diff options
author | dysphoria | 2018-01-21 23:30:17 +0000 |
---|---|---|
committer | dysphoria | 2018-01-21 23:30:17 +0000 |
commit | 1cbdb8852013428db22f9abe33850bd3d97e2c42 (patch) | |
tree | 06d04fe991f5cbb903aee72afda22cae873f8821 | |
parent | 2e720f6807cf1055d2365d5c859f66b58e5f09ad (diff) | |
download | aur-1cbdb8852013428db22f9abe33850bd3d97e2c42.tar.gz |
[upd] bump to latest
-rw-r--r-- | .SRCINFO | 26 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 17 | ||||
-rw-r--r-- | 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 57 | ||||
-rw-r--r-- | 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 | ||||
-rw-r--r-- | 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 42 | ||||
-rw-r--r-- | PKGBUILD | 27 | ||||
-rw-r--r-- | config | 30 |
7 files changed, 213 insertions, 35 deletions
@@ -1,7 +1,7 @@ # Generated by mksrcinfo v8 -# Wed Dec 13 14:37:04 UTC 2017 +# Sun Jan 21 23:29:57 UTC 2018 pkgbase = linux-tomoyo - pkgver = 4.14.5 + pkgver = 4.14.14 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -14,22 +14,28 @@ pkgbase = linux-tomoyo options = !strip source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.5.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.5.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.14.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.14.sign source = config source = 60-linux.hook source = 90-linux.hook source = linux.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + source = 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + source = 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 sha256sums = SKIP - sha256sums = d86eb2fd1c424fec9fbb12afacf7b783756651f5d7d0cf7ac71c3fbbbedddc9c + sha256sums = 62d656b98f0dc143216cb9650bd9b96cd83d92925731e9f0bec5eb4d6358e603 sha256sums = SKIP - sha256sums = bfde21c325d39013463c38e9fa23d6d6481238b8509eea4ae38906127017e47d + sha256sums = edaf7bebcaf3032e3bf15353e0773e39872c73fc024ca4d23383195a13745b2e sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 - sha256sums = 37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85 + sha256sums = 36b1118c8dedadc4851150ddd4eb07b1c58ac5bbf3022cc2501a27c2b476da98 + sha256sums = 5694022613bb49a77d3dfafdd2e635e9015e0a9069c58a07e99bdc5df6520311 + sha256sums = 2f46093fde72eabc0fd25eff5065d780619fc5e7d2143d048877a8220d6291b0 + sha256sums = 6364edabad4182dcf148ae7c14d8f45d61037d4539e76486f978f1af3a090794 pkgname = linux-tomoyo pkgdesc = The Linux kernel with TOMOYO configuration @@ -39,14 +45,14 @@ pkgname = linux-tomoyo depends = kmod depends = mkinitcpio>=0.7 optdepends = crda: to set the correct wireless channels of your country - provides = linux-tomoyo=4.14.5 + provides = linux-tomoyo=4.14.14 backup = etc/mkinitcpio.d/linux-tomoyo.preset pkgname = linux-tomoyo-headers pkgdesc = Header files and scripts for building modules for Linux-tomoyo kernel - provides = linux-tomoyo-headers=4.14.5 + provides = linux-tomoyo-headers=4.14.14 pkgname = linux-tomoyo-docs pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-tomoyo kernel - provides = linux-tomoyo-docs=4.14.5 + provides = linux-tomoyo-docs=4.14.14 diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index 29582c2bf608..a989d666aa76 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,8 +1,9 @@ -From 5ec2dd3a095442ec1a21d86042a4994f2ba24e63 Mon Sep 17 00:00:00 2001 -Message-Id: <5ec2dd3a095442ec1a21d86042a4994f2ba24e63.1512651251.git.jan.steffens@gmail.com> +From 4e54373158caa50df5402fdd3db1794c5394026b Mon Sep 17 00:00:00 2001 +Message-Id: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default +Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by + default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> [bwh: Remove unneeded binary sysctl bits] @@ -14,7 +15,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com> 3 files changed, 30 insertions(+) diff --git a/kernel/fork.c b/kernel/fork.c -index 07cc743698d3668e..4011d68a8ff9305c 100644 +index 500ce64517d9..35f5860958b4 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -102,6 +102,11 @@ @@ -29,7 +30,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644 /* * Minimum