[gentoo-commits] proj/linux-patches:master commit in: /

[Arisu Tachibana]

commit: d6d1aa21781eb08d6c15b8c5ff9f99f08af97350
Author: Arisu Tachibana  gentoo  org>
AuthorDate: Wed Oct  1 06:41:57 2025 +
Commit: Arisu Tachibana  gentoo  org>
CommitDate: Tue Dec  2 16:41:45 2025 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=d6d1aa21

Update CONFIG_GCC_PLUGIN_STACKLEAK to CONFIG_KSTACK_ERASE

Ref: https://lore.kernel.org/all/20250717232519.2984886-1-kees  kernel.org/
bug: #963589

Signed-off-by: Arisu Tachibana  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 298dc6ec..c34629a6 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -247,7 +247,7 @@
 +  depends on !X86_MSR && X86_64 && GENTOO_KERNEL_SELF_PROTECTION
 +  default n
 +  
-+  select GCC_PLUGIN_STACKLEAK
++  select KSTACK_ERASE if HAVE_ARCH_KSTACK_ERASE
 +  select X86_KERNEL_IBT if CC_HAS_IBT=y && HAVE_OBJTOOL=y && 
(!LD_IS_LLD=n || LLD_VERSION>=14) 
 +  select LEGACY_VSYSCALL_NONE
 +  select PAGE_TABLE_ISOLATION
@@ -273,7 +273,7 @@
 +  select ARM64_BTI_KERNEL if ( ARM64_BTI=y ) && ( ARM64_PTR_AUTH_KERNEL=y 
) && ( CC_HAS_BRANCH_PROT_PAC_RET_BTI=y ) && (CC_IS_GCC=n || GCC_VERSION >= 
100100 ) && (CC_IS_GCC=n ) && ((FUNCTION_GRAPH_TRACE=n || 
DYNAMIC_FTRACE_WITH_ARG=y ))
 +  select ARM64_SW_TTBR0_PAN
 +  select CONFIG_UNMAP_KERNEL_AT_EL0
-+  select GCC_PLUGIN_STACKLEAK
++  select KSTACK_ERASE if HAVE_ARCH_KSTACK_ERASE
 +  select KASAN_HW_TAGS if HAVE_ARCH_KASAN_HW_TAGS=y
 +  select RANDOMIZE_BASE
 +  select RELOCATABLE

[gentoo-commits] proj/linux-patches:master commit in: /

[Arisu Tachibana]

commit: bb77d14418ec5d9a89c07a21a18f52f23a50e06b
Author: Arisu Tachibana  gentoo  org>
AuthorDate: Fri Nov 14 07:42:08 2025 +
Commit: Arisu Tachibana  gentoo  org>
CommitDate: Tue Dec  2 16:42:14 2025 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=bb77d144

Update distro gentoo kconfig with KSPP updates

Signed-off-by: Arisu Tachibana  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 56 
 1 file changed, 40 insertions(+), 16 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index c34629a6..5543daa0 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,13 +1,39 @@
 a/Kconfig  2025-05-11 15:08:39.749096585 -0400
-+++ b/Kconfig  2025-05-11 15:09:02.490873859 -0400
+From 15772d7f271de72be9e954a37de4a820ceeeae92 Mon Sep 17 00:00:00 2001
+From: Arisu Tachibana 
+Date: Fri, 14 Nov 2025 17:09:23 +0900
+Subject: [PATCH] 4567_distro-Gentoo-Kconfig.patch
+
+Drop structleak gcc plugin
+Ref: 
https://github.com/torvalds/linux/commit/8530ea3c9b9747faba46ed3a59ad103b894f1189
+
+Drop ARCH_EPHEMERAL_INODES
+Ref: 
https://github.com/torvalds/linux/commit/74ce793bcbde5cef0f82d6ccb3c47cb651295a9a
+
+Switch to RANDSTRUCT_FULL
+
+Signed-off-by: Arisu Tachibana 
+---
+ Kconfig|   2 +
+ distro/Kconfig | 310 +
+ mm/Kconfig |   2 +
+ 3 files changed, 314 insertions(+)
+ create mode 100644 distro/Kconfig
+
+diff --git a/Kconfig b/Kconfig
+index 307e58114..91aa4be3d 100644
+--- a/Kconfig
 b/Kconfig
 @@ -32,3 +32,5 @@ source "lib/Kconfig.debug"
  source "Documentation/Kconfig"
  
  source "io_uring/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2024-05-05 10:40:37.10388 -0400
-+++ b/distro/Kconfig   2024-05-05 13:37:37.699554927 -0400
+diff --git a/distro/Kconfig b/distro/Kconfig
+new file mode 100644
+index 0..41797d8f8
+--- /dev/null
 b/distro/Kconfig
 @@ -0,0 +1,310 @@
 +menu "Gentoo Linux"
 +
@@ -185,10 +211,11 @@
 +config GENTOO_KERNEL_SELF_PROTECTION_COMMON
 +  bool "Enable Kernel Self Protection Project Recommendations"
 +
-+  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!X86_X32_ABI && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY 
&& !IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT && SECURITY && 
!ARCH_EPHEMERAL_INODES  && RANDSTRUCT_PERFORMANCE
++  depends on GENTOO_LINUX && !SLAB_MERGE_DEFAULT && !SLUB_TINY && 
!COMPAT_BRK && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32_ABI && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && 
!IOMMU_DEFAULT_DMA_LAZY && !IOMMU_DEFAULT_PASSTHROUGH && 
IOMMU_DEFAULT_DMA_STRICT && SECURITY
 +
 +  select BUG
 +  select STRICT_KERNEL_RWX
++  select DEBUG_VIRTUAL
 +  select DEBUG_WX
 +  select STACKPROTECTOR
 +  select STACKPROTECTOR_STRONG
@@ -199,7 +226,7 @@
 +  select DEBUG_NOTIFIERS
 +  select DEBUG_LIST
 +  select DEBUG_SG
-+  select HARDENED_USERCOPY if HAVE_HARDENED_USERCOPY_ALLOCATOR=y
++  select HARDENED_USERCOPY
 +  select KFENCE if HAVE_ARCH_KFENCE && (!SLAB || SLUB)
 +  select PAGE_TABLE_CHECK if ARCH_SUPPORTS_PAGE_TABLE_CHECK=y && 
EXCLUSIVE_SYSTEM_RAM=y  
 +  select PAGE_TABLE_CHECK_ENFORCED if PAGE_TABLE_CHECK=y
@@ -214,6 +241,7 @@
 +  select SECURITY_YAMA
 +  select SLAB_FREELIST_RANDOM
 +  select SLAB_FREELIST_HARDENED
++  select SLAB_BUCKETS
 +  select SHUFFLE_PAGE_ALLOCATOR
 +  select SLUB_DEBUG
 +  select UBSAN
@@ -230,10 +258,8 @@
 +  select SECURITY_DMESG_RESTRICT
 +  select PANIC_ON_OOPS
 +  select GCC_PLUGIN_LATENT_ENTROPY
-+  select GCC_PLUGIN_STRUCTLEAK
-+  select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
-+  select GCC_PLUGIN_RANDSTRUCT 
-+  select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
++  select GCC_PLUGIN_RANDSTRUCT
++  select RANDSTRUCT_FULL
 +  select ZERO_CALL_USED_REGS if CC_HAS_ZERO_CALL_USED_REGS
 +
 +  help
@@ -319,14 +345,11 @@
 +  See the settings that become available for more details and 
fine-tuning.
 +
 +endmenu
- mm/Kconfig | 2 ++
- 1 file changed, 2 insertions(+)
-
 diff --git a/mm/Kconfig b/mm/Kconfig
-index 24c045b24..e13fc740c 100644
+index e443fe8cd..cefe9f0cf 100644
 --- a/mm/Kconfig
 +++ b/mm/Kconfig
-@@ -321,6 +321,8 @@ config KSM
+@@ -753,6 +753,8 @@ config KSM
  config DEFAULT_MMAP_MIN_ADDR
int "Low address space to protect from user allocation"
depends on MMU
@@ -336,4 +359,5 @@ index 24c045b24..e13fc740c 100644
help
  This is the portion of low virtual memory which should be protected
 -- 
-2.31.1
+2.51.0
+

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 8ad43b89fd83b155d4375155fe999553efaa9704
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue May 27 20:01:15 2025 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue May 27 20:01:15 2025 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=8ad43b89

Fix typo RANDOM_KMALLOC_CACHE(S)

Bug: https://bugs.gentoo.org/956708

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 3016080a..298dc6ec 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -207,7 +207,7 @@
 +  select SECURITY_LANDLOCK
 +  select SCHED_CORE if SCHED_SMT
 +  select BUG_ON_DATA_CORRUPTION
-+  select RANDOM_KMALLOC_CACHE if SLUB_TINY=n
++  select RANDOM_KMALLOC_CACHES if SLUB_TINY=n
 +  select SCHED_STACK_END_CHECK
 +  select SECCOMP if HAVE_ARCH_SECCOMP
 +  select SECCOMP_FILTER if HAVE_ARCH_SECCOMP_FILTER

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 4d22cd24ec825388ef8b0dd320b2994064491536
Author: Mike Pagano  gentoo  org>
AuthorDate: Sun May 11 19:41:55 2025 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sun May 11 19:41:55 2025 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=4d22cd24

Update Gentoo Linux Distro Patch

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index c308dca8..3016080a 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,9 +1,9 @@
 a/Kconfig  2022-08-25 10:11:47.220973785 -0400
-+++ b/Kconfig  2022-08-25 10:11:56.997682513 -0400
-@@ -30,3 +30,5 @@ source "lib/Kconfig"
- source "lib/Kconfig.debug"
- 
+--- a/Kconfig  2025-05-11 15:08:39.749096585 -0400
 b/Kconfig  2025-05-11 15:09:02.490873859 -0400
+@@ -32,3 +32,5 @@ source "lib/Kconfig.debug"
  source "Documentation/Kconfig"
+ 
+ source "io_uring/Kconfig"
 +
 +source "distro/Kconfig"
 --- /dev/null  2024-05-05 10:40:37.10388 -0400

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 9a08d160ff7967c7d32ca5b1277e9c86260440f0
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Mar 25 18:48:28 2025 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Mar 25 18:48:28 2025 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=9a08d160

Fix ARM64 circular dependencies for KSPP setting

Bug: https://bugs.gentoo.org/952015

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 74e75c40..c308dca8 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -267,7 +267,7 @@
 +  select ARM64_BTI
 +  select ARM64_E0PD
 +  select ARM64_EPAN if ARM64_PAN=y
-+  select ARM64_MTE if (ARM64_AS_HAS_MTE=y && ARM64_TAGGED_ADDR_ABI=y ) && 
( AS_HAS_ARMV8_5=y ) && ( AS_HAS_LSE_ATOMICS=y ) && ( ARM64_PAN=y )
++  select ARM64_MTE if (ARM64_AS_HAS_MTE=y && ARM64_TAGGED_ADDR_ABI=y ) && 
( AS_HAS_ARMV8_5=y ) && ( AS_HAS_LSE_ATOMICS=y )
 +  select ARM64_PTR_AUTH
 +  select ARM64_PTR_AUTH_KERNEL if ( ARM64_PTR_AUTH=y ) && (( 
CC_HAS_SIGN_RETURN_ADDRESS=y || CC_HAS_BRANCH_PROT_PAC_RET=y ) && 
AS_HAS_ARMV8_3=y ) && ( LD_IS_LLD=y || LD_VERSION >= 23301 || ( CC_IS_GCC=y && 
GCC_VERSION < 90100 )) && (CC_IS_CLANG=n || AS_HAS_CFI_NEGATE_RA_STATE=y ) && 
((FUNCTION_GRAPH_TRACER=n || DYNAMIC_FTRACE_WITH_ARGS=y ))
 +  select ARM64_BTI_KERNEL if ( ARM64_BTI=y ) && ( ARM64_PTR_AUTH_KERNEL=y 
) && ( CC_HAS_BRANCH_PROT_PAC_RET_BTI=y ) && (CC_IS_GCC=n || GCC_VERSION >= 
100100 ) && (CC_IS_GCC=n ) && ((FUNCTION_GRAPH_TRACE=n || 
DYNAMIC_FTRACE_WITH_ARG=y ))

