From 6e78244d81f1a1cbf126609514e35ef6d4545277 Mon Sep 17 00:00:00 2001 From: Alexander Miroshnichenko Date: Sun, 8 Aug 2021 09:03:38 +0300 Subject: [PATCH] sys-kernel/hardened-kernel: update kernel config --- sys-kernel/hardened-kernel/Manifest | 4 +- .../files/linux-5.10.amd64.config | 184 +++++++++++++++--- 2 files changed, 158 insertions(+), 30 deletions(-) diff --git a/sys-kernel/hardened-kernel/Manifest b/sys-kernel/hardened-kernel/Manifest index 8796240..05ba508 100644 --- a/sys-kernel/hardened-kernel/Manifest +++ b/sys-kernel/hardened-kernel/Manifest @@ -1,4 +1,6 @@ -AUX linux-5.10.amd64.config 151968 BLAKE2B f689ece491a4259d88e4df4e48a2b7efcd311b30fb48b49b432d63ccb51f20db4e5888aa12a88f622126d0816d0e8cd61896642e9cd2d57f07c725fbd3d36f36 SHA512 babe48cd5700d157bd3c45a4dfb9e6390d8c30bd644060289eb5a5991a9e573041b2d1ad80967ee5a7da73c2dfe9321109031e438111b847789f4db469ad4efe +AUX linux-5.10.amd64.config 155589 BLAKE2B ef1391746d600c12a7b60acde77b25f438e1332302c63b4726a0641e2bd61e7972f4a79007104a2b9e2858d7ecd73a340c1b7a9306338190819fa76e2bffb968 SHA512 7e8d50138cb1709635684fded3229b19135f854dddc36fc8e2dbdec2d4ad6d4cfc81b637e3307f29ed55fe781492a7a78c41ad716b4b5db8f301dafcf588415f +AUX linux-5.10/402-ath_regd_optional.patch 2220 BLAKE2B 34f749118fc101ad4d861b8d47db372f6e82f72555044bf8ba76c1126a924458632b8e5b455b2b6059646feace8c6d46d6f61cd935717984e4732f6760c29762 SHA512 85eddbe6fbd562e7af19b5430858f0186b2d676f7ebfddb92b7be309f7a7775d072cb77882a7a890fcc6e86aa361655ec8926029cc2adc97fd01369f9c6f3c5b +AUX linux-5.10/405-ath_regd_us.patch 947 BLAKE2B 6e01fccaf9ca1627309f01465e1dd7963e816174e43c9c1490d1b369a59db038b2cb513378ce2b3522608ee14e9be03b2588a9fe556b0704b3f8d40af5878596 SHA512 63d3ac537eb296de7de0d1d8aa566f7830431864254c28819cc0bb8551a58a94f9917c0193d9123169b05c1ec84d35e4c9a5db246b7cc97a9447647eb9fb607f AUX linux-5.10/beacon_timeout.patch 4047 BLAKE2B b182c326d5d750bec5f73b263124323f10fd452c839d540f21caa7fff46ffa0acb90433bece36efc29056362090cc2512ad116c135402056db557b601e41ab26 SHA512 3dd7e7b83b451ccfbb6285ea04ebcc11f6f1b08c6c676baba7942aa87f62e7118d4e4ad23fa4ddecf61968af5904084a7091712b6a67044b238f2a3f24a4701b DIST genpatches-4.19-124.base.tar.xz 3482680 BLAKE2B e8716be023f6512fb4613fab11a6ecf6472dd738cdb63669cfc6573e70030bfc5d3374c18672661867dd584d621cffdced21403a337af40b2428ff6703b6aa53 SHA512 dde38efe4b8e413b0aa1380c3fc4284b153b048a38cb8e05fdec34c14588d3e60092a20d247195389ceace0dc9e353caacaf9573c75a2327b4667dcad90c15fa DIST genpatches-4.19-124.extras.tar.xz 17516 BLAKE2B 1c7db2f9f888a9becf0dd891a3f9980431419af50552a4cda06c51f1a7b5d923698d6ce625c619b73386a300438f858a551ca53adc2a5bc110d6eda2a575a22d SHA512 4f29e993be982e272205c6d57e1828e7cc837abbde4a1e7b59e6b20eac648315bec135338b8f6e33df2b49d81e855a9f5c7eeebf6238fa8bc3bbd2215c324eff diff --git a/sys-kernel/hardened-kernel/files/linux-5.10.amd64.config b/sys-kernel/hardened-kernel/files/linux-5.10.amd64.config index 3cdf8fb..6614413 100644 --- a/sys-kernel/hardened-kernel/files/linux-5.10.amd64.config +++ b/sys-kernel/hardened-kernel/files/linux-5.10.amd64.config @@ -213,7 +213,7 @@ CONFIG_HAVE_UID16=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_HAVE_PCSPKR_PLATFORM=y CONFIG_BPF=y -# CONFIG_EXPERT is not set +CONFIG_EXPERT=y CONFIG_UID16=y CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y @@ -252,8 +252,10 @@ CONFIG_USERMODE_DRIVER=y CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y CONFIG_KCMP=y CONFIG_RSEQ=y +# CONFIG_DEBUG_RSEQ is not set # CONFIG_EMBEDDED is not set CONFIG_HAVE_PERF_EVENTS=y +# CONFIG_PC104 is not set # # Kernel Performance Events And Counters @@ -264,9 +266,11 @@ CONFIG_PERF_EVENTS=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_MEMCG_SYSFS_ON is not set # CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y +# CONFIG_SLOB is not set # CONFIG_SLAB_MERGE_DEFAULT is not set CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLAB_FREELIST_HARDENED=y @@ -362,6 +366,7 @@ CONFIG_X86_MINIMUM_CPU_FAMILY=64 CONFIG_X86_DEBUGCTLMSR=y CONFIG_IA32_FEAT_CTL=y CONFIG_X86_VMX_FEATURE_NAMES=y +# CONFIG_PROCESSOR_SELECT is not set CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_HYGON=y @@ -490,6 +495,7 @@ CONFIG_ARCH_ENABLE_THP_MIGRATION=y CONFIG_ARCH_HIBERNATION_HEADER=y CONFIG_SUSPEND=y CONFIG_SUSPEND_FREEZER=y +# CONFIG_SUSPEND_SKIP_SYNC is not set CONFIG_HIBERNATE_CALLBACKS=y CONFIG_HIBERNATION=y CONFIG_HIBERNATION_SNAPSHOT_DEV=y @@ -542,6 +548,7 @@ CONFIG_ACPI_SBS=m CONFIG_ACPI_HED=y # CONFIG_ACPI_CUSTOM_METHOD is not set CONFIG_ACPI_BGRT=y +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set # CONFIG_ACPI_NFIT is not set CONFIG_ACPI_NUMA=y # CONFIG_ACPI_HMAT is not set @@ -615,6 +622,8 @@ CONFIG_INTEL_IDLE=y CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y CONFIG_MMCONF_FAM10H=y +# CONFIG_PCI_CNB20LE_QUIRK is not set +# CONFIG_ISA_BUS is not set CONFIG_ISA_DMA_API=y CONFIG_AMD_NB=y CONFIG_X86_SYSFB=y @@ -691,6 +700,7 @@ CONFIG_HAVE_KVM_NO_POLL=y CONFIG_KVM_XFER_TO_GUEST_WORK=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m +CONFIG_KVM_WERROR=y CONFIG_KVM_INTEL=m CONFIG_KVM_AMD=m # CONFIG_KVM_MMU_AUDIT is not set @@ -810,6 +820,7 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y CONFIG_GCC_PLUGIN_RANDSTRUCT=y CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE=y @@ -1013,7 +1024,6 @@ CONFIG_ARCH_HAS_PTE_SPECIAL=y # end of Memory Management options CONFIG_NET=y -CONFIG_COMPAT_NETLINK_MESSAGES=y CONFIG_NET_INGRESS=y CONFIG_NET_EGRESS=y CONFIG_SKB_EXTENSIONS=y @@ -1628,17 +1638,19 @@ CONFIG_AF_RXRPC=m CONFIG_STREAM_PARSER=y CONFIG_FIB_RULES=y CONFIG_WIRELESS=y -CONFIG_WEXT_CORE=y -CONFIG_WEXT_PROC=y CONFIG_CFG80211=m # CONFIG_NL80211_TESTMODE is not set # CONFIG_CFG80211_DEVELOPER_WARNINGS is not set +CONFIG_CFG80211_CERTIFICATION_ONUS=y CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y -CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS=y +# CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS is not set +CONFIG_CFG80211_EXTRA_REGDB_KEYDIR="" +CONFIG_CFG80211_REG_CELLULAR_HINTS=y +CONFIG_CFG80211_REG_RELAX_NO_IR=y CONFIG_CFG80211_DEFAULT_PS=y # CONFIG_CFG80211_DEBUGFS is not set CONFIG_CFG80211_CRDA_SUPPORT=y -CONFIG_CFG80211_WEXT=y +# CONFIG_CFG80211_WEXT is not set CONFIG_MAC80211=m CONFIG_MAC80211_HAS_RC=y CONFIG_MAC80211_RC_MINSTREL=y @@ -1653,7 +1665,7 @@ CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 # CONFIG_WIMAX is not set CONFIG_RFKILL=m CONFIG_RFKILL_LEDS=y -CONFIG_RFKILL_INPUT=y +# CONFIG_RFKILL_INPUT is not set # CONFIG_NET_9P is not set # CONFIG_CAIF is not set # CONFIG_CEPH_LIB is not set @@ -1704,6 +1716,11 @@ CONFIG_PCI_PRI=y CONFIG_PCI_PASID=y # CONFIG_PCI_P2PDMA is not set CONFIG_PCI_LABEL=y +# CONFIG_PCIE_BUS_TUNE_OFF is not set +CONFIG_PCIE_BUS_DEFAULT=y +# CONFIG_PCIE_BUS_SAFE is not set +# CONFIG_PCIE_BUS_PERFORMANCE is not set +# CONFIG_PCIE_BUS_PEER2PEER is not set CONFIG_HOTPLUG_PCI=y CONFIG_HOTPLUG_PCI_ACPI=y CONFIG_HOTPLUG_PCI_ACPI_IBM=m @@ -2324,27 +2341,18 @@ CONFIG_USB_NET_RNDIS_HOST=m # CONFIG_USB_NET_CH9200 is not set # CONFIG_USB_NET_AQC111 is not set CONFIG_WLAN=y +# CONFIG_WIRELESS_WDS is not set # CONFIG_WLAN_VENDOR_ADMTEK is not set CONFIG_ATH_COMMON=m CONFIG_WLAN_VENDOR_ATH=y +CONFIG_ATH_USER_REGD=y # CONFIG_ATH_DEBUG is not set +CONFIG_ATH_REG_DYNAMIC_USER_REG_HINTS=y +# CONFIG_ATH_REG_DYNAMIC_USER_CERT_TESTING is not set # CONFIG_ATH5K is not set # CONFIG_ATH5K_PCI is not set -CONFIG_ATH9K_HW=m -CONFIG_ATH9K_COMMON=m -CONFIG_ATH9K_BTCOEX_SUPPORT=y -CONFIG_ATH9K=m -CONFIG_ATH9K_PCI=y -CONFIG_ATH9K_AHB=y -# CONFIG_ATH9K_DEBUGFS is not set -CONFIG_ATH9K_DYNACK=y -# CONFIG_ATH9K_WOW is not set -CONFIG_ATH9K_RFKILL=y -CONFIG_ATH9K_CHANNEL_CONTEXT=y -CONFIG_ATH9K_PCOEM=y -CONFIG_ATH9K_PCI_NO_EEPROM=m +# CONFIG_ATH9K is not set # CONFIG_ATH9K_HTC is not set -CONFIG_ATH9K_HWRNG=y # CONFIG_CARL9170 is not set # CONFIG_ATH6KL is not set # CONFIG_AR5523 is not set @@ -2355,9 +2363,9 @@ CONFIG_ATH10K_PCI=m # CONFIG_ATH10K_SDIO is not set # CONFIG_ATH10K_USB is not set # CONFIG_ATH10K_DEBUG is not set -CONFIG_ATH10K_DEBUGFS=y -CONFIG_ATH10K_SPECTRAL=y +# CONFIG_ATH10K_DEBUGFS is not set # CONFIG_ATH10K_TRACING is not set +CONFIG_ATH10K_DFS_CERTIFIED=y # CONFIG_WCN36XX is not set # CONFIG_ATH11K is not set # CONFIG_WLAN_VENDOR_ATMEL is not set @@ -2379,7 +2387,7 @@ CONFIG_IWLWIFI_BCAST_FILTERING=y # Debugging Options # # CONFIG_IWLWIFI_DEBUG is not set -CONFIG_IWLWIFI_DEVICE_TRACING=y +# CONFIG_IWLWIFI_DEVICE_TRACING is not set # end of Debugging Options # CONFIG_WLAN_VENDOR_INTERSIL is not set @@ -2624,6 +2632,7 @@ CONFIG_SERIAL_CORE_CONSOLE=y # CONFIG_TRACE_SINK is not set CONFIG_HVC_DRIVER=y # CONFIG_SERIAL_DEV_BUS is not set +# CONFIG_TTY_PRINTK is not set CONFIG_VIRTIO_CONSOLE=m # CONFIG_IPMI_HANDLER is not set CONFIG_HW_RANDOM=y @@ -3313,19 +3322,106 @@ CONFIG_VIDEOBUF2_MEMOPS=m CONFIG_VIDEOBUF2_VMALLOC=m # end of Media drivers -CONFIG_MEDIA_HIDE_ANCILLARY_SUBDRV=y - # # Media ancillary drivers # # -# audio, video and radio I2C drivers auto-selected by 'Autoselect ancillary drivers' +# Audio decoders, processors and mixers # +# CONFIG_VIDEO_TVAUDIO is not set +# CONFIG_VIDEO_TDA7432 is not set +# CONFIG_VIDEO_TDA9840 is not set +# CONFIG_VIDEO_TEA6415C is not set +# CONFIG_VIDEO_TEA6420 is not set +# CONFIG_VIDEO_MSP3400 is not set +# CONFIG_VIDEO_CS3308 is not set +# CONFIG_VIDEO_CS5345 is not set +# CONFIG_VIDEO_CS53L32A is not set +# CONFIG_VIDEO_TLV320AIC23B is not set +# CONFIG_VIDEO_UDA1342 is not set +# CONFIG_VIDEO_WM8775 is not set +# CONFIG_VIDEO_WM8739 is not set +# CONFIG_VIDEO_VP27SMPX is not set +# CONFIG_VIDEO_SONY_BTF_MPX is not set +# end of Audio decoders, processors and mixers + +# +# RDS decoders +# +# CONFIG_VIDEO_SAA6588 is not set +# end of RDS decoders + +# +# Video decoders +# +# CONFIG_VIDEO_ADV7183 is not set +# CONFIG_VIDEO_ADV7842 is not set +# CONFIG_VIDEO_BT819 is not set +# CONFIG_VIDEO_BT856 is not set +# CONFIG_VIDEO_BT866 is not set +# CONFIG_VIDEO_KS0127 is not set +# CONFIG_VIDEO_ML86V7667 is not set +# CONFIG_VIDEO_SAA7110 is not set +# CONFIG_VIDEO_SAA711X is not set +# CONFIG_VIDEO_TC358743 is not set +# CONFIG_VIDEO_TVP514X is not set +# CONFIG_VIDEO_TVP5150 is not set +# CONFIG_VIDEO_TVP7002 is not set +# CONFIG_VIDEO_TW2804 is not set +# CONFIG_VIDEO_TW9903 is not set +# CONFIG_VIDEO_TW9906 is not set +# CONFIG_VIDEO_TW9910 is not set +# CONFIG_VIDEO_VPX3220 is not set # # Video and audio decoders # +# CONFIG_VIDEO_SAA717X is not set +# CONFIG_VIDEO_CX25840 is not set +# end of Video decoders + +# +# Video encoders +# +# CONFIG_VIDEO_SAA7127 is not set +# CONFIG_VIDEO_SAA7185 is not set +# CONFIG_VIDEO_ADV7170 is not set +# CONFIG_VIDEO_ADV7175 is not set +# CONFIG_VIDEO_ADV7343 is not set +# CONFIG_VIDEO_ADV7393 is not set +# CONFIG_VIDEO_ADV7511 is not set +# CONFIG_VIDEO_AD9389B is not set +# CONFIG_VIDEO_AK881X is not set +# CONFIG_VIDEO_THS8200 is not set +# end of Video encoders + +# +# Video improvement chips +# +# CONFIG_VIDEO_UPD64031A is not set +# CONFIG_VIDEO_UPD64083 is not set +# end of Video improvement chips + +# +# Audio/Video compression chips +# +# CONFIG_VIDEO_SAA6752HS is not set +# end of Audio/Video compression chips + +# +# SDR tuner chips +# +# end of SDR tuner chips + +# +# Miscellaneous helper chips +# +# CONFIG_VIDEO_THS7303 is not set +# CONFIG_VIDEO_M52790 is not set +# CONFIG_VIDEO_I2C is not set +# CONFIG_VIDEO_ST_MIPID02 is not set +# end of Miscellaneous helper chips # # Camera sensor devices @@ -3397,8 +3493,10 @@ CONFIG_MEDIA_HIDE_ANCILLARY_SUBDRV=y # end of Flash devices # -# SPI I2C drivers auto-selected by 'Autoselect ancillary drivers' +# SPI helper chips # +# CONFIG_VIDEO_GS1662 is not set +# end of SPI helper chips # # Media SPI Adapters @@ -3424,8 +3522,10 @@ CONFIG_DRM_MIPI_DSI=y # CONFIG_DRM_DEBUG_SELFTEST is not set CONFIG_DRM_KMS_HELPER=m