[upd] bump to latest

7 files changed, 213 insertions, 35 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 3e763c92bd12..e9672dbcd607 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 # Generated by mksrcinfo v8
-# Wed Dec 13 14:37:04 UTC 2017
+# Sun Jan 21 23:29:57 UTC 2018
 pkgbase = linux-tomoyo
-	pkgver = 4.14.5
+	pkgver = 4.14.14
 	pkgrel = 1
 	url = https://www.kernel.org/
 	arch = x86_64
@@ -14,22 +14,28 @@ pkgbase = linux-tomoyo
 	options = !strip
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.5.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.5.sign
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.14.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.14.sign
 	source = config
 	source = 60-linux.hook
 	source = 90-linux.hook
 	source = linux.preset
 	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+	source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+	source = 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+	source = 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
 	sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7
 	sha256sums = SKIP
-	sha256sums = d86eb2fd1c424fec9fbb12afacf7b783756651f5d7d0cf7ac71c3fbbbedddc9c
+	sha256sums = 62d656b98f0dc143216cb9650bd9b96cd83d92925731e9f0bec5eb4d6358e603
 	sha256sums = SKIP
-	sha256sums = bfde21c325d39013463c38e9fa23d6d6481238b8509eea4ae38906127017e47d
+	sha256sums = edaf7bebcaf3032e3bf15353e0773e39872c73fc024ca4d23383195a13745b2e
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
 	sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
-	sha256sums = 37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85
+	sha256sums = 36b1118c8dedadc4851150ddd4eb07b1c58ac5bbf3022cc2501a27c2b476da98
+	sha256sums = 5694022613bb49a77d3dfafdd2e635e9015e0a9069c58a07e99bdc5df6520311
+	sha256sums = 2f46093fde72eabc0fd25eff5065d780619fc5e7d2143d048877a8220d6291b0
+	sha256sums = 6364edabad4182dcf148ae7c14d8f45d61037d4539e76486f978f1af3a090794
 
 pkgname = linux-tomoyo
 	pkgdesc = The Linux kernel with TOMOYO configuration
@@ -39,14 +45,14 @@ pkgname = linux-tomoyo
 	depends = kmod
 	depends = mkinitcpio>=0.7
 	optdepends = crda: to set the correct wireless channels of your country
-	provides = linux-tomoyo=4.14.5
+	provides = linux-tomoyo=4.14.14
 	backup = etc/mkinitcpio.d/linux-tomoyo.preset
 
 pkgname = linux-tomoyo-headers
 	pkgdesc = Header files and scripts for building modules for Linux-tomoyo kernel
-	provides = linux-tomoyo-headers=4.14.5
+	provides = linux-tomoyo-headers=4.14.14
 
 pkgname = linux-tomoyo-docs
 	pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-tomoyo kernel
-	provides = linux-tomoyo-docs=4.14.5
+	provides = linux-tomoyo-docs=4.14.14
 
diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index 29582c2bf608..a989d666aa76 100644
--- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -1,8 +1,9 @@
-From 5ec2dd3a095442ec1a21d86042a4994f2ba24e63 Mon Sep 17 00:00:00 2001
-Message-Id: <5ec2dd3a095442ec1a21d86042a4994f2ba24e63.1512651251.git.jan.steffens@gmail.com>
+From 4e54373158caa50df5402fdd3db1794c5394026b Mon Sep 17 00:00:00 2001
+Message-Id: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
 From: Serge Hallyn <serge.hallyn@canonical.com>
 Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default
+Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by
+ default
 
 Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
 [bwh: Remove unneeded binary sysctl bits]
@@ -14,7 +15,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com>
  3 files changed, 30 insertions(+)
 
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 07cc743698d3668e..4011d68a8ff9305c 100644
+index 500ce64517d9..35f5860958b4 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -102,6 +102,11 @@
@@ -29,7 +30,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644
  