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 7847c71705cc92ba9e9b1d8728fa8692270170e8
Author: Mike Pagano  gentoo  org>
AuthorDate: Sat Nov 30 17:29:45 2024 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sat Nov 30 17:29:45 2024 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=7847c717

Fix case for X86_USER_SHADOW_STACK

Bug: https://bugs.gentoo.org/945481

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 87b8fa95..74e75c40 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -254,7 +254,7 @@
 +  select RANDOMIZE_BASE
 +  select RANDOMIZE_MEMORY
 +  select RELOCATABLE
-+  select X86_USER_SHADOW_STACK if AS_WRUSS=Y
++  select X86_USER_SHADOW_STACK if AS_WRUSS=y
 +  select VMAP_STACK
 +
 +

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: abbbd285be43f4a758e4cbaac9cf33c6bc74e32a
Author: Mike Pagano  gentoo  org>
AuthorDate: Sun May  5 17:54:13 2024 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sun May  5 17:54:13 2024 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=abbbd285

Update to KSPP patch

Bug: https://bugs.gentoo.org/930733

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 33 +
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 6134393f..87b8fa95 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2024-04-27 13:10:54.18827 -0400
-+++ b/distro/Kconfig   2024-04-27 17:56:56.723132353 -0400
-@@ -0,0 +1,295 @@
+--- /dev/null  2024-05-05 10:40:37.10388 -0400
 b/distro/Kconfig   2024-05-05 13:37:37.699554927 -0400
+@@ -0,0 +1,310 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -178,7 +178,7 @@
 +  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_COMMON and search for 
 +  GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
dependency information on your 
 +  specific architecture.
-+  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
++  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 +  for X86_64
 +
 +if GENTOO_KERNEL_SELF_PROTECTION
@@ -201,10 +201,13 @@
 +  select DEBUG_SG
 +  select HARDENED_USERCOPY if HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 +  select KFENCE if HAVE_ARCH_KFENCE && (!SLAB || SLUB)
++  select PAGE_TABLE_CHECK if ARCH_SUPPORTS_PAGE_TABLE_CHECK=y && 
EXCLUSIVE_SYSTEM_RAM=y  
++  select PAGE_TABLE_CHECK_ENFORCED if PAGE_TABLE_CHECK=y
 +  select RANDOMIZE_KSTACK_OFFSET_DEFAULT if 
HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET && (INIT_STACK_NONE || !CC_IS_CLANG || 
CLANG_VERSION>=14)
 +  select SECURITY_LANDLOCK
 +  select SCHED_CORE if SCHED_SMT
 +  select BUG_ON_DATA_CORRUPTION
++  select RANDOM_KMALLOC_CACHE if SLUB_TINY=n
 +  select SCHED_STACK_END_CHECK
 +  select SECCOMP if HAVE_ARCH_SECCOMP
 +  select SECCOMP_FILTER if HAVE_ARCH_SECCOMP_FILTER
@@ -245,11 +248,13 @@
 +  default n
 +  
 +  select GCC_PLUGIN_STACKLEAK
++  select X86_KERNEL_IBT if CC_HAS_IBT=y && HAVE_OBJTOOL=y && 
(!LD_IS_LLD=n || LLD_VERSION>=14) 
 +  select LEGACY_VSYSCALL_NONE
 +  select PAGE_TABLE_ISOLATION
 +  select RANDOMIZE_BASE
 +  select RANDOMIZE_MEMORY
 +  select RELOCATABLE
++  select X86_USER_SHADOW_STACK if AS_WRUSS=Y
 +  select VMAP_STACK
 +
 +
@@ -259,11 +264,21 @@
 +  depends on ARM64
 +  default n
 +
-+  select RANDOMIZE_BASE
-+  select RELOCATABLE
++  select ARM64_BTI
++  select ARM64_E0PD
++  select ARM64_EPAN if ARM64_PAN=y
++  select ARM64_MTE if (ARM64_AS_HAS_MTE=y && ARM64_TAGGED_ADDR_ABI=y ) && 
( AS_HAS_ARMV8_5=y ) && ( AS_HAS_LSE_ATOMICS=y ) && ( ARM64_PAN=y )
++  select ARM64_PTR_AUTH
++  select ARM64_PTR_AUTH_KERNEL if ( ARM64_PTR_AUTH=y ) && (( 
CC_HAS_SIGN_RETURN_ADDRESS=y || CC_HAS_BRANCH_PROT_PAC_RET=y ) && 
AS_HAS_ARMV8_3=y ) && ( LD_IS_LLD=y || LD_VERSION >= 23301 || ( CC_IS_GCC=y && 
GCC_VERSION < 90100 )) && (CC_IS_CLANG=n || AS_HAS_CFI_NEGATE_RA_STATE=y ) && 
((FUNCTION_GRAPH_TRACER=n || DYNAMIC_FTRACE_WITH_ARGS=y ))
++  select ARM64_BTI_KERNEL if ( ARM64_BTI=y ) && ( ARM64_PTR_AUTH_KERNEL=y 
) && ( CC_HAS_BRANCH_PROT_PAC_RET_BTI=y ) && (CC_IS_GCC=n || GCC_VERSION >= 
100100 ) && (CC_IS_GCC=n ) && ((FUNCTION_GRAPH_TRACE=n || 
DYNAMIC_FTRACE_WITH_ARG=y ))
 +  select ARM64_SW_TTBR0_PAN
 +  select CONFIG_UNMAP_KERNEL_AT_EL0
 +  select GCC_PLUGIN_STACKLEAK
++  select KASAN_HW_TAGS if HAVE_ARCH_KASAN_HW_TAGS=y
++  select RANDOMIZE_BASE
++  select RELOCATABLE
++  select SHADOW_CALL_STACK if ARCH_SUPPORTS_SHADOW_CALL_STACK=y && 
(DYNAMIC_FTRACE_WITH_ARGS=y || DYNAMIC_FTRACE_WITH_REGS=y || 
FUNCTION_GRAPH_TRACER=n) && MMU=y 
++  select UNWIND_PATCH_PAC_INTO_SCS if (CC_IS_CLANG=y && CLANG_VERSION >= 
CONFIG_15 ) && ( ARM64_PTR_AUTH_KERNEL=y && CC_HAS_BRANCH_PROT_PAC_RET=y ) 
&& ( SHADOW_CALL_STACK=y )
 +  select VMAP_STACK
 +
 +config GENTOO_KERNEL_SELF_PROTECTION_X86_32
@@ -304,12 +319,6 @@
 +  See the settings that become available for more details and 
fine-tuning.
 +
 +endmenu
-From bd3ff0b16792c18c0614c2b95e148943209f460a Mon Sep 17 00:00:00 2001
-From: Georgy Yakovlev 
-Date: Tue, 8 Jun 2021 13:59:57 -0700
-Subject: [PATCH 2/2] set DEFAULT_MMAP_MIN_ADDR by default
-

  mm/Kconfig | 2 ++
  1 file changed, 2 insertions(+)
 

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: f9505074541db86a09aaf77aeeb425f029565fcf
Author: Mike Pagano  gentoo  org>
AuthorDate: Sat Apr 27 22:01:28 2024 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sat Apr 27 22:01:28 2024 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f9505074

Add UBSAN_BOUNDS and UBSAN_SHIFT and dependencies

Bug: https://bugs.gentoo.org/930733

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index d215166c..6134393f 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2022-08-25 07:13:06.694086407 -0400
-+++ b/distro/Kconfig   2022-08-25 13:21:55.150660724 -0400
-@@ -0,0 +1,291 @@
+--- /dev/null  2024-04-27 13:10:54.18827 -0400
 b/distro/Kconfig   2024-04-27 17:56:56.723132353 -0400
+@@ -0,0 +1,295 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -213,6 +213,10 @@
 +  select SLAB_FREELIST_HARDENED
 +  select SHUFFLE_PAGE_ALLOCATOR
 +  select SLUB_DEBUG
++  select UBSAN
++  select CC_HAS_UBSAN_BOUNDS_STRICT if !CC_HAS_UBSAN_ARRAY_BOUNDS
++  select UBSAN_BOUNDS
++  select UBSAN_SHIFT
 +  select PAGE_POISONING
 +  select PAGE_POISONING_NO_SANITY
 +  select PAGE_POISONING_ZERO
@@ -300,9 +304,6 @@
 +  See the settings that become available for more details and 
fine-tuning.
 +
 +endmenu
--- 
-2.31.1
-
 From bd3ff0b16792c18c0614c2b95e148943209f460a Mon Sep 17 00:00:00 2001
 From: Georgy Yakovlev 
 Date: Tue, 8 Jun 2021 13:59:57 -0700
@@ -327,4 +328,3 @@ index 24c045b24..e13fc740c 100644
  This is the portion of low virtual memory which should be protected
 -- 
 2.31.1
-```

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: bde09f205a0b9250850fd1a723609b7ea3436ea6
Author: Mike Pagano  gentoo  org>
AuthorDate: Thu Oct  5 14:04:01 2023 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Thu Oct  5 14:04:01 2023 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=bde09f20

select BLK_DEV_BSG if SCSI as it depends on it.

Thanks, Ancient.

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index bd7b76ca..d215166c 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -122,7 +122,7 @@
 +  depends on GENTOO_LINUX && GENTOO_LINUX_UDEV
 +
 +  select AUTOFS_FS
-+  select BLK_DEV_BSG
++  select BLK_DEV_BSG if SCSI
 +  select BPF_SYSCALL
 +  select CGROUP_BPF
 +  select CGROUPS

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 204cbccbda0b1483452629f08d0395b2d8905695
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue May  9 12:31:07 2023 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue May  9 12:31:07 2023 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=204cbccb

Remove patch on security/selinux/Kconfig

As CONFIG_SECURITY_SELINUX_DISABLE was removed upstream,
remove our corresponding patch on it

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 12 
 1 file changed, 12 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 9cb1eb0c..bd7b76ca 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -300,18 +300,6 @@
 +  See the settings that become available for more details and 
fine-tuning.
 +
 +endmenu
-diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
-index 9e921fc72..f29bc13fa 100644
 a/security/selinux/Kconfig
-+++ b/security/selinux/Kconfig
-@@ -26,6 +26,7 @@ config SECURITY_SELINUX_BOOTPARAM
- config SECURITY_SELINUX_DISABLE
-   bool "NSA SELinux runtime disable"
-   depends on SECURITY_SELINUX
-+  depends on !GENTOO_KERNEL_SELF_PROTECTION
-   select SECURITY_WRITABLE_HOOKS
-   default n
-   help
 -- 
 2.31.1
 

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: b84e74389f380508dd001991e3969e18ff5dd101
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Mar 21 12:58:39 2023 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Mar 21 12:58:39 2023 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=b84e7438

Fix config change from X86_X32 to X86_X32_ABI

Thanks to Frank Limpert

Bug: https://bugs.gentoo.org/902443

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 9e0701dd..9cb1eb0c 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -185,7 +185,7 @@
 +config GENTOO_KERNEL_SELF_PROTECTION_COMMON
 +  bool "Enable Kernel Self Protection Project Recommendations"
 +
-+  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && 
!IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT && SECURITY && 
!ARCH_EPHEMERAL_INODES  && RANDSTRUCT_PERFORMANCE
++  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!X86_X32_ABI && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY 
&& !IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT && SECURITY && 
!ARCH_EPHEMERAL_INODES  && RANDSTRUCT_PERFORMANCE
 +
 +  select BUG
 +  select STRICT_KERNEL_RWX

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 27a3d3432243c1bd89ef3c68330f8d31da45ba34
Author: Mike Pagano  gentoo  org>
AuthorDate: Thu Aug 25 17:36:30 2022 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Thu Aug 25 17:36:30 2022 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=27a3d343

Add CONFIG_LANDLOCK to KSPP and RANDSTRUCT fix

Bug: https://bugs.gentoo.org/865685

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 21 +++--
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 0a380985..9e0701dd 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,14 +1,14 @@
 a/Kconfig  2022-05-11 13:20:07.110347567 -0400
-+++ b/Kconfig  2022-05-11 13:21:12.127174393 -0400
+--- a/Kconfig  2022-08-25 10:11:47.220973785 -0400
 b/Kconfig  2022-08-25 10:11:56.997682513 -0400
 @@ -30,3 +30,5 @@ source "lib/Kconfig"
  source "lib/Kconfig.debug"
  
