid(&init_user_ns, cred->cr_uid)); - retry: - err = 0; -- /* Default timeout is 15s unless we know that gssd is not running */ -- timeout = 15 * HZ; -- if (!sn->gssd_running) -- timeout = HZ >> 2; -+ /* if gssd is down, just skip upcalling altogether */ -+ if (!gssd_running(net)) { -+ warn_gssd(); -+ return -EACCES; -+ } - gss_msg = gss_setup_upcall(gss_auth, cred); - if (PTR_ERR(gss_msg) == -EAGAIN) { - err = wait_event_interruptible_timeout(pipe_version_waitqueue, -- sn->pipe_version >= 0, timeout); -+ sn->pipe_version >= 0, 15 * HZ); - if (sn->pipe_version < 0) { -- if (err == 0) -- sn->gssd_running = 0; - warn_gssd(); - err = -EACCES; - } -diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h -index 8a8e841..94e506f 100644 ---- a/net/sunrpc/netns.h -+++ b/net/sunrpc/netns.h -@@ -33,8 +33,6 @@ struct sunrpc_net { - int pipe_version; - atomic_t pipe_users; - struct proc_dir_entry *use_gssp_proc; -- -- unsigned int gssd_running; - }; - - extern int sunrpc_net_id; -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 40aef18..ad444f3 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -216,14 +216,11 @@ rpc_destroy_inode(struct inode *inode) - static int - rpc_pipe_open(struct inode *inode, struct file *filp) - { -- struct net *net = inode->i_sb->s_fs_info; -- struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - struct rpc_pipe *pipe; - int first_open; - int res = -ENXIO; - - mutex_lock(&inode->i_mutex); -- sn->gssd_running = 1; - pipe = RPC_I(inode)->pipe; - if (pipe == NULL) - goto out; -@@ -1231,7 +1228,6 @@ int rpc_pipefs_init_net(struct net *net) - return PTR_ERR(sn->gssd_dummy); - - mutex_init(&sn->pipefs_sb_lock); -- sn->gssd_running = 1; - sn->pipe_version = -1; - return 0; - } -@@ -1385,6 +1381,16 @@ err_depopulate: - return err; - } - -+bool -+gssd_running(struct net *net) -+{ -+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); -+ struct rpc_pipe *pipe = sn->gssd_dummy; -+ -+ return pipe->nreaders || pipe->nwriters; -+} -+EXPORT_SYMBOL_GPL(gssd_running); -+ - static struct dentry * - rpc_mount(struct file_system_type *fs_type, - int flags, const char *dev_name, void *data) -- cgit v1.2.3