  /*
   * Minimum number of threads to boot the kernel
-@@ -1555,6 +1560,10 @@ static __latent_entropy struct task_struct *copy_process(
+@@ -1554,6 +1559,10 @@ static __latent_entropy struct task_struct *copy_process(
  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
@@ -40,7 +41,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
-@@ -2348,6 +2357,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -2347,6 +2356,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
  	if (unshare_flags & CLONE_NEWNS)
  		unshare_flags |= CLONE_FS;
  
@@ -54,7 +55,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644
  	if (err)
  		goto bad_unshare_out;
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index b86520ed3fb60fbf..f7dab3760839f1a1 100644
+index 56aca862c4f5..e8402ba393c1 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
 @@ -105,6 +105,9 @@ extern int core_uses_pid;
@@ -84,7 +85,7 @@ index b86520ed3fb60fbf..f7dab3760839f1a1 100644
  	{
  		.procname	= "tainted",
 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index c490f1e4313b998a..dd03bd39d7bf194d 100644
+index c490f1e4313b..dd03bd39d7bf 100644
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
 @@ -24,6 +24,9 @@
diff --git a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
new file mode 100644
index 000000000000..da886c8a50f6
--- /dev/null
+++ b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
@@ -0,0 +1,57 @@
+From 8514970bf07bd1cc522f50e882e0159a51a39264 Mon Sep 17 00:00:00 2001
+Message-Id: <8514970bf07bd1cc522f50e882e0159a51a39264.1516188238.git.jan.steffens@gmail.com>
+In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+From: Mohamed Ghannam <simo.ghannam@gmail.com>
+Date: Tue, 5 Dec 2017 20:58:35 +0000
+Subject: [PATCH 2/4] dccp: CVE-2017-8824: use-after-free in DCCP code
+
+Whenever the sock object is in DCCP_CLOSED state,
+dccp_disconnect() must free dccps_hc_tx_ccid and
+dccps_hc_rx_ccid and set to NULL.
+
+Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/dccp/proto.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/net/dccp/proto.c b/net/dccp/proto.c
+index b68168fcc06a..9d43c1f40274 100644
+--- a/net/dccp/proto.c
++++ b/net/dccp/proto.c
+@@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags)
+ {
+ 	struct inet_connection_sock *icsk = inet_csk(sk);
+ 	struct inet_sock *inet = inet_sk(sk);
++	struct dccp_sock *dp = dccp_sk(sk);
+ 	int err = 0;
+ 	const int old_state = sk->sk_state;
+ 
+ 	if (old_state != DCCP_CLOSED)
+ 		dccp_set_state(sk, DCCP_CLOSED);
+ 
+ 	/*
+ 	 * This corresponds to the ABORT function of RFC793, sec. 3.8
+ 	 * TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted".
+ 	 */
+ 	if (old_state == DCCP_LISTEN) {
+ 		inet_csk_listen_stop(sk);
+ 	} else if (dccp_need_reset(old_state)) {
+ 		dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED);
+ 		sk->sk_err = ECONNRESET;
+ 	} else if (old_state == DCCP_REQUESTING)
+ 		sk->sk_err = ECONNRESET;
+ 
+ 	dccp_clear_xmit_timers(sk);
++	ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
++	ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);
++	dp->dccps_hc_rx_ccid = NULL;
++	dp->dccps_hc_tx_ccid = NULL;
+ 
+ 	__skb_queue_purge(&sk->sk_receive_queue);
+ 	__skb_queue_purge(&sk->sk_write_queue);
+-- 
+2.15.1
+
diff --git a/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
new file mode 100644
index 000000000000..8a3ea3008a14
--- /dev/null
+++ b/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
@@ -0,0 +1,49 @@
+From c9c8995fc83b476fdf3fc0c4b498feef2949ec75 Mon Sep 17 00:00:00 2001
+Message-Id: <c9c8995fc83b476fdf3fc0c4b498feef2949ec75.1516188238.git.jan.steffens@gmail.com>
+In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Date: Fri, 22 Dec 2017 10:44:57 +0100
+Subject: [PATCH 3/4] xfrm: Fix stack-out-of-bounds read on socket policy
+ lookup.
+
+When we do tunnel or beet mode, we pass saddr and daddr from the
+template to xfrm_state_find(), this is ok. On transport mode,
+we pass the addresses from the flowi, assuming that the IP
+addresses (and address family) don't change during transformation.
+This assumption is wrong in the IPv4 mapped IPv6 case, packet
+is IPv4 and template is IPv6.
+
+Fix this by catching address family missmatches of the policy
+and the flow already before we do the lookup.
+
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+---
+ net/xfrm/xfrm_policy.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index 6bc16bb61b55..50c5f46b5cca 100644
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
+  again:
+ 	pol = rcu_dereference(sk->sk_policy[dir]);
+ 	if (pol != NULL) {
+-		bool match = xfrm_selector_match(&pol->selector, fl, family);
++		bool match;
+ 		int err = 0;
+ 
++		if (pol->family != family) {
++			pol = NULL;
++			goto out;
++		}
++
++		match = xfrm_selector_match(&pol->selector, fl, family);
+ 		if (match) {
+ 			if ((sk->sk_mark & pol->mark.m) != pol->mark.v) {
+ 				pol = NULL;
+-- 
+2.15.1
+
diff --git a/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
new file mode 100644
index 000000000000..f77c9b5c12c4
--- /dev/null
+++ b/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
@@ -0,0 +1,42 @@
+From e722c8d112f0aa9621d7d4da5223cfc7aeb45e88 Mon Sep 17 00:00:00 2001
+Message-Id: <e722c8d112f0aa9621d7d4da5223cfc7aeb45e88.1516188238.git.jan.steffens@gmail.com>
+In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+From: Jim Bride <jim.bride@linux.intel.com>
+Date: Mon, 6 Nov 2017 13:38:57 -0800
+Subject: [PATCH 4/4] drm/i915/edp: Only use the alternate fixed mode if it's
+ asked for
+
+In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for
+eDP if available."), the patch allows for the use of an alternate fixed
+mode if it is available, but the patch was not ensuring that the only
+time the alternate mode is used is when it is specifically requested.
+This patch adds an additional comparison to intel_edp_compare_alt_mode
+to ensure that we only use the alternate mode if it is directly
+requested.
+
+Fixes: dc911f5bd8aac ("Allow alternate fixed mode for eDP if available.")
+Cc: David Weinehall <david.weinehall@linux.intel.com>
+Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Signed-off-by: Jim Bride <jim.bride@linux.intel.com>
+---
+ drivers/gpu/drm/i915/intel_dp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
+index 09f274419eea..838cee312e8e 100644
+--- a/drivers/gpu/drm/i915/intel_dp.c
++++ b/drivers/gpu/drm/i915/intel_dp.c
+@@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1,
+ 			m1->vdisplay == m2->vdisplay &&
+ 			m1->vsync_start == m2->vsync_start &&
+ 			m1->vsync_end == m2->vsync_end &&
+-			m1->vtotal == m2->vtotal);
++			m1->vtotal == m2->vtotal &&
++			m1->vrefresh == m2->vrefresh);
+ 	return bres;
+ }
+ 
+-- 
+2.15.1
+
diff --git a/PKGBUILD b/PKGBUILD
index 261f615ab59d..9a18af138ddc 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@
 