CONFIG_DRM_KMS_FB_HELPER=y +# CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set CONFIG_DRM_FBDEV_EMULATION=y CONFIG_DRM_FBDEV_OVERALLOC=100 +# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set # CONFIG_DRM_LOAD_EDID_FIRMWARE is not set CONFIG_DRM_DP_CEC=y CONFIG_DRM_TTM=m @@ -3486,6 +3586,25 @@ CONFIG_DRM_I915_CAPTURE_ERROR=y CONFIG_DRM_I915_COMPRESS_ERROR=y CONFIG_DRM_I915_USERPTR=y CONFIG_DRM_I915_GVT=y + +# +# drm/i915 Debugging +# +# CONFIG_DRM_I915_WERROR is not set +# CONFIG_DRM_I915_DEBUG is not set +# CONFIG_DRM_I915_DEBUG_MMIO is not set +# CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS is not set +# CONFIG_DRM_I915_SW_FENCE_CHECK_DAG is not set +# CONFIG_DRM_I915_DEBUG_GUC is not set +# CONFIG_DRM_I915_SELFTEST is not set +# CONFIG_DRM_I915_LOW_LEVEL_TRACEPOINTS is not set +# CONFIG_DRM_I915_DEBUG_VBLANK_EVADE is not set +# CONFIG_DRM_I915_DEBUG_RUNTIME_PM is not set +# end of drm/i915 Debugging + +# +# drm/i915 Profile Guided Optimisation +# CONFIG_DRM_I915_FENCE_TIMEOUT=10000 CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND=250 CONFIG_DRM_I915_HEARTBEAT_INTERVAL=2500 @@ -3493,6 +3612,8 @@ CONFIG_DRM_I915_PREEMPT_TIMEOUT=640 CONFIG_DRM_I915_MAX_REQUEST_BUSYWAIT=8000 CONFIG_DRM_I915_STOP_TIMEOUT=100 CONFIG_DRM_I915_TIMESLICE_DURATION=1 +# end of drm/i915 Profile Guided Optimisation + CONFIG_DRM_VGEM=m CONFIG_DRM_VKMS=m # CONFIG_DRM_VMWGFX is not set @@ -3575,6 +3696,7 @@ CONFIG_FB_EFI=y # CONFIG_FB_RIVA is not set # CONFIG_FB_I740 is not set # CONFIG_FB_LE80578 is not set +# CONFIG_FB_INTEL is not set # CONFIG_FB_MATROX is not set # CONFIG_FB_RADEON is not set # CONFIG_FB_ATY128 is not set @@ -5094,7 +5216,9 @@ CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y # CONFIG_HARDENED_USERCOPY_FALLBACK is not set +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_FORTIFY_SOURCE=y +# CONFIG_FORTIFY_SOURCE_STRICT_STRING is not set # CONFIG_STATIC_USERMODEHELPER is not set CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SELINUX_BOOTPARAM is not set @@ -5533,6 +5657,7 @@ CONFIG_FRAME_WARN=2048 # CONFIG_HEADERS_INSTALL is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set CONFIG_SECTION_MISMATCH_WARN_ONLY=y +# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_32B is not set # CONFIG_DEBUG_WRITABLE_FUNCTION_POINTERS_VERBOSE is not set CONFIG_STACK_VALIDATION=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set @@ -5587,7 +5712,7 @@ CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y # CONFIG_DEBUG_VM_PGTABLE is not set CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y CONFIG_DEBUG_VIRTUAL=y -CONFIG_DEBUG_MEMORY_INIT=y +# CONFIG_DEBUG_MEMORY_INIT is not set # CONFIG_DEBUG_PER_CPU_MAPS is not set CONFIG_HAVE_ARCH_KASAN=y CONFIG_HAVE_ARCH_KASAN_VMALLOC=y @@ -5767,6 +5892,7 @@ CONFIG_IO_DELAY_NONE=y # CONFIG_PUNIT_ATOM_DEBUG is not set CONFIG_UNWINDER_ORC=y # CONFIG_UNWINDER_FRAME_POINTER is not set +# CONFIG_UNWINDER_GUESS is not set # end of x86 Debugging #