number of threads to boot the kernel -@@ -1555,6 +1560,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1554,6 +1559,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -40,7 +41,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2348,6 +2357,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -2347,6 +2356,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -54,7 +55,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index b86520ed3fb60fbf..f7dab3760839f1a1 100644 +index 56aca862c4f5..e8402ba393c1 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -105,6 +105,9 @@ extern int core_uses_pid; @@ -84,7 +85,7 @@ index b86520ed3fb60fbf..f7dab3760839f1a1 100644 { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index c490f1e4313b998a..dd03bd39d7bf194d 100644 +index c490f1e4313b..dd03bd39d7bf 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -24,6 +24,9 @@ diff --git a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch new file mode 100644 index 000000000000..da886c8a50f6 --- /dev/null +++ b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch @@ -0,0 +1,57 @@ +From 8514970bf07bd1cc522f50e882e0159a51a39264 Mon Sep 17 00:00:00 2001 +Message-Id: <8514970bf07bd1cc522f50e882e0159a51a39264.1516188238.git.jan.steffens@gmail.com> +In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> +References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> +From: Mohamed Ghannam <simo.ghannam@gmail.com> +Date: Tue, 5 Dec 2017 20:58:35 +0000 +Subject: [PATCH 2/4] dccp: CVE-2017-8824: use-after-free in DCCP code + +Whenever the sock object is in DCCP_CLOSED state, +dccp_disconnect() must free dccps_hc_tx_ccid and +dccps_hc_rx_ccid and set to NULL. + +Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com> +Reviewed-by: Eric Dumazet <edumazet@google.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/dccp/proto.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/dccp/proto.c b/net/dccp/proto.c +index b68168fcc06a..9d43c1f40274 100644 +--- a/net/dccp/proto.c ++++ b/net/dccp/proto.c +@@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags) + { + struct inet_connection_sock *icsk = inet_csk(sk); + struct inet_sock *inet = inet_sk(sk); ++ struct dccp_sock *dp = dccp_sk(sk); + int err = 0; + const int old_state = sk->sk_state; + + if (old_state != DCCP_CLOSED) + dccp_set_state(sk, DCCP_CLOSED); + + /* + * This corresponds to the ABORT function of RFC793, sec. 3.8 + * TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted". + */ + if (old_state == DCCP_LISTEN) { + inet_csk_listen_stop(sk); + } else if (dccp_need_reset(old_state)) { + dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED); + sk->sk_err = ECONNRESET; + } else if (old_state == DCCP_REQUESTING) + sk->sk_err = ECONNRESET; + + dccp_clear_xmit_timers(sk); ++ ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); ++ ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); ++ dp->dccps_hc_rx_ccid = NULL; ++ dp->dccps_hc_tx_ccid = NULL; + + __skb_queue_purge(&sk->sk_receive_queue); + __skb_queue_purge(&sk->sk_write_queue); +-- +2.15.1 + diff --git a/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch new file mode 100644 index 000000000000..8a3ea3008a14 --- /dev/null +++ b/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch @@ -0,0 +1,49 @@ +From c9c8995fc83b476fdf3fc0c4b498feef2949ec75 Mon Sep 17 00:00:00 2001 +Message-Id: <c9c8995fc83b476fdf3fc0c4b498feef2949ec75.1516188238.git.jan.steffens@gmail.com> +In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> +References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Fri, 22 Dec 2017 10:44:57 +0100 +Subject: [PATCH 3/4] xfrm: Fix stack-out-of-bounds read on socket policy + lookup. + +When we do tunnel or beet mode, we pass saddr and daddr from the +template to xfrm_state_find(), this is ok. On transport mode, +we pass the addresses from the flowi, assuming that the IP +addresses (and address family) don't change during transformation. +This assumption is wrong in the IPv4 mapped IPv6 case, packet +is IPv4 and template is IPv6. + +Fix this by catching address family missmatches of the policy +and the flow already before we do the lookup. + +Reported-by: syzbot <syzkaller@googlegroups.com> +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/xfrm/xfrm_policy.