 pkgbase=linux-tomoyo
 _srcname=linux-4.14
-pkgver=4.14.5
+pkgver=4.14.14
 pkgrel=1
 arch=('x86_64')
 url="https://www.kernel.org/"
@@ -26,17 +26,23 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
         # standard config files for mkinitcpio ramdisk
         'linux.preset'
         0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+        0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+        0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+        0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
         )
 
 sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
             'SKIP'
-            'd86eb2fd1c424fec9fbb12afacf7b783756651f5d7d0cf7ac71c3fbbbedddc9c'
+            '62d656b98f0dc143216cb9650bd9b96cd83d92925731e9f0bec5eb4d6358e603'
             'SKIP'
-            'bfde21c325d39013463c38e9fa23d6d6481238b8509eea4ae38906127017e47d'
+            'edaf7bebcaf3032e3bf15353e0773e39872c73fc024ca4d23383195a13745b2e'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
-            '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85')
+            '36b1118c8dedadc4851150ddd4eb07b1c58ac5bbf3022cc2501a27c2b476da98'
+            '5694022613bb49a77d3dfafdd2e635e9015e0a9069c58a07e99bdc5df6520311'
+            '2f46093fde72eabc0fd25eff5065d780619fc5e7d2143d048877a8220d6291b0'
+            '6364edabad4182dcf148ae7c14d8f45d61037d4539e76486f978f1af3a090794')
 validpgpkeys=(
               'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
               '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@@ -49,6 +55,7 @@ prepare() {
 