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2022-05-10 13:47:17.750578524 -0400
-+++ b/distro/Kconfig   2022-05-11 13:21:20.540529032 -0400
-@@ -0,0 +1,290 @@
+--- /dev/null  2022-08-25 07:13:06.694086407 -0400
 b/distro/Kconfig   2022-08-25 13:21:55.150660724 -0400
+@@ -0,0 +1,291 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -185,7 +185,7 @@
 +config GENTOO_KERNEL_SELF_PROTECTION_COMMON
 +  bool "Enable Kernel Self Protection Project Recommendations"
 +
-+  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && 
!IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT
++  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && 
!IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT && SECURITY && 
!ARCH_EPHEMERAL_INODES  && RANDSTRUCT_PERFORMANCE
 +
 +  select BUG
 +  select STRICT_KERNEL_RWX
@@ -202,6 +202,7 @@
 +  select HARDENED_USERCOPY if HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 +  select KFENCE if HAVE_ARCH_KFENCE && (!SLAB || SLUB)
 +  select RANDOMIZE_KSTACK_OFFSET_DEFAULT if 
HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET && (INIT_STACK_NONE || !CC_IS_CLANG || 
CLANG_VERSION>=14)
++  select SECURITY_LANDLOCK
 +  select SCHED_CORE if SCHED_SMT
 +  select BUG_ON_DATA_CORRUPTION
 +  select SCHED_STACK_END_CHECK
@@ -224,7 +225,7 @@
 +  select GCC_PLUGIN_LATENT_ENTROPY
 +  select GCC_PLUGIN_STRUCTLEAK
 +  select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
-+  select GCC_PLUGIN_RANDSTRUCT
++  select GCC_PLUGIN_RANDSTRUCT 
 +  select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
 +  select ZERO_CALL_USED_REGS if CC_HAS_ZERO_CALL_USED_REGS
 +
@@ -239,12 +240,12 @@
 +  depends on !X86_MSR && X86_64 && GENTOO_KERNEL_SELF_PROTECTION
 +  default n
 +  
++  select GCC_PLUGIN_STACKLEAK
++  select LEGACY_VSYSCALL_NONE
++  select PAGE_TABLE_ISOLATION
 +  select RANDOMIZE_BASE
 +  select RANDOMIZE_MEMORY
 +  select RELOCATABLE
-+  select LEGACY_VSYSCALL_NONE
-+  select PAGE_TABLE_ISOLATION
-+  select GCC_PLUGIN_STACKLEAK
 +  select VMAP_STACK
 +
 +

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: f32ade173867b7a6b45de7079b73fd7acb623484
Author: Mike Pagano  gentoo  org>
AuthorDate: Mon Jun 27 19:21:35 2022 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Mon Jun 27 19:21:35 2022 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f32ade17

Remove references to HARDENED_USERCOPY_PAGESPAN

Removed from upstream

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 10 --
 1 file changed, 10 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 1efc0fba..0a380985 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -299,16 +299,6 @@
 +  See the settings that become available for more details and 
fine-tuning.
 +
 +endmenu
 a/security/Kconfig 2022-04-25 11:20:45.487213970 -0400
-+++ b/security/Kconfig 2022-04-25 11:22:02.514143999 -0400
-@@ -167,6 +167,7 @@ config HARDENED_USERCOPY_PAGESPAN
-   bool "Refuse to copy allocations that span multiple pages"
-   depends on HARDENED_USERCOPY
-   depends on BROKEN
-+  depends on !GENTOO_KERNEL_SELF_PROTECTION
-   help
- When a multi-page allocation is done without __GFP_COMP,
- hardened usercopy will reject attempts to copy it. There are,
 diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
 index 9e921fc72..f29bc13fa 100644
 --- a/security/selinux/Kconfig

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: e6616502ad6e34b980112d4828cf526fdfbf0635
Author: Mike Pagano  gentoo  org>
AuthorDate: Wed May 11 17:25:52 2022 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Wed May 11 17:25:52 2022 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e6616502

Update Gentoo Hardened patchset based on KSPP thanks to Peter Bo
Bug: https://bugs.gentoo.org/841488

Added:
CONFIG_HARDENED_USERCOPY=y
CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
CONFIG_KFENCE=y
CONFIG_IOMMU_DEFAULT_DMA_STRICT=y
CONFIG_SCHED_CORE=y
CONFIG_ZERO_CALL_USED_REGS=y

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index ab78353b..1efc0fba 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,14 +1,14 @@
 a/Kconfig  2022-04-12 13:11:48.403113171 -0400
-+++ b/Kconfig  2022-04-12 13:12:36.530084675 -0400
+--- a/Kconfig  2022-05-11 13:20:07.110347567 -0400
 b/Kconfig  2022-05-11 13:21:12.127174393 -0400
 @@ -30,3 +30,5 @@ source "lib/Kconfig"
  source "lib/Kconfig.debug"
  
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2022-04-12 05:39:54.696333295 -0400
-+++ b/distro/Kconfig   2022-04-12 13:21:04.666379519 -0400
-@@ -0,0 +1,285 @@
+--- /dev/null  2022-05-10 13:47:17.750578524 -0400
 b/distro/Kconfig   2022-05-11 13:21:20.540529032 -0400
+@@ -0,0 +1,290 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -185,7 +185,7 @@
 +config GENTOO_KERNEL_SELF_PROTECTION_COMMON
 +  bool "Enable Kernel Self Protection Project Recommendations"
 +
-+  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS
++  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && 
!IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT
 +
 +  select BUG
 +  select STRICT_KERNEL_RWX
@@ -199,6 +199,10 @@
 +  select DEBUG_NOTIFIERS
 +  select DEBUG_LIST
 +  select DEBUG_SG
++  select HARDENED_USERCOPY if HAVE_HARDENED_USERCOPY_ALLOCATOR=y
++  select KFENCE if HAVE_ARCH_KFENCE && (!SLAB || SLUB)
++  select RANDOMIZE_KSTACK_OFFSET_DEFAULT if 
HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET && (INIT_STACK_NONE || !CC_IS_CLANG || 
CLANG_VERSION>=14)
++  select SCHED_CORE if SCHED_SMT
 +  select BUG_ON_DATA_CORRUPTION
 +  select SCHED_STACK_END_CHECK
 +  select SECCOMP if HAVE_ARCH_SECCOMP
@@ -222,6 +226,7 @@
 +  select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
 +  select GCC_PLUGIN_RANDSTRUCT
 +  select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
++  select ZERO_CALL_USED_REGS if CC_HAS_ZERO_CALL_USED_REGS
 +
 +  help
 +  Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, 
X86_32, ARM} for dependency 

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 8cf9324d1f7faeb789b12f84bfa848fc201bb8b3
Author: Mike Pagano  gentoo  org>
AuthorDate: Mon Apr 25 16:14:27 2022 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Mon Apr 25 16:14:27 2022 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=8cf9324d

Update distro patch in security Kconfig for 5.18

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 9843c3e2..ab78353b 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -294,12 +294,12 @@
 +  See the settings that become available for more details and 
fine-tuning.
 +
 +endmenu
 a/security/Kconfig 2021-12-05 18:20:55.655677710 -0500
-+++ b/security/Kconfig 2021-12-05 18:23:42.404251618 -0500
+--- a/security/Kconfig 2022-04-25 11:20:45.487213970 -0400
 b/security/Kconfig 2022-04-25 11:22:02.514143999 -0400
 @@ -167,6 +167,7 @@ config HARDENED_USERCOPY_PAGESPAN
bool "Refuse to copy allocations that span multiple pages"
depends on HARDENED_USERCOPY
-   depends on EXPERT
+   depends on BROKEN
 +  depends on !GENTOO_KERNEL_SELF_PROTECTION
help
  When a multi-page allocation is done without __GFP_COMP,

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 9347fcafa40bcf56dda687db418c79300890139a
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Apr 12 19:11:29 2022 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Apr 12 19:11:29 2022 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=9347fcaf

Remove deprecated select AUTOFS4_FS

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 9eefdc31..9843c3e2 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -8,7 +8,7 @@
 +source "distro/Kconfig"
 --- /dev/null  2022-04-12 05:39:54.696333295 -0400
 +++ b/distro/Kconfig   2022-04-12 13:21:04.666379519 -0400
-@@ -0,0 +1,286 @@
+@@ -0,0 +1,285 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -121,7 +121,6 @@
 +
 +  depends on GENTOO_LINUX && GENTOO_LINUX_UDEV
 +
-+  select AUTOFS4_FS
 +  select AUTOFS_FS
 +  select BLK_DEV_BSG
 +  select BPF_SYSCALL

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 40752e90343c0e69ce5634eb893e6a54d7c5c44b
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Apr 12 17:38:27 2022 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Apr 12 17:38:27 2022 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=40752e90

Select AUTOFS_FS when GENTOO_LINUX_INIT_SYSTEMD selected

Bug: https://bugs.gentoo.org/838082

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 3712fa96..9eefdc31 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,14 +1,14 @@
 a/Kconfig  2021-06-04 19:03:33.646823432 -0400
-+++ b/Kconfig  2021-06-04 19:03:40.508892817 -0400
+--- a/Kconfig  2022-04-12 13:11:48.403113171 -0400
 b/Kconfig  2022-04-12 13:12:36.530084675 -0400
 @@ -30,3 +30,5 @@ source "lib/Kconfig"
  source "lib/Kconfig.debug"
  
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2022-01-29 13:28:12.679255142 -0500
-+++ b/distro/Kconfig   2022-01-29 15:29:29.800465617 -0500
-@@ -0,0 +1,285 @@
+--- /dev/null  2022-04-12 05:39:54.696333295 -0400
 b/distro/Kconfig   2022-04-12 13:21:04.666379519 -0400
+@@ -0,0 +1,286 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -122,6 +122,7 @@
 +  depends on GENTOO_LINUX && GENTOO_LINUX_UDEV
 +
 +  select AUTOFS4_FS
++  select AUTOFS_FS
 +  select BLK_DEV_BSG
 +  select BPF_SYSCALL
 +  select CGROUP_BPF

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 8216b19f52279d249d9233cb47bbcfff5b39fc56
Author: Mike Pagano  gentoo  org>
AuthorDate: Sat Jan 29 20:43:23 2022 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sat Jan 29 20:43:23 2022 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=8216b19f

Select CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL=y as default

Bug: https://bugs.gentoo.org/832224

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 24b75095..3712fa96 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2021-12-21 08:57:43.779324794 -0500
-+++ b/distro/Kconfig   2021-12-21 14:12:07.964572417 -0500
-@@ -0,0 +1,283 @@
+--- /dev/null  2022-01-29 13:28:12.679255142 -0500
 b/distro/Kconfig   2022-01-29 15:29:29.800465617 -0500
+@@ -0,0 +1,285 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -16,6 +16,8 @@
 +
 +  default y
 +
++  select CPU_FREQ_DEFAULT_GOV_SCHEDUTIL
++
 +  help
 +  In order to boot Gentoo Linux a minimal set of config settings 
needs to
 +  be enabled in the kernel; to avoid the users from having to 
enable them

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 2261652e5e3a9a61b7147d6e93282bc54833c734
Author: Mike Pagano  gentoo  org>
AuthorDate: Sun Jan  9 20:03:10 2022 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sun Jan  9 20:04:04 2022 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=2261652e

Revert "Update Gentoo Distro patch, thanks to gyakovlev"

This reverts commit 632cc59cc8462f3f01085d1b76cc304488a06394.