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 6bc16bb61b55..50c5f46b5cca 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, + again: + pol = rcu_dereference(sk->sk_policy[dir]); + if (pol != NULL) { +- bool match = xfrm_selector_match(&pol->selector, fl, family); ++ bool match; + int err = 0; + ++ if (pol->family != family) { ++ pol = NULL; ++ goto out; ++ } ++ ++ match = xfrm_selector_match(&pol->selector, fl, family); + if (match) { + if ((sk->sk_mark & pol->mark.m) != pol->mark.v) { + pol = NULL; +-- +2.15.1 + diff --git a/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch new file mode 100644 index 000000000000..f77c9b5c12c4 --- /dev/null +++ b/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -0,0 +1,42 @@ +From e722c8d112f0aa9621d7d4da5223cfc7aeb45e88 Mon Sep 17 00:00:00 2001 +Message-Id: <e722c8d112f0aa9621d7d4da5223cfc7aeb45e88.1516188238.git.jan.steffens@gmail.com> +In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> +References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> +From: Jim Bride <jim.bride@linux.intel.com> +Date: Mon, 6 Nov 2017 13:38:57 -0800 +Subject: [PATCH 4/4] drm/i915/edp: Only use the alternate fixed mode if it's + asked for + +In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for +eDP if available."), the patch allows for the use of an alternate fixed +mode if it is available, but the patch was not ensuring that the only +time the alternate mode is used is when it is specifically requested. +This patch adds an additional comparison to intel_edp_compare_alt_mode +to ensure that we only use the alternate mode if it is directly +requested. + +Fixes: dc911f5bd8aac ("Allow alternate fixed mode for eDP if available.") +Cc: David Weinehall <david.weinehall@linux.intel.com> +Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> +Signed-off-by: Jim Bride <jim.bride@linux.intel.com> +--- + drivers/gpu/drm/i915/intel_dp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c +index 09f274419eea..838cee312e8e 100644 +--- a/drivers/gpu/drm/i915/intel_dp.c ++++ b/drivers/gpu/drm/i915/intel_dp.c +@@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, + m1->vdisplay == m2->vdisplay && + m1->vsync_start == m2->vsync_start && + m1->vsync_end == m2->vsync_end && +- m1->vtotal == m2->vtotal); ++ m1->vtotal == m2->vtotal && ++ m1->vrefresh == m2->vrefresh); + return bres; + } + +-- +2.15.1 + @@ -7,7 +7,7 @@ pkgbase=linux-tomoyo _srcname=linux-4.14 -pkgver=4.14.5 +pkgver=4.14.14 pkgrel=1 arch=('x86_64') url="https://www.kernel.org/" @@ -26,17 +26,23 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" # standard config files for mkinitcpio ramdisk 'linux.preset' 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch ) sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'SKIP' - 'd86eb2fd1c424fec9fbb12afacf7b783756651f5d7d0cf7ac71c3fbbbedddc9c' + '62d656b98f0dc143216cb9650bd9b96cd83d92925731e9f0bec5eb4d6358e603' 'SKIP' - 'bfde21c325d39013463c38e9fa23d6d6481238b8509eea4ae38906127017e47d' + 'edaf7bebcaf3032e3bf15353e0773e39872c73fc024ca4d23383195a13745b2e' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85') + '36b1118c8dedadc4851150ddd4eb07b1c58ac5bbf3022cc2501a27c2b476da98' + '5694022613bb49a77d3dfafdd2e635e9015e0a9069c58a07e99bdc5df6520311' + '2f46093fde72eabc0fd25eff5065d780619fc5e7d2143d048877a8220d6291b0' + '6364edabad4182dcf148ae7c14d8f45d61037d4539e76486f978f1af3a090794') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman @@ -49,6 +55,7 @@ prepare() { # add upstream patch patch -p1 -i ../patch-${pkgver} + chmod +x tools/objtool/sync-check.sh # GNU patch doesn't support git-style file mode # security patches @@ -58,6 +65,15 @@ prepare() { # disable USER_NS for non-root users by default patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + # https://nvd.nist.gov/vuln/detail/CVE-2017-8824 + patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + + # https://bugs.archlinux.org/task/56605 + patch -Np1 -i ../0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + + # https://bugs.archlinux.org/task/56711 + patch -Np1 -i ../0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch + cp -Tf ../config .config # Enable TOMOYO Linux @@ -210,6 +226,9 @@ _package-headers() { # remove files already in linux-docs package rm -r "${_builddir}/Documentation" + # remove now broken symlinks + find -L "${_builddir}" -type l -printf 'Removing %P\n' -delete + # Fix permissions chmod -R u=rwX,go=rX "${_builddir}" @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.4-2 Kernel Configuration +# Linux/x86 4.14.14-1 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -262,6 +262,7 @@ CONFIG_OPROFILE_NMI_TIMER=y CONFIG_KPROBES=y CONFIG_JUMP_LABEL=y # CONFIG_STATIC_KEYS_SELFTEST is not set +CONFIG_OPTPROBES=y CONFIG_KPROBES_ON_FTRACE=y CONFIG_UPROBES=y # CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set @@ -342,6 +343,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y CONFIG_STRICT_KERNEL_RWX=y CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y CONFIG_STRICT_MODULE_RWX=y +CONFIG_ARCH_HAS_REFCOUNT=y # CONFIG_REFCOUNT_FULL is not set # @@ -447,6 +449,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y CONFIG_X86_X2APIC=y CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set +CONFIG_RETPOLINE=y CONFIG_INTEL_RDT=y # CONFIG_X86_EXTENDED_PLATFORM is not set CONFIG_X86_INTEL_LPSS=y @@ -1853,6 +1856,7 @@ CONFIG_DEV_COREDUMP=y CONFIG_SYS_HYPERVISOR=y # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=y CONFIG_REGMAP_SPI=y @@ -2242,7 +2246,7 @@ CONFIG_SCSI_HPTIOP=m CONFIG_SCSI_BUSLOGIC=m CONFIG_SCSI_FLASHPOINT=y CONFIG_VMWARE_PVSCSI=m -# CONFIG_XEN_SCSI_FRONTEND is not set +CONFIG_XEN_SCSI_FRONTEND=m CONFIG_HYPERV_STORAGE=m CONFIG_LIBFC=m CONFIG_LIBFCOE=m @@ -2252,8 +2256,8 @@ CONFIG_SCSI_SNIC=m # CONFIG_SCSI_SNIC_DEBUG_FS is not set CONFIG_SCSI_DMX3191D=m CONFIG_SCSI_EATA=m -# CONFIG_SCSI_EATA_TAGGED_QUEUE is not set -# CONFIG_SCSI_EATA_LINKED_COMMANDS is not set +CONFIG_SCSI_EATA_TAGGED_QUEUE=y +CONFIG_SCSI_EATA_LINKED_COMMANDS=y CONFIG_SCSI_EATA_MAX_TAGS=16 CONFIG_SCSI_FUTURE_DOMAIN=m CONFIG_SCSI_GDTH=m @@ -2286,7 +2290,7 @@ CONFIG_SCSI_LPFC=m CONFIG_SCSI_DC395x=m CONFIG_SCSI_AM53C974=m CONFIG_SCSI_WD719X=m -# CONFIG_SCSI_DEBUG is not set +CONFIG_SCSI_DEBUG=m CONFIG_SCSI_PMCRAID=m CONFIG_SCSI_PM8001=m CONFIG_SCSI_BFA_FC=m @@ -4023,8 +4027,7 @@ CONFIG_GPIO_PCI_IDIO_16=m CONFIG_GPIO_VIPERBOARD=m # CONFIG_W1 is not set CONFIG_POWER_AVS=y -CONFIG_POWER_RESET=y -# CONFIG_POWER_RESET_RESTART is not set +# CONFIG_POWER_RESET is not set CONFIG_POWER_SUPPLY=y # CONFIG_POWER_SUPPLY_DEBUG is not set CONFIG_PDA_POWER=m @@ -5324,7 +5327,7 @@ CONFIG_FB_EFI=y # CONFIG_FB_CARMINE is not set # CONFIG_FB_SM501 is not set # CONFIG_FB_SMSCUFX is not set -CONFIG_FB_UDL=m +# CONFIG_FB_UDL is not set # CONFIG_FB_IBM_GXT4500 is not set # CONFIG_FB_VIRTUAL is not set CONFIG_XEN_FBDEV_FRONTEND=m @@ -6519,7 +6522,7 @@ CONFIG_HYPERV_BALLOON=m # Xen driver support # CONFIG_XEN_BALLOON=y -# CONFIG_XEN_SELFBALLOONING is not set +CONFIG_XEN_SELFBALLOONING=y CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y CONFIG_XEN_BALLOON_MEMORY_HOTPLUG_LIMIT=512 CONFIG_XEN_SCRUB_PAGES=y @@ -6538,7 +6541,7 @@ CONFIG_XEN_PCIDEV_BACKEND=m CONFIG_XEN_SCSI_BACKEND=m CONFIG_XEN_PRIVCMD=m CONFIG_XEN_ACPI_PROCESSOR=m -# CONFIG_XEN_MCE_LOG is not set +CONFIG_XEN_MCE_LOG=y CONFIG_XEN_HAVE_PVMMU=y CONFIG_XEN_EFI=y CONFIG_XEN_AUTO_XLATE=y @@ -8110,9 +8113,9 @@ CONFIG_OPTIMIZE_INLINING=y # CONFIG_DEBUG_NMI_SELFTEST is not set # CONFIG_X86_DEBUG_FPU is not set # CONFIG_PUNIT_ATOM_DEBUG is not set -# CONFIG_FRAME_POINTER_UNWINDER is not set -CONFIG_ORC_UNWINDER=y -# CONFIG_GUESS_UNWINDER is not set +CONFIG_UNWINDER_ORC=y +# CONFIG_UNWINDER_FRAME_POINTER is not set +# CONFIG_UNWINDER_GUESS is not set # # Security options @@ -8129,6 +8132,7 @@ CONFIG_SECURITY=y # CONFIG_SECURITY_WRITABLE_HOOKS is not set CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set +CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_SECURITY_INFINIBAND is not set # CONFIG_SECURITY_PATH is not set # CONFIG_INTEL_TXT is not set |