   # add upstream patch
   patch -p1 -i ../patch-${pkgver}
+  chmod +x tools/objtool/sync-check.sh  # GNU patch doesn't support git-style file mode
 
   # security patches
 
@@ -58,6 +65,15 @@ prepare() {
   # disable USER_NS for non-root users by default
   patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
 
+  # https://nvd.nist.gov/vuln/detail/CVE-2017-8824
+  patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+
+  # https://bugs.archlinux.org/task/56605
+  patch -Np1 -i ../0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+
+  # https://bugs.archlinux.org/task/56711
+  patch -Np1 -i ../0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+
   cp -Tf ../config .config
 
   # Enable TOMOYO Linux
@@ -210,6 +226,9 @@ _package-headers() {
   # remove files already in linux-docs package
   rm -r "${_builddir}/Documentation"
 
+  # remove now broken symlinks
+  find -L "${_builddir}" -type l -printf 'Removing %P\n' -delete
+
   # Fix permissions
   chmod -R u=rwX,go=rX "${_builddir}"
 
diff --git a/config b/config
index 18216337289e..ca2bcf3c8456 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.4-2 Kernel Configuration
+# Linux/x86 4.14.14-1 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -262,6 +262,7 @@ CONFIG_OPROFILE_NMI_TIMER=y
 CONFIG_KPROBES=y
 CONFIG_JUMP_LABEL=y
 # CONFIG_STATIC_KEYS_SELFTEST is not set
+CONFIG_OPTPROBES=y
 CONFIG_KPROBES_ON_FTRACE=y
 CONFIG_UPROBES=y
 # CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
@@ -342,6 +343,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
+CONFIG_ARCH_HAS_REFCOUNT=y
 # CONFIG_REFCOUNT_FULL is not set
 
 #
@@ -447,6 +449,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y
 CONFIG_X86_X2APIC=y
 CONFIG_X86_MPPARSE=y
 # CONFIG_GOLDFISH is not set
+CONFIG_RETPOLINE=y
 CONFIG_INTEL_RDT=y
 # CONFIG_X86_EXTENDED_PLATFORM is not set
 CONFIG_X86_INTEL_LPSS=y
@@ -1853,6 +1856,7 @@ CONFIG_DEV_COREDUMP=y
 CONFIG_SYS_HYPERVISOR=y
 # CONFIG_GENERIC_CPU_DEVICES is not set
 CONFIG_GENERIC_CPU_AUTOPROBE=y
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
 CONFIG_REGMAP=y
 CONFIG_REGMAP_I2C=y
 CONFIG_REGMAP_SPI=y
@@ -2242,7 +2246,7 @@ CONFIG_SCSI_HPTIOP=m
 CONFIG_SCSI_BUSLOGIC=m
 CONFIG_SCSI_FLASHPOINT=y
 CONFIG_VMWARE_PVSCSI=m
-# CONFIG_XEN_SCSI_FRONTEND is not set
+CONFIG_XEN_SCSI_FRONTEND=m
 CONFIG_HYPERV_STORAGE=m
 CONFIG_LIBFC=m
 CONFIG_LIBFCOE=m
@@ -2252,8 +2256,8 @@ CONFIG_SCSI_SNIC=m
 # CONFIG_SCSI_SNIC_DEBUG_FS is not set
 CONFIG_SCSI_DMX3191D=m
 CONFIG_SCSI_EATA=m
-# CONFIG_SCSI_EATA_TAGGED_QUEUE is not set
-# CONFIG_SCSI_EATA_LINKED_COMMANDS is not set
+CONFIG_SCSI_EATA_TAGGED_QUEUE=y
+CONFIG_SCSI_EATA_LINKED_COMMANDS=y
 CONFIG_SCSI_EATA_MAX_TAGS=16
 CONFIG_SCSI_FUTURE_DOMAIN=m
 CONFIG_SCSI_GDTH=m
@@ -2286,7 +2290,7 @@ CONFIG_SCSI_LPFC=m
 CONFIG_SCSI_DC395x=m
 CONFIG_SCSI_AM53C974=m
 CONFIG_SCSI_WD719X=m
-# CONFIG_SCSI_DEBUG is not set
+CONFIG_SCSI_DEBUG=m
 CONFIG_SCSI_PMCRAID=m
 CONFIG_SCSI_PM8001=m
 CONFIG_SCSI_BFA_FC=m
@@ -4023,8 +4027,7 @@ CONFIG_GPIO_PCI_IDIO_16=m
 CONFIG_GPIO_VIPERBOARD=m
 # CONFIG_W1 is not set
 CONFIG_POWER_AVS=y
-CONFIG_POWER_RESET=y
-# CONFIG_POWER_RESET_RESTART is not set
+# CONFIG_POWER_RESET is not set
 CONFIG_POWER_SUPPLY=y
 # CONFIG_POWER_SUPPLY_DEBUG is not set
 CONFIG_PDA_POWER=m
@@ -5324,7 +5327,7 @@ CONFIG_FB_EFI=y
 # CONFIG_FB_CARMINE is not set
 # CONFIG_FB_SM501 is not set
 # CONFIG_FB_SMSCUFX is not set
-CONFIG_FB_UDL=m
+# CONFIG_FB_UDL is not set
 # CONFIG_FB_IBM_GXT4500 is not set
 # CONFIG_FB_VIRTUAL is not set
 CONFIG_XEN_FBDEV_FRONTEND=m
@@ -6519,7 +6522,7 @@ CONFIG_HYPERV_BALLOON=m
 # Xen driver support
 #
 CONFIG_XEN_BALLOON=y
-# CONFIG_XEN_SELFBALLOONING is not set
+CONFIG_XEN_SELFBALLOONING=y
 CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y
 CONFIG_XEN_BALLOON_MEMORY_HOTPLUG_LIMIT=512
 CONFIG_XEN_SCRUB_PAGES=y
@@ -6538,7 +6541,7 @@ CONFIG_XEN_PCIDEV_BACKEND=m
 CONFIG_XEN_SCSI_BACKEND=m
 CONFIG_XEN_PRIVCMD=m
 CONFIG_XEN_ACPI_PROCESSOR=m
-# CONFIG_XEN_MCE_LOG is not set
+CONFIG_XEN_MCE_LOG=y
 CONFIG_XEN_HAVE_PVMMU=y
 CONFIG_XEN_EFI=y
 CONFIG_XEN_AUTO_XLATE=y
@@ -8110,9 +8113,9 @@ CONFIG_OPTIMIZE_INLINING=y
 # CONFIG_DEBUG_NMI_SELFTEST is not set
 # CONFIG_X86_DEBUG_FPU is not set
 # CONFIG_PUNIT_ATOM_DEBUG is not set
-# CONFIG_FRAME_POINTER_UNWINDER is not set
-CONFIG_ORC_UNWINDER=y
-# CONFIG_GUESS_UNWINDER is not set
+CONFIG_UNWINDER_ORC=y
+# CONFIG_UNWINDER_FRAME_POINTER is not set
+# CONFIG_UNWINDER_GUESS is not set
 
 #
 # Security options
@@ -8129,6 +8132,7 @@ CONFIG_SECURITY=y
 # CONFIG_SECURITY_WRITABLE_HOOKS is not set
 CONFIG_SECURITYFS=y
 # CONFIG_SECURITY_NETWORK is not set
+CONFIG_PAGE_TABLE_ISOLATION=y
 # CONFIG_SECURITY_INFINIBAND is not set
 # CONFIG_SECURITY_PATH is not set
 # CONFIG_INTEL_TXT is not set