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 251 ---
 1 file changed, 102 insertions(+), 149 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 97665869..24b75095 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,19 +1,14 @@
-diff --git a/Kconfig b/Kconfig
-index 745bc773f..e306bacea 100644
 a/Kconfig
-+++ b/Kconfig
+--- a/Kconfig  2021-06-04 19:03:33.646823432 -0400
 b/Kconfig  2021-06-04 19:03:40.508892817 -0400
 @@ -30,3 +30,5 @@ source "lib/Kconfig"
  source "lib/Kconfig.debug"
  
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
-diff --git a/distro/Kconfig b/distro/Kconfig
-new file mode 100644
-index 0..94d6e1886
 /dev/null
-+++ b/distro/Kconfig
-@@ -0,0 +1,295 @@
+--- /dev/null  2021-12-21 08:57:43.779324794 -0500
 b/distro/Kconfig   2021-12-21 14:12:07.964572417 -0500
+@@ -0,0 +1,283 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -80,8 +75,9 @@ index 0..94d6e1886
 +  CGROUPS (required for FEATURES=cgroup)
 +  IPC_NS  (required for FEATURES=ipc-sandbox)
 +  NET_NS  (required for FEATURES=network-sandbox)
-+  PID_NS  (required for FEATURES=pid-sandbox)
++  PID_NS  (required for FEATURES=pid-sandbox)
 +  SYSVIPC (required by IPC_NS)
++   
 +
 +  It is highly recommended that you leave this enabled as these 
FEATURES
 +  are, or will soon be, enabled by default.
@@ -128,7 +124,7 @@ index 0..94d6e1886
 +  select BPF_SYSCALL
 +  select CGROUP_BPF
 +  select CGROUPS
-+  select CRYPTO_HMAC
++  select CRYPTO_HMAC 
 +  select CRYPTO_SHA256
 +  select CRYPTO_USER_API_HASH
 +  select DEVPTS_MULTIPLE_INSTANCES
@@ -170,104 +166,102 @@ index 0..94d6e1886
 +
 +endmenu
 +
-+menu "Kernel Self Protection Project"
-+  visible if GENTOO_LINUX
++menuconfig GENTOO_KERNEL_SELF_PROTECTION
++  bool "Kernel Self Protection Project"
++  depends on GENTOO_LINUX
++  help
++  Recommended Kernel settings based on the suggestions from the 
Kernel Self Protection Project
++  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
++  Note, there may be additional settings for which the CONFIG_ 
setting is invisible in menuconfig due 
++  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_COMMON and search for 
++  GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
dependency information on your 
++  specific architecture.
++  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
++  for X86_64
 +
-+config GENTOO_KERNEL_SELF_PROTECTION
++if GENTOO_KERNEL_SELF_PROTECTION
++config GENTOO_KERNEL_SELF_PROTECTION_COMMON
 +  bool "Enable Kernel Self Protection Project Recommendations"
 +
-+  depends on GENTOO_LINUX && EXPERT && !DEVKMEM && !PROC_KCORE && 
!COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !MODIFY_LDT_SYSCALL
++  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS
 +
 +  select BUG
-+  select STRICT_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
-+  select DEBUG_FS
-+  select DEBUG_WX if ARCH_HAS_DEBUG_WX && MMU
-+  select STACKPROTECTOR if HAVE_STACKPROTECTOR
-+  select STACKPROTECTOR_STRONG if HAVE_STACKPROTECTOR
-+  select STRICT_DEVMEM if DEVMEM=y && (ARCH_HAS_DEVMEM_IS_ALLOWED || 
GENERIC_LIB_DEVMEM_IS_ALLOWED)
-+  select IO_STRICT_DEVMEM if STRICT_DEVMEM
-+  select SYN_COOKIES if NET && INET
-+  select DEBUG_CREDENTIALS if DEBUG_KERNEL
-+  select DEBUG_NOTIFIERS if DEBUG_KERNEL
++  select STRICT_KERNEL_RWX
++  select DEBUG_WX
++  select STACKPROTECTOR
++  select STACKPROTECTOR_STRONG
++  select STRICT_DEVMEM if DEVMEM=y
++  select IO_STRICT_DEVMEM if DEVMEM=y
++  select SYN_COOKIES
++  select DEBUG_CREDENTIALS
++  select DEBUG_NOTIFIERS
 +  select DEBUG_LIST
-+  select DEBUG_SG if DEBUG_KERNEL
++  select DEBUG_SG
 +  select BUG_ON_DATA_CORRUPTION
-+  select SCHED_STACK_END_CHECK if DEBUG_KERNEL
++  select SCHED_STACK_END_CHECK
 +  select SECCOMP if HAVE_A

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 632cc59cc8462f3f01085d1b76cc304488a06394
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Jan  4 12:51:00 2022 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Jan  4 12:51:00 2022 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=632cc59c

Update Gentoo Distro patch, thanks to gyakovlev

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 251 +++
 1 file changed, 149 insertions(+), 102 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 24b75095..97665869 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,14 +1,19 @@
 a/Kconfig  2021-06-04 19:03:33.646823432 -0400
-+++ b/Kconfig  2021-06-04 19:03:40.508892817 -0400
+diff --git a/Kconfig b/Kconfig
+index 745bc773f..e306bacea 100644
+--- a/Kconfig
 b/Kconfig
 @@ -30,3 +30,5 @@ source "lib/Kconfig"
  source "lib/Kconfig.debug"
  
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2021-12-21 08:57:43.779324794 -0500
-+++ b/distro/Kconfig   2021-12-21 14:12:07.964572417 -0500
-@@ -0,0 +1,283 @@
+diff --git a/distro/Kconfig b/distro/Kconfig
+new file mode 100644
+index 0..94d6e1886
+--- /dev/null
 b/distro/Kconfig
+@@ -0,0 +1,295 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -75,9 +80,8 @@
 +  CGROUPS (required for FEATURES=cgroup)
 +  IPC_NS  (required for FEATURES=ipc-sandbox)
 +  NET_NS  (required for FEATURES=network-sandbox)
-+  PID_NS  (required for FEATURES=pid-sandbox)
++  PID_NS  (required for FEATURES=pid-sandbox)
 +  SYSVIPC (required by IPC_NS)
-+   
 +
 +  It is highly recommended that you leave this enabled as these 
FEATURES
 +  are, or will soon be, enabled by default.
@@ -124,7 +128,7 @@
 +  select BPF_SYSCALL
 +  select CGROUP_BPF
 +  select CGROUPS
-+  select CRYPTO_HMAC 
++  select CRYPTO_HMAC
 +  select CRYPTO_SHA256
 +  select CRYPTO_USER_API_HASH
 +  select DEVPTS_MULTIPLE_INSTANCES
@@ -166,102 +170,104 @@
 +
 +endmenu
 +
-+menuconfig GENTOO_KERNEL_SELF_PROTECTION
-+  bool "Kernel Self Protection Project"
-+  depends on GENTOO_LINUX
-+  help
-+  Recommended Kernel settings based on the suggestions from the 
Kernel Self Protection Project
-+  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
-+  Note, there may be additional settings for which the CONFIG_ 
setting is invisible in menuconfig due 
-+  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_COMMON and search for 
-+  GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
dependency information on your 
-+  specific architecture.
-+  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
-+  for X86_64
++menu "Kernel Self Protection Project"
++  visible if GENTOO_LINUX
 +
-+if GENTOO_KERNEL_SELF_PROTECTION
-+config GENTOO_KERNEL_SELF_PROTECTION_COMMON
++config GENTOO_KERNEL_SELF_PROTECTION
 +  bool "Enable Kernel Self Protection Project Recommendations"
 +
-+  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS
++  depends on GENTOO_LINUX && EXPERT && !DEVKMEM && !PROC_KCORE && 
!COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !MODIFY_LDT_SYSCALL
 +
 +  select BUG
-+  select STRICT_KERNEL_RWX
-+  select DEBUG_WX
-+  select STACKPROTECTOR
-+  select STACKPROTECTOR_STRONG
-+  select STRICT_DEVMEM if DEVMEM=y
-+  select IO_STRICT_DEVMEM if DEVMEM=y
-+  select SYN_COOKIES
-+  select DEBUG_CREDENTIALS
-+  select DEBUG_NOTIFIERS
++  select STRICT_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX
++  select DEBUG_FS
++  select DEBUG_WX if ARCH_HAS_DEBUG_WX && MMU
++  select STACKPROTECTOR if HAVE_STACKPROTECTOR
++  select STACKPROTECTOR_STRONG if HAVE_STACKPROTECTOR
++  select STRICT_DEVMEM if DEVMEM=y && (ARCH_HAS_DEVMEM_IS_ALLOWED || 
GENERIC_LIB_DEVMEM_IS_ALLOWED)
++  select IO_STRICT_DEVMEM if STRICT_DEVMEM
++  select SYN_COOKIES if NET && INET
++  select DEBUG_CREDENTIALS if DEBUG_KERNEL
++  select DEBUG_NOTIFIERS if DEBUG_KERNEL
 +  select DEBUG_LIST
-+  select DEBUG_SG
++  select DEBUG_SG if DEBUG_KERNEL
 +  select BUG_ON_DATA_CORRUPTION
-+  select SCHED_STACK_END_CHECK
++  select SCHED_STACK_END_CHECK if DEBUG_KERNEL
 +  select SECCOMP if HAVE_ARCH_SECCOMP
 +  select SECCOMP_FILTER if HAVE_ARCH_SECCOMP_FILTER
-+  select SECURITY_YAMA
-+  select SLAB_FREELIST_RANDOM
-+  select SLA

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 55d7d734586eb916f800314b6a5eec438cb1fdb2
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Dec 21 19:26:40 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Dec 21 19:26:40 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=55d7d734

Move X86 and ARM only config settings to their respective sections

Thanks to gyakovlev

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 05570254..24b75095 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2021-08-24 15:34:24.700702871 -0400
-+++ b/distro/Kconfig   2021-08-24 15:49:16.965525424 -0400
-@@ -0,0 +1,281 @@
+--- /dev/null  2021-12-21 08:57:43.779324794 -0500
 b/distro/Kconfig   2021-12-21 14:12:07.964572417 -0500
+@@ -0,0 +1,283 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -211,7 +211,6 @@
 +  select PAGE_POISONING_ZERO
 +  select INIT_ON_ALLOC_DEFAULT_ON
 +  select INIT_ON_FREE_DEFAULT_ON
-+  select VMAP_STACK
 +  select REFCOUNT_FULL
 +  select FORTIFY_SOURCE
 +  select SECURITY_DMESG_RESTRICT
@@ -219,7 +218,6 @@
 +  select GCC_PLUGIN_LATENT_ENTROPY
 +  select GCC_PLUGIN_STRUCTLEAK
 +  select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
-+  select GCC_PLUGIN_STACKLEAK
 +  select GCC_PLUGIN_RANDSTRUCT
 +  select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
 +
@@ -239,6 +237,8 @@
 +  select RELOCATABLE
 +  select LEGACY_VSYSCALL_NONE
 +  select PAGE_TABLE_ISOLATION
++  select GCC_PLUGIN_STACKLEAK
++  select VMAP_STACK
 +
 +
 +config GENTOO_KERNEL_SELF_PROTECTION_ARM64
@@ -251,6 +251,8 @@
 +  select RELOCATABLE
 +  select ARM64_SW_TTBR0_PAN
 +  select CONFIG_UNMAP_KERNEL_AT_EL0
++  select GCC_PLUGIN_STACKLEAK
++  select VMAP_STACK
 +
 +config GENTOO_KERNEL_SELF_PROTECTION_X86_32
 +  bool "X86_32 KSPP Settings"

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: c0a7eefb459c8262a7e29f6660e5e6436cc792e0
Author: Mike Pagano  gentoo  org>
AuthorDate: Sun Dec  5 23:35:14 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sun Dec  5 23:35:14 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=c0a7eefb

Remove KSPP setting for HARDENED_USERCOPY_FALLBACK

This config option has been removed in 5.16.

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 16 +++-
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 95a64aa2..05570254 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -290,19 +290,9 @@
 +  See the settings that become available for more details and 
fine-tuning.
 +
 +endmenu
-diff --git a/security/Kconfig b/security/Kconfig
-index 7561f6f99..01f0bf73f 100644
 a/security/Kconfig
-+++ b/security/Kconfig
-@@ -166,6 +166,7 @@ config HARDENED_USERCOPY
- config HARDENED_USERCOPY_FALLBACK
-   bool "Allow usercopy whitelist violations to fallback to object size"
-   depends on HARDENED_USERCOPY
-+  depends on !GENTOO_KERNEL_SELF_PROTECTION
-   default y
-   help
- This is a temporary option that allows missing usercopy whitelists
-@@ -181,6 +182,7 @@ config HARDENED_USERCOPY_PAGESPAN
+--- a/security/Kconfig 2021-12-05 18:20:55.655677710 -0500
 b/security/Kconfig 2021-12-05 18:23:42.404251618 -0500
+@@ -167,6 +167,7 @@ config HARDENED_USERCOPY_PAGESPAN
bool "Refuse to copy allocations that span multiple pages"
depends on HARDENED_USERCOPY
depends on EXPERT

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 3b04d123fde8dc5a19f647c83a59dedcbac92f06
Author: Mike Pagano  gentoo  org>
AuthorDate: Mon Oct 18 21:14:04 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Mon Oct 18 21:14:04 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3b04d123

For systemd, select CONFIG_KCMP as systemd uses the kcmp() call

Originally tied to CHECKPOINT_RESTORE.

Thanks to Mike Gilbert for reporting.

Bug: https://bugs.gentoo.org/818832

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 74e80d3..95a64aa 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -124,7 +124,6 @@
 +  select BPF_SYSCALL
 +  select CGROUP_BPF
 +  select CGROUPS
-+  select CHECKPOINT_RESTORE
 +  select CRYPTO_HMAC 
 +  select CRYPTO_SHA256
 +  select CRYPTO_USER_API_HASH
@@ -136,6 +135,7 @@
 +  select FILE_LOCKING
 +  select INOTIFY_USER
 +  select IPV6
++  select KCMP
 +  select NET
 +  select NET_NS
 +  select PROC_FS

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: d095e983c5183397ed4a49db42dc11194a3943bb
Author: Mike Pagano  gentoo  org>
AuthorDate: Mon Sep 20 21:57:57 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Mon Sep 20 21:57:57 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=d095e983

Move USER_NS to GENTOO_LINUX_PORTAGE

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index d2175f0..74e80d3 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -65,6 +65,7 @@
 +  select NET_NS
 +  select PID_NS
 +  select SYSVIPC
++  select USER_NS
 +  select UTS_NS
 +
 +  help
@@ -145,7 +146,6 @@
 +  select TIMERFD
 +  select TMPFS_POSIX_ACL
 +  select TMPFS_XATTR
-+  select USER_NS
 +
 +  select ANON_INODES
 +  select BLOCK

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 181caad4a8ad9f6a2ead5b4d596e6e83f123bb05
Author: Mike Pagano  gentoo  org>
AuthorDate: Wed Aug 25 16:20:53 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Wed Aug 25 16:20:53 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=181caad4

Change CONFIG_GENTOO_PRINT_FIRMWARE_INFO to y

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index fd8f955..d2175f0 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -280,7 +280,7 @@
 +  bool "Print firmware information that the kernel attempts to load"
 +
 +  depends on GENTOO_LINUX
-+  default n 
++  default y
 +
 +  help
 +  Enable this option to print information about firmware that the 
kernel

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: d3ba9963dbecff37c7b0d46913519cc22bc877c0
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Aug 24 19:53:28 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Aug 24 19:53:28 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=d3ba9963

Add CONFIG option to print firmware info

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 20 +---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 864f86a..fd8f955 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2021-08-09 07:18:54.945580285 -0400
-+++ b/distro/Kconfig   2021-08-09 19:15:34.418191114 -0400
-@@ -0,0 +1,267 @@
+--- /dev/null  2021-08-24 15:34:24.700702871 -0400
 b/distro/Kconfig   2021-08-24 15:49:16.965525424 -0400
+@@ -0,0 +1,281 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -275,6 +275,20 @@
 +  select CPU_SW_DOMAIN_PAN
 +
 +endif
++
++config GENTOO_PRINT_FIRMWARE_INFO
++  bool "Print firmware information that the kernel attempts to load"
++
++  depends on GENTOO_LINUX
++  default n 
++
++  help
++  Enable this option to print information about firmware that the 
kernel
++  is attempting to load.  This information can be accessible via 
the
++  dmesg command-line utility
++
++  See the settings that become available for more details and 
fine-tuning.
++
 +endmenu
 diff --git a/security/Kconfig b/security/Kconfig
 index 7561f6f99..01f0bf73f 100644

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 17cf6f8c197ee6b3b32f2a915e86521cd2cd14d9
Author: Mike Pagano  gentoo  org>
AuthorDate: Mon Aug  9 23:18:23 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Mon Aug  9 23:18:23 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=17cf6f8c

Fix GCC_PLUGINS depends

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 429e9d4..864f86a 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2021-08-03 06:44:27.767516067 -0400
-+++ b/distro/Kconfig   2021-08-03 18:43:33.303563865 -0400
-@@ -0,0 +1,268 @@
+--- /dev/null  2021-08-09 07:18:54.945580285 -0400
 b/distro/Kconfig   2021-08-09 19:15:34.418191114 -0400
+@@ -0,0 +1,267 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -170,7 +170,7 @@
 +  bool "Kernel Self Protection Project"
 +  depends on GENTOO_LINUX
 +  help
-+  Recommended Kernel settings based on the suggestions from the 
Kernel Self Protection Project
++  Recommended Kernel settings based on the suggestions from the 
Kernel Self Protection Project
 +  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
 +  Note, there may be additional settings for which the CONFIG_ 
setting is invisible in menuconfig due 
 +  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_COMMON and search for 
@@ -183,7 +183,7 @@
 +config GENTOO_KERNEL_SELF_PROTECTION_COMMON
 +  bool "Enable Kernel Self Protection Project Recommendations"
 +
-+  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL
++  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS
 +
 +  select BUG
 +  select STRICT_KERNEL_RWX
@@ -216,7 +216,6 @@
 +  select FORTIFY_SOURCE
 +  select SECURITY_DMESG_RESTRICT
 +  select PANIC_ON_OOPS
-+  select CONFIG_GCC_PLUGINS
 +  select GCC_PLUGIN_LATENT_ENTROPY
 +  select GCC_PLUGIN_STRUCTLEAK
 +  select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 52196ef10a6430ef86080784cc52d57ee740a9fc
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Aug  3 22:49:56 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Aug  3 22:49:56 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=52196ef1

Add CONFIG_RELOCATABLE when selecting RANDOMIZE_BASE

Redo menu's to make more user-friendly

Bug: https://bugs.gentoo.org/806300

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 51 ++--
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index fa005e6..429e9d4 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2021-07-04 10:53:51.006624416 -0400
-+++ b/distro/Kconfig   2021-07-04 11:07:33.534248860 -0400
-@@ -0,0 +1,263 @@
+--- /dev/null  2021-08-03 06:44:27.767516067 -0400
 b/distro/Kconfig   2021-08-03 18:43:33.303563865 -0400
+@@ -0,0 +1,268 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -166,11 +166,22 @@
 +
 +endmenu
 +
-+menu "Enable Kernel Self Protection Project Recommendations"
-+  visible if GENTOO_LINUX
++menuconfig GENTOO_KERNEL_SELF_PROTECTION
++  bool "Kernel Self Protection Project"
++  depends on GENTOO_LINUX
++  help
++  Recommended Kernel settings based on the suggestions from the 
Kernel Self Protection Project
++  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
++  Note, there may be additional settings for which the CONFIG_ 
setting is invisible in menuconfig due 
++  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_COMMON and search for 
++  GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
dependency information on your 
++  specific architecture.
++  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
++  for X86_64
 +
-+config GENTOO_KERNEL_SELF_PROTECTION
-+  bool "Architecture Independant Kernel Self Protection Project 
Recommendations"
++if GENTOO_KERNEL_SELF_PROTECTION
++config GENTOO_KERNEL_SELF_PROTECTION_COMMON
++  bool "Enable Kernel Self Protection Project Recommendations"
 +
 +  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL
 +
@@ -214,26 +225,21 @@
 +  select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
 +
 +  help
-+  Recommended Kernel settings based on the suggestions from the 
Kernel Self Protection Project
-+  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
-+  Note, there may be additional settings for which the CONFIG_ 
setting is invisible in menuconfig due 
-+  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
-+  dependency information on your specific architecture.
-+  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
-+  for X86_64
-+
-+menu "Architecture Specific Self Protection Project Recommendations"
++  Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, 
X86_32, ARM} for dependency 
++  information on your specific architecture.  Note 2: Please see 
the URL above for 
++  numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 for 
X86_64
 +
 +config GENTOO_KERNEL_SELF_PROTECTION_X86_64
-+  bool "X86_64 KSPP Settings"
++  bool "X86_64 KSPP Settings" if GENTOO_KERNEL_SELF_PROTECTION_COMMON
 +
-+  depends on !X86_MSR && X86_64
++  depends on !X86_MSR && X86_64 && GENTOO_KERNEL_SELF_PROTECTION
 +  default n
 +  
 +  select RANDOMIZE_BASE
 +  select RANDOMIZE_MEMORY
++  select RELOCATABLE
 +  select LEGACY_VSYSCALL_NONE
-+ select PAGE_TABLE_ISOLATION
++  select PAGE_TABLE_ISOLATION
 +
 +
 +config GENTOO_KERNEL_SELF_PROTECTION_ARM64
@@ -243,6 +249,7 @@
 +  default n
 +
 +  select RANDOMIZE_BASE
++  select RELOCATABLE
 +  select ARM64_SW_TTBR0_PAN
 +  select CONFIG_UNMAP_KERNEL_AT_EL0
 +
@@ -255,6 +262,7 @@
 +  select HIGHMEM64G
 +  select X86_PAE
 +  select RANDOMIZE_BASE
++  select RELOCATABLE
 +  select PAGE_TABLE_ISOLATION
 +
 +config GENTOO_KERNEL_SELF_PROTECTION_ARM
@@ -267,10 +275,7 @@
 +  select STRICT_MEMORY_RWX
 +  select CPU_SW_DOMAIN_PAN
 +
-+endmenu
-+
-+endmenu
-+
++endif
 +endmenu
 diff --git a/security/Kconfig b/security/Kconfig
 index 7561f6f99..01f0bf73f 100644

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 654733d4f1d5b525eeaaca34142ecbba64789876
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Aug  3 11:00:25 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Aug  3 11:00:25 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=654733d4

Fix SECCOMP Patch

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index f875dba..fa005e6 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -139,7 +139,7 @@
 +  select NET_NS
 +  select PROC_FS
 +  select SECCOMP if HAVE_ARCH_SECCOMP
-+  select SECCOMP_FILTER HAVE_ARCH_SECCOMP_FILTER
++  select SECCOMP_FILTER if HAVE_ARCH_SECCOMP_FILTER
 +  select SIGNALFD
 +  select SYSFS
 +  select TIMERFD
@@ -189,7 +189,7 @@
 +  select BUG_ON_DATA_CORRUPTION
 +  select SCHED_STACK_END_CHECK
 +  select SECCOMP if HAVE_ARCH_SECCOMP
-+  select SECCOMP_FILTER HAVE_ARCH_SECCOMP_FILTER
++  select SECCOMP_FILTER if HAVE_ARCH_SECCOMP_FILTER
 +  select SECURITY_YAMA
 +  select SLAB_FREELIST_RANDOM
 +  select SLAB_FREELIST_HARDENED

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 3430718fc7db8c5473c83de510a1e0332c0e74ef
Author: Mike Pagano  gentoo  org>
AuthorDate: Mon Aug  2 22:27:34 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Mon Aug  2 22:27:34 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3430718f

Select SECCOMP options only if supported

Thanks to Matt Turner for this patch

Some architectures (e.g., alpha, sparc) do not support SECCOMP.
Without this kernel builds will show:

WARNING: unmet direct dependencies detected for SECCOMP
  Depends on [n]: HAVE_ARCH_SECCOMP [=n]
  Selected by [y]:
  - GENTOO_LINUX_INIT_SYSTEMD [=y] && GENTOO_LINUX [=y] && GENTOO_LINUX_UDEV 
[=y]

WARNING: unmet direct dependencies detected for SECCOMP_FILTER
  Depends on [n]: HAVE_ARCH_SECCOMP_FILTER [=n] && SECCOMP [=y] && NET [=y]
  Selected by [y]:
  - GENTOO_LINUX_INIT_SYSTEMD [=y] && GENTOO_LINUX [=y] && GENTOO_LINUX_UDEV 
[=y]

Signed-off-by: Matt Turner  gentoo.org>
Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index c063c6d..f875dba 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -138,8 +138,8 @@
 +  select NET
 +  select NET_NS
 +  select PROC_FS
-+  select SECCOMP
-+  select SECCOMP_FILTER
++  select SECCOMP if HAVE_ARCH_SECCOMP
++  select SECCOMP_FILTER HAVE_ARCH_SECCOMP_FILTER
 +  select SIGNALFD
 +  select SYSFS
 +  select TIMERFD
@@ -188,8 +188,8 @@
 +  select DEBUG_SG
 +  select BUG_ON_DATA_CORRUPTION
 +  select SCHED_STACK_END_CHECK
-+  select SECCOMP
-+  select SECCOMP_FILTER
++  select SECCOMP if HAVE_ARCH_SECCOMP
++  select SECCOMP_FILTER HAVE_ARCH_SECCOMP_FILTER
 +  select SECURITY_YAMA
 +  select SLAB_FREELIST_RANDOM
 +  select SLAB_FREELIST_HARDENED

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 71e0b2f98ab6da50c1a530bd2889e449d5950f83
Author: Mike Pagano  gentoo  org>
AuthorDate: Sun Jul  4 15:16:10 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sun Jul  4 15:16:10 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=71e0b2f9

Fix DEVMEM Select and move help text

Thanks to Peter for reporting

Bug: https://bugs.gentoo.org/798315

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 337ba12..c063c6d 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,8 +6,8 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2021-06-08 16:56:49.698138501 -0400
-+++ b/distro/Kconfig   2021-06-08 17:11:33.377999003 -0400
+--- /dev/null  2021-07-04 10:53:51.006624416 -0400
 b/distro/Kconfig   2021-07-04 11:07:33.534248860 -0400
 @@ -0,0 +1,263 @@
 +menu "Gentoo Linux"
 +
@@ -172,15 +172,6 @@
 +config GENTOO_KERNEL_SELF_PROTECTION
 +  bool "Architecture Independant Kernel Self Protection Project 
Recommendations"
 +
-+  help
-+  Recommended Kernel settings based on the suggestions from the Kernel 
Self Protection Project
-+  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
-+  Note, there may be additional settings for which the CONFIG_ setting is 
invisible in menuconfig due 
-+  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
-+  dependency information on your specific architecture.
-+  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
-+  for X86_64
-+
 +  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL
 +
 +  select BUG
@@ -188,8 +179,8 @@
 +  select DEBUG_WX
 +  select STACKPROTECTOR
 +  select STACKPROTECTOR_STRONG
-+  select STRICT_DEVMEM
-+  select IO_STRICT_DEVMEM
++  select STRICT_DEVMEM if DEVMEM=y
++  select IO_STRICT_DEVMEM if DEVMEM=y
 +  select SYN_COOKIES
 +  select DEBUG_CREDENTIALS
 +  select DEBUG_NOTIFIERS
@@ -222,6 +213,15 @@
 +  select GCC_PLUGIN_RANDSTRUCT
 +  select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
 +
++  help
++  Recommended Kernel settings based on the suggestions from the 
Kernel Self Protection Project
++  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
++  Note, there may be additional settings for which the CONFIG_ 
setting is invisible in menuconfig due 
++  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
++  dependency information on your specific architecture.
++  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
++  for X86_64
++
 +menu "Architecture Specific Self Protection Project Recommendations"
 +
 +config GENTOO_KERNEL_SELF_PROTECTION_X86_64

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 7145944779dc9c9747145defb5d7b054f9f2bd39
Author: Mike Pagano  gentoo  org>
AuthorDate: Fri Jun 11 13:24:22 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Fri Jun 11 13:24:22 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=71459447

Update KSP Patch, minor typo and formatting

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 635de00..337ba12 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -170,16 +170,16 @@
 +  visible if GENTOO_LINUX
 +
 +config GENTOO_KERNEL_SELF_PROTECTION
-+  bool "Architecture Independent Kernel Self Protection Project 
Recommendations"
++  bool "Architecture Independant Kernel Self Protection Project 
Recommendations"
 +
 +  help
-+  Recommended Kernel settings based on the suggestions from the 
Kernel Self Protection Project
-+  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
-+  Note, there may be additional settings for which the CONFIG_ 
setting is invisible in menuconfig due
-+  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for
-+  dependency information on your specific architecture.
-+  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
-+  for X86_64
++  Recommended Kernel settings based on the suggestions from the Kernel 
Self Protection Project
++  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
++  Note, there may be additional settings for which the CONFIG_ setting is 
invisible in menuconfig due 
++  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
++  dependency information on your specific architecture.
++  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
++  for X86_64
 +
 +  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL
 +
@@ -233,7 +233,7 @@
 +  select RANDOMIZE_BASE
 +  select RANDOMIZE_MEMORY
 +  select LEGACY_VSYSCALL_NONE
-+  select PAGE_TABLE_ISOLATION
++ select PAGE_TABLE_ISOLATION
 +
 +
 +config GENTOO_KERNEL_SELF_PROTECTION_ARM64

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: ccf130a6c7afbb4715ba52fd6e34b7fb25d1c0fb
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Jun  8 22:14:00 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Jun  8 22:14:00 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=ccf130a6

Updates from gyakovlev

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 72 +++-
 1 file changed, 64 insertions(+), 8 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 56adbbd..635de00 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2021-06-06 14:01:09.950742356 -0400
-+++ b/distro/Kconfig   2021-06-06 17:48:05.912077568 -0400
-@@ -0,0 +1,267 @@
+--- /dev/null  2021-06-08 16:56:49.698138501 -0400
 b/distro/Kconfig   2021-06-08 17:11:33.377999003 -0400
+@@ -0,0 +1,263 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -181,8 +181,7 @@
 +  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 +  for X86_64
 +
-+  depends on GENTOO_LINUX && !HARDENED_USERCOPY_FALLBACK && 
!HARDENED_USERCOPY_PAGESPAN && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM 
&& !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!SECURITY_SELINUX_DISABLE && !X86_X32 && !MODIFY_LDT_SYSCALL
-+
++  depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && 
!DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && 
!LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL
 +
 +  select BUG
 +  select STRICT_KERNEL_RWX
@@ -191,7 +190,6 @@
 +  select STACKPROTECTOR_STRONG
 +  select STRICT_DEVMEM
 +  select IO_STRICT_DEVMEM
-+
 +  select SYN_COOKIES
 +  select DEBUG_CREDENTIALS
 +  select DEBUG_NOTIFIERS
@@ -201,9 +199,7 @@
 +  select SCHED_STACK_END_CHECK
 +  select SECCOMP
 +  select SECCOMP_FILTER
-+  select SECURITY
 +  select SECURITY_YAMA
-+  select HARDENED_USERCOPY
 +  select SLAB_FREELIST_RANDOM
 +  select SLAB_FREELIST_HARDENED
 +  select SHUFFLE_PAGE_ALLOCATOR
@@ -276,3 +272,63 @@
 +endmenu
 +
 +endmenu
+diff --git a/security/Kconfig b/security/Kconfig
+index 7561f6f99..01f0bf73f 100644
+--- a/security/Kconfig
 b/security/Kconfig
+@@ -166,6 +166,7 @@ config HARDENED_USERCOPY
+ config HARDENED_USERCOPY_FALLBACK
+   bool "Allow usercopy whitelist violations to fallback to object size"
+   depends on HARDENED_USERCOPY
++  depends on !GENTOO_KERNEL_SELF_PROTECTION
+   default y
+   help
+ This is a temporary option that allows missing usercopy whitelists
+@@ -181,6 +182,7 @@ config HARDENED_USERCOPY_PAGESPAN
+   bool "Refuse to copy allocations that span multiple pages"
+   depends on HARDENED_USERCOPY
+   depends on EXPERT
++  depends on !GENTOO_KERNEL_SELF_PROTECTION
+   help
+ When a multi-page allocation is done without __GFP_COMP,
+ hardened usercopy will reject attempts to copy it. There are,
+diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
+index 9e921fc72..f29bc13fa 100644
+--- a/security/selinux/Kconfig
 b/security/selinux/Kconfig
+@@ -26,6 +26,7 @@ config SECURITY_SELINUX_BOOTPARAM
+ config SECURITY_SELINUX_DISABLE
+   bool "NSA SELinux runtime disable"
+   depends on SECURITY_SELINUX
++  depends on !GENTOO_KERNEL_SELF_PROTECTION
+   select SECURITY_WRITABLE_HOOKS
+   default n
+   help
+-- 
+2.31.1
+
+From bd3ff0b16792c18c0614c2b95e148943209f460a Mon Sep 17 00:00:00 2001
+From: Georgy Yakovlev 
+Date: Tue, 8 Jun 2021 13:59:57 -0700
+Subject: [PATCH 2/2] set DEFAULT_MMAP_MIN_ADDR by default
+
+---
+ mm/Kconfig | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/mm/Kconfig b/mm/Kconfig
+index 24c045b24..e13fc740c 100644
+--- a/mm/Kconfig
 b/mm/Kconfig
+@@ -321,6 +321,8 @@ config KSM
+ config DEFAULT_MMAP_MIN_ADDR
+   int "Low address space to protect from user allocation"
+   depends on MMU
++  default 65536 if ( X86_64 || X86_32 || PPC64 || IA64 ) && 
GENTOO_KERNEL_SELF_PROTECTION
++  default 32768 if ( ARM64 || ARM ) && GENTOO_KERNEL_SELF_PROTECTION
+   default 4096
+   help
+ This is the portion of low virtual memory which should be protected
+-- 
+2.31.1
+```

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 042e689970b1b2d89ad38c3cfe339065b5caa397
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Jun  8 20:07:11 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Jun  8 20:07:11 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=042e6899

Updates from gyakovlev

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 9a7a02d..56adbbd 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -170,16 +170,16 @@
 +  visible if GENTOO_LINUX
 +
 +config GENTOO_KERNEL_SELF_PROTECTION
-+  bool "Architecture Independant Kernel Self Protection Project 
Recommendations"
++  bool "Architecture Independent Kernel Self Protection Project 
Recommendations"
 +
 +  help
-+  Recommended Kernel settings based on the suggestions from the Kernel Self 
Protection Project
-+  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
-+  Note, there may be additional settings for which the CONFIG_ setting is 
invisible in menuconfig due 
-+  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
-+  dependency information on your specific architecture.
-+  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
-+  for X86_64
++  Recommended Kernel settings based on the suggestions from the 
Kernel Self Protection Project
++  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
++  Note, there may be additional settings for which the CONFIG_ 
setting is invisible in menuconfig due
++  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for
++  dependency information on your specific architecture.
++  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
++  for X86_64
 +
 +  depends on GENTOO_LINUX && !HARDENED_USERCOPY_FALLBACK && 
!HARDENED_USERCOPY_PAGESPAN && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM 
&& !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!SECURITY_SELINUX_DISABLE && !X86_X32 && !MODIFY_LDT_SYSCALL
 +
@@ -218,7 +218,7 @@
 +  select FORTIFY_SOURCE
 +  select SECURITY_DMESG_RESTRICT
 +  select PANIC_ON_OOPS
-+  select CONFIG_GCC_PLUGINS=y
++  select CONFIG_GCC_PLUGINS
 +  select GCC_PLUGIN_LATENT_ENTROPY
 +  select GCC_PLUGIN_STRUCTLEAK
 +  select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
@@ -237,7 +237,7 @@
 +  select RANDOMIZE_BASE
 +  select RANDOMIZE_MEMORY
 +  select LEGACY_VSYSCALL_NONE
-+ select PAGE_TABLE_ISOLATION
++  select PAGE_TABLE_ISOLATION
 +
 +
 +config GENTOO_KERNEL_SELF_PROTECTION_ARM64

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 682954d787a28887a57c87ee0a79c574f96f1898
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Jun  8 16:46:36 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Jun  8 16:46:36 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=682954d7

Remove !IA32_EMULATION in KSSP to avoid disabling multilib.Thanks gyakovlev

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index daf29c3..9a7a02d 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -181,7 +181,7 @@
 +  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
 +  for X86_64
 +
-+  depends on GENTOO_LINUX && !HARDENED_USERCOPY_FALLBACK && 
!HARDENED_USERCOPY_PAGESPAN && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM 
&& !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!SECURITY_SELINUX_DISABLE && !IA32_EMULATION && !X86_X32 && !MODIFY_LDT_SYSCALL
++  depends on GENTOO_LINUX && !HARDENED_USERCOPY_FALLBACK && 
!HARDENED_USERCOPY_PAGESPAN && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM 
&& !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!SECURITY_SELINUX_DISABLE && !X86_X32 && !MODIFY_LDT_SYSCALL
 +
 +
 +  select BUG

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 60251f4418deb251c34d281c76bcca0b8fb2769e
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Jun  8 15:34:15 2021 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Jun  8 15:34:15 2021 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=60251f44

CONFIG opt to enable a subset of Kernel Self Protection Project settings

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 121 +--
 1 file changed, 115 insertions(+), 6 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index e754a3e..daf29c3 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,14 +1,14 @@
 a/Kconfig  2020-04-15 11:05:30.202413863 -0400
-+++ b/Kconfig  2020-04-15 10:37:45.683952949 -0400
-@@ -32,3 +32,5 @@ source "lib/Kconfig"
+--- a/Kconfig  2021-06-04 19:03:33.646823432 -0400
 b/Kconfig  2021-06-04 19:03:40.508892817 -0400
+@@ -30,3 +30,5 @@ source "lib/Kconfig"
  source "lib/Kconfig.debug"
  
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2020-09-24 03:06:47.59000 -0400
-+++ b/distro/Kconfig   2020-09-24 11:31:29.403150624 -0400
-@@ -0,0 +1,158 @@
+--- /dev/null  2021-06-06 14:01:09.950742356 -0400
 b/distro/Kconfig   2021-06-06 17:48:05.912077568 -0400
+@@ -0,0 +1,267 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -166,4 +166,113 @@
 +
 +endmenu
 +
++menu "Enable Kernel Self Protection Project Recommendations"
++  visible if GENTOO_LINUX
++
++config GENTOO_KERNEL_SELF_PROTECTION
++  bool "Architecture Independant Kernel Self Protection Project 
Recommendations"
++
++  help
++  Recommended Kernel settings based on the suggestions from the Kernel Self 
Protection Project
++  See: 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
++  Note, there may be additional settings for which the CONFIG_ setting is 
invisible in menuconfig due 
++  to unmet dependencies. Search for 
GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for 
++  dependency information on your specific architecture.
++  Note 2: Please see the URL above for numeric settings, e.g. 
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 
++  for X86_64
++
++  depends on GENTOO_LINUX && !HARDENED_USERCOPY_FALLBACK && 
!HARDENED_USERCOPY_PAGESPAN && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM 
&& !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && 
!SECURITY_SELINUX_DISABLE && !IA32_EMULATION && !X86_X32 && !MODIFY_LDT_SYSCALL
++
++
++  select BUG
++  select STRICT_KERNEL_RWX
++  select DEBUG_WX
++  select STACKPROTECTOR
++  select STACKPROTECTOR_STRONG
++  select STRICT_DEVMEM
++  select IO_STRICT_DEVMEM
++
++  select SYN_COOKIES
++  select DEBUG_CREDENTIALS
++  select DEBUG_NOTIFIERS
++  select DEBUG_LIST
++  select DEBUG_SG
++  select BUG_ON_DATA_CORRUPTION
++  select SCHED_STACK_END_CHECK
++  select SECCOMP
++  select SECCOMP_FILTER
++  select SECURITY
++  select SECURITY_YAMA
++  select HARDENED_USERCOPY
++  select SLAB_FREELIST_RANDOM
++  select SLAB_FREELIST_HARDENED
++  select SHUFFLE_PAGE_ALLOCATOR
++  select SLUB_DEBUG
++  select PAGE_POISONING
++  select PAGE_POISONING_NO_SANITY
++  select PAGE_POISONING_ZERO
++  select INIT_ON_ALLOC_DEFAULT_ON
++  select INIT_ON_FREE_DEFAULT_ON
++  select VMAP_STACK
++  select REFCOUNT_FULL
++  select FORTIFY_SOURCE
++  select SECURITY_DMESG_RESTRICT
++  select PANIC_ON_OOPS
++  select CONFIG_GCC_PLUGINS=y
++  select GCC_PLUGIN_LATENT_ENTROPY
++  select GCC_PLUGIN_STRUCTLEAK
++  select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
++  select GCC_PLUGIN_STACKLEAK
++  select GCC_PLUGIN_RANDSTRUCT
++  select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
++
++menu "Architecture Specific Self Protection Project Recommendations"
++
++config GENTOO_KERNEL_SELF_PROTECTION_X86_64
++  bool "X86_64 KSPP Settings"
++
++  depends on !X86_MSR && X86_64
++  default n
++  
++  select RANDOMIZE_BASE
++  select RANDOMIZE_MEMORY
++  select LEGACY_VSYSCALL_NONE
++ select PAGE_TABLE_ISOLATION
++
++
++config GENTOO_KERNEL_SELF_PROTECTION_ARM64
++  bool "ARM64 KSPP Settings"
++
++  depends on ARM64
++  default n
++
++  select RANDOMIZE_BASE
++  select ARM64_SW_TTBR0_PAN
++  select CONFIG_UNMAP_KERNEL_AT_EL0
++
++config GENTOO_KERNEL_SELF_PROTECTION_X86_32
++  bool "X86_32 KSPP Settings"
++
++  depends on !X86_MSR && !MODIFY_LDT_SYSCALL && !M486 && X86_32
++  default n
++
++  select HIGHMEM64G
++  select X86_PAE
++  select RANDOMIZE_BASE
++  select PAGE_TABLE_ISOLATION
++
++config GENTOO_KERNEL_SELF_PROTECTION_ARM
++  bool "ARM KSPP Settings"
++
++  depends on !OABI_COMPAT && ARM
++  default n
++
++  sel

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: bc69ddc24357b9e2aa4d168bbdc75093903f3688
Author: Mike Pagano  gentoo  org>
AuthorDate: Thu Sep 24 15:34:05 2020 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Thu Sep 24 15:34:05 2020 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=bc69ddc2

Add missing endmenu

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 3e09969..e754a3e 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -7,8 +7,8 @@
 +
 +source "distro/Kconfig"
 --- /dev/null  2020-09-24 03:06:47.59000 -0400
-+++ b/distro/Kconfig   2020-09-24 11:09:36.442549224 -0400
-@@ -0,0 +1,157 @@
 b/distro/Kconfig   2020-09-24 11:31:29.403150624 -0400
+@@ -0,0 +1,158 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -166,3 +166,4 @@
 +
 +endmenu
 +
++endmenu

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: ad3871422e956f6d193ea6e4536949563d27db9a
Author: Mike Pagano  gentoo  org>
AuthorDate: Thu Sep 24 15:17:35 2020 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Thu Sep 24 15:17:35 2020 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=ad387142

Fix formatting

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index ebcd606..3e09969 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -145,7 +145,7 @@
 +  select TIMERFD
 +  select TMPFS_POSIX_ACL
 +  select TMPFS_XATTR
-+  select USER_NS
++  select USER_NS
 +
 +  select ANON_INODES
 +  select BLOCK

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 81d1a585fcd8b4bd8d77f4f4908bcda1167fd4ae
Author: Mike Pagano  gentoo  org>
AuthorDate: Thu Sep 24 15:12:00 2020 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Thu Sep 24 15:12:00 2020 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=81d1a585

Add CONFIG_USER_NS to GENTOO_LINUX_INIT_SYSTEMD

Required for PrivateUsers= in service units

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index cb2eaa6..ebcd606 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,8 +6,8 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2020-05-13 03:13:57.920193259 -0400
-+++ b/distro/Kconfig   2020-05-13 07:51:36.841663359 -0400
+--- /dev/null  2020-09-24 03:06:47.59000 -0400
 b/distro/Kconfig   2020-09-24 11:09:36.442549224 -0400
 @@ -0,0 +1,157 @@
 +menu "Gentoo Linux"
 +
@@ -145,6 +145,7 @@
 +  select TIMERFD
 +  select TMPFS_POSIX_ACL
 +  select TMPFS_XATTR
++  select USER_NS
 +
 +  select ANON_INODES
 +  select BLOCK
@@ -165,4 +166,3 @@
 +
 +endmenu
 +
-+endmenu

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 99be2b12d7d8173df51d997d1ed9abda418b0298
Author: Mike Pagano  gentoo  org>
AuthorDate: Wed May 13 11:55:40 2020 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Wed May 13 11:55:40 2020 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=99be2b12

Add UTS_NS to GENTOO_LINUX_PORTAGE as required by portage since 2.3.99

Bug: https://bugs.gentoo.org/722772

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 581cb20..cb2eaa6 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2020-04-15 02:49:37.900191585 -0400
-+++ b/distro/Kconfig   2020-04-15 11:07:10.952929540 -0400
-@@ -0,0 +1,156 @@
+--- /dev/null  2020-05-13 03:13:57.920193259 -0400
 b/distro/Kconfig   2020-05-13 07:51:36.841663359 -0400
+@@ -0,0 +1,157 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -65,6 +65,7 @@
 +  select NET_NS
 +  select PID_NS
 +  select SYSVIPC
++  select UTS_NS
 +
 +  help
 +  This enables options required by various Portage FEATURES.

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 943d200e6a667144c09c9b882fc018db22f285b1
Author: Mike Pagano  gentoo  org>
AuthorDate: Wed Apr 15 15:19:42 2020 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Wed Apr 15 15:19:42 2020 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=943d200e

Update distro Kconfig to support needed options for elogind

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 15 ++-
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 20b9f54..581cb20 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,14 +1,14 @@
 a/Kconfig  2019-12-30 16:37:13.825731109 -0500
-+++ b/Kconfig  2019-12-30 16:36:59.575609049 -0500
+--- a/Kconfig  2020-04-15 11:05:30.202413863 -0400
 b/Kconfig  2020-04-15 10:37:45.683952949 -0400
 @@ -32,3 +32,5 @@ source "lib/Kconfig"
  source "lib/Kconfig.debug"
  
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2019-12-30 10:19:12.810163556 -0500
-+++ b/distro/Kconfig   2019-12-30 16:42:52.928524222 -0500
-@@ -0,0 +1,151 @@
+--- /dev/null  2020-04-15 02:49:37.900191585 -0400
 b/distro/Kconfig   2020-04-15 11:07:10.952929540 -0400
+@@ -0,0 +1,156 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -91,7 +91,12 @@
 +  depends on GENTOO_LINUX
 +
 +  select BINFMT_SCRIPT
++  select CGROUPS
++  select EPOLL
 +  select FILE_LOCKING
++  select INOTIFY_USER
++  select SIGNALFD
++  select TIMERFD
 +
 +  help
 +  The init system is the first thing that loads after the kernel 
booted.

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: e629f5c99b50167913b9ea2419ae949b4c9cac1d
Author: Mike Pagano  gentoo  org>
AuthorDate: Mon Dec 30 22:21:15 2019 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Mon Dec 30 22:21:15 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e629f5c9

Add CONFIG selections for GENTOO_LINUX_INIT_SYSTEMD

Adding CGROUP_BPF and it's dependency BPF_SYSCALL

Bug: https://bugs.gentoo.org/704284

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index ecff093..20b9f54 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,14 +1,14 @@
 a/Kconfig  2019-08-07 08:33:43.669367779 -0400
-+++ b/Kconfig  2019-08-07 08:34:29.669657000 -0400
+--- a/Kconfig  2019-12-30 16:37:13.825731109 -0500
 b/Kconfig  2019-12-30 16:36:59.575609049 -0500
 @@ -32,3 +32,5 @@ source "lib/Kconfig"
  source "lib/Kconfig.debug"
  
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2019-09-18 03:31:42.730171526 -0400
-+++ b/distro/Kconfig   2019-09-18 13:28:03.170769896 -0400
-@@ -0,0 +1,149 @@
+--- /dev/null  2019-12-30 10:19:12.810163556 -0500
 b/distro/Kconfig   2019-12-30 16:42:52.928524222 -0500
+@@ -0,0 +1,151 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -114,6 +114,8 @@
 +
 +  select AUTOFS4_FS
 +  select BLK_DEV_BSG
++  select BPF_SYSCALL
++  select CGROUP_BPF
 +  select CGROUPS
 +  select CHECKPOINT_RESTORE
 +  select CRYPTO_HMAC 

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 107277b141052bc8f7fe406453cdb51e4bb0fc1d
Author: Mike Pagano  gentoo  org>
AuthorDate: Wed Sep 18 19:35:00 2019 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Wed Sep 18 19:35:00 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=107277b1

select FILE_LOCKING for both non-systemd and systemd config

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 6ac8208..ecff093 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 /dev/null  2018-12-28 10:40:34.08934 -0500
-+++ b/distro/Kconfig   2018-12-28 18:54:40.467970759 -0500
-@@ -0,0 +1,147 @@
+--- /dev/null  2019-09-18 03:31:42.730171526 -0400
 b/distro/Kconfig   2019-09-18 13:28:03.170769896 -0400
+@@ -0,0 +1,149 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -91,6 +91,7 @@
 +  depends on GENTOO_LINUX
 +
 +  select BINFMT_SCRIPT
++  select FILE_LOCKING
 +
 +  help
 +  The init system is the first thing that loads after the kernel 
booted.
@@ -123,6 +124,7 @@
 +  select EPOLL
 +  select FANOTIFY
 +  select FHANDLE
++  select FILE_LOCKING
 +  select INOTIFY_USER
 +  select IPV6
 +  select NET

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: c06588b6dfcbf141151a676a7d126155e1f5bc44
Author: Mike Pagano  gentoo  org>
AuthorDate: Wed Aug  7 12:38:53 2019 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Wed Aug  7 12:38:53 2019 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=c06588b6

Update Gentoo Kernel Linux distro patch

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index d6e791a..6ac8208 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,9 +1,9 @@
 a/Kconfig  2018-09-28 08:08:05.058882080 -0400
-+++ b/Kconfig  2018-09-28 08:09:17.869573745 -0400
-@@ -30,3 +30,5 @@ source "crypto/Kconfig"
- source "lib/Kconfig"
- 
+--- a/Kconfig  2019-08-07 08:33:43.669367779 -0400
 b/Kconfig  2019-08-07 08:34:29.669657000 -0400
+@@ -32,3 +32,5 @@ source "lib/Kconfig"
  source "lib/Kconfig.debug"
+ 
+ source "Documentation/Kconfig"
 +
 +source "distro/Kconfig"
 --- /dev/null  2018-12-28 10:40:34.08934 -0500

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 61c500b9e4094cd771f8d5213004717bda3edfcc
Author: Mike Pagano  gentoo  org>
AuthorDate: Fri Dec 28 23:58:06 2018 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Fri Dec 28 23:58:06 2018 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=61c500b9

proj/linux-patches: Select PID_NS to support FEATURES=pid-sandbox

For portage: >=sys-apps/portage-2.3.53
See bug #673896

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index ec31768..d6e791a 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -6,9 +6,9 @@
  source "lib/Kconfig.debug"
 +
 +source "distro/Kconfig"
 /dev/null  2017-03-02 01:55:04.096566155 -0500
-+++ b/distro/Kconfig   2017-03-02 11:12:05.049448255 -0500
-@@ -0,0 +1,145 @@
+--- /dev/null  2018-12-28 10:40:34.08934 -0500
 b/distro/Kconfig   2018-12-28 18:54:40.467970759 -0500
+@@ -0,0 +1,147 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -63,6 +63,7 @@
 +  select NAMESPACES
 +  select IPC_NS
 +  select NET_NS
++  select PID_NS
 +  select SYSVIPC
 +
 +  help
@@ -72,6 +73,7 @@
 +  CGROUPS (required for FEATURES=cgroup)
 +  IPC_NS  (required for FEATURES=ipc-sandbox)
 +  NET_NS  (required for FEATURES=network-sandbox)
++  PID_NS  (required for FEATURES=pid-sandbox)
 +  SYSVIPC (required by IPC_NS)
 +   
 +

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 1a80dfb4f02b0e2adc5b718afbb0f2f6398a4544
Author: Mike Pagano  gentoo  org>
AuthorDate: Fri Sep 28 12:14:34 2018 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Fri Sep 28 12:14:34 2018 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=1a80dfb4

Update of Gentoo distro patch for 4.19

Signed-off-by: Mike Pagano  gentoo.org>

 4567_distro-Gentoo-Kconfig.patch | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index b8a..ec31768 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,12 +1,11 @@
 a/Kconfig  2016-07-01 19:22:17.117439707 -0400
-+++ b/Kconfig  2016-07-01 19:21:54.371440596 -0400
-@@ -8,4 +8,6 @@ config SRCARCH
-   string
-   option env="SRCARCH"
+--- a/Kconfig  2018-09-28 08:08:05.058882080 -0400
 b/Kconfig  2018-09-28 08:09:17.869573745 -0400
+@@ -30,3 +30,5 @@ source "crypto/Kconfig"
+ source "lib/Kconfig"
  
-+source "distro/Kconfig"
+ source "lib/Kconfig.debug"
 +
- source "arch/$SRCARCH/Kconfig"
++source "distro/Kconfig"
 --- /dev/null  2017-03-02 01:55:04.096566155 -0500
 +++ b/distro/Kconfig   2017-03-02 11:12:05.049448255 -0500
 @@ -0,0 +1,145 @@

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: f7517ad4b6d03ae878a0b62a528a33518fc341a9
Author: Mike Pagano  gentoo  org>
AuthorDate: Thu Mar  2 16:16:08 2017 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Thu Mar  2 16:16:08 2017 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f7517ad4

Enable crypto API for systemd as its required for systemd versions >= 233. See 
bug #611368.

 4567_distro-Gentoo-Kconfig.patch | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 4a88040..b8a 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -7,9 +7,9 @@
 +source "distro/Kconfig"
 +
  source "arch/$SRCARCH/Kconfig"
 /dev/null  2017-02-18 04:25:56.900821893 -0500
-+++ b/distro/Kconfig   2017-02-18 10:41:16.512328155 -0500
-@@ -0,0 +1,142 @@
+--- /dev/null  2017-03-02 01:55:04.096566155 -0500
 b/distro/Kconfig   2017-03-02 11:12:05.049448255 -0500
+@@ -0,0 +1,145 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -114,6 +114,9 @@
 +  select BLK_DEV_BSG
 +  select CGROUPS
 +  select CHECKPOINT_RESTORE
++  select CRYPTO_HMAC 
++  select CRYPTO_SHA256
++  select CRYPTO_USER_API_HASH
 +  select DEVPTS_MULTIPLE_INSTANCES
 +  select DMIID if X86_32 || X86_64 || X86
 +  select EPOLL

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 8b5b85e5fc0357bff74af56a05705c732dacf468
Author: Mike Pagano  gentoo  org>
AuthorDate: Sat Feb 18 20:36:37 2017 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sat Feb 18 20:36:37 2017 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=8b5b85e5

For GENTOO_LINUX_INIT_SYSTEMD don't add DMIID for non X86 architectures. See 
bug #609590.

 4567_distro-Gentoo-Kconfig.patch | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index acb0972..4a88040 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -7,8 +7,8 @@
 +source "distro/Kconfig"
 +
  source "arch/$SRCARCH/Kconfig"
 /dev/null  2016-11-15 00:56:18.320838834 -0500
-+++ b/distro/Kconfig   2016-11-16 06:24:29.457357409 -0500
+--- /dev/null  2017-02-18 04:25:56.900821893 -0500
 b/distro/Kconfig   2017-02-18 10:41:16.512328155 -0500
 @@ -0,0 +1,142 @@
 +menu "Gentoo Linux"
 +
@@ -115,7 +115,7 @@
 +  select CGROUPS
 +  select CHECKPOINT_RESTORE
 +  select DEVPTS_MULTIPLE_INSTANCES
-+  select DMIID
++  select DMIID if X86_32 || X86_64 || X86
 +  select EPOLL
 +  select FANOTIFY
 +  select FHANDLE

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 574ae42fb009b569a6054bc3622aad2ffe513195
Author: Mike Pagano  gentoo  org>
AuthorDate: Wed Nov 16 11:35:55 2016 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Wed Nov 16 11:35:55 2016 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=574ae42f

Update gentoo kconfig patch adding CHECKPOINT_RESTORE for 
GENTOO_LINUX_INIT_SYSTEMD. See bug #598623

 4567_distro-Gentoo-Kconfig.patch | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index fd1d23e..acb0972 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -7,9 +7,9 @@
 +source "distro/Kconfig"
 +
  source "arch/$SRCARCH/Kconfig"
 /dev/null  2016-11-06 10:20:15.664515354 -0500
-+++ b/distro/Kconfig   2016-11-06 18:59:57.054530778 -0500
-@@ -0,0 +1,141 @@
+--- /dev/null  2016-11-15 00:56:18.320838834 -0500
 b/distro/Kconfig   2016-11-16 06:24:29.457357409 -0500
+@@ -0,0 +1,142 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -113,6 +113,7 @@
 +  select AUTOFS4_FS
 +  select BLK_DEV_BSG
 +  select CGROUPS
++  select CHECKPOINT_RESTORE
 +  select DEVPTS_MULTIPLE_INSTANCES
 +  select DMIID
 +  select EPOLL

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: da14bde4be4c3f90314798ce7060c73f9b751b2c
Author: Mike Pagano  gentoo  org>
AuthorDate: Mon Nov  7 00:09:04 2016 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Mon Nov  7 00:09:04 2016 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=da14bde4

Update gentoo kconfig patch. See bug #598623

 4567_distro-Gentoo-Kconfig.patch | 25 +
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index cf5a20c..fd1d23e 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,14 +1,15 @@
 a/Kconfig  2016-08-30 14:30:48.508361013 -0400
-+++ b/Kconfig  2016-08-30 14:31:40.718683061 -0400
-@@ -9,3 +9,5 @@ config SRCARCH
+--- a/Kconfig  2016-07-01 19:22:17.117439707 -0400
 b/Kconfig  2016-07-01 19:21:54.371440596 -0400
+@@ -8,4 +8,6 @@ config SRCARCH
+   string
option env="SRCARCH"
  
- source "arch/$SRCARCH/Kconfig"
-+
 +source "distro/Kconfig"
 /dev/null  2016-08-30 01:47:09.760073185 -0400
-+++ b/distro/Kconfig   2016-08-30 14:32:21.378933599 -0400
-@@ -0,0 +1,133 @@
++
+ source "arch/$SRCARCH/Kconfig"
+--- /dev/null  2016-11-06 10:20:15.664515354 -0500
 b/distro/Kconfig   2016-11-06 18:59:57.054530778 -0500
+@@ -0,0 +1,141 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -32,6 +33,7 @@
 +
 +  select DEVTMPFS
 +  select TMPFS
++  select UNIX
 +
 +  select MMU
 +  select SHMEM
@@ -111,16 +113,23 @@
 +  select AUTOFS4_FS
 +  select BLK_DEV_BSG
 +  select CGROUPS
++  select DEVPTS_MULTIPLE_INSTANCES
++  select DMIID
 +  select EPOLL
 +  select FANOTIFY
 +  select FHANDLE
 +  select INOTIFY_USER
++  select IPV6
 +  select NET
 +  select NET_NS
 +  select PROC_FS
++  select SECCOMP
++  select SECCOMP_FILTER
 +  select SIGNALFD
 +  select SYSFS
 +  select TIMERFD
++  select TMPFS_POSIX_ACL
++  select TMPFS_XATTR
 +
 +  select ANON_INODES
 +  select BLOCK

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 4da2db6cd03c4f1a11eaf135241d4d386e56ba2e
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Aug 30 18:42:18 2016 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Aug 30 18:42:18 2016 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=4da2db6c

Update gentoo kconfig patch to remove DEVPTS_MULTIPLE_INSTANCES. See kernel 
upstream commit: eedf265aa003b4781de24cfed40a655a664457e6. Thanks to Ralf 
Ramsauer.

 4567_distro-Gentoo-Kconfig.patch | 18 --
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 499b21f..cf5a20c 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,15 +1,14 @@
 a/Kconfig  2016-07-01 19:22:17.117439707 -0400
-+++ b/Kconfig  2016-07-01 19:21:54.371440596 -0400
-@@ -8,4 +8,6 @@ config SRCARCH
-   string
+--- a/Kconfig  2016-08-30 14:30:48.508361013 -0400
 b/Kconfig  2016-08-30 14:31:40.718683061 -0400
+@@ -9,3 +9,5 @@ config SRCARCH
option env="SRCARCH"
  
-+source "distro/Kconfig"
-+
  source "arch/$SRCARCH/Kconfig"
 /dev/null  2016-07-01 11:23:26.087932647 -0400
-+++ b/distro/Kconfig   2016-07-01 19:32:35.581415519 -0400
-@@ -0,0 +1,134 @@
++
++source "distro/Kconfig"
+--- /dev/null  2016-08-30 01:47:09.760073185 -0400
 b/distro/Kconfig   2016-08-30 14:32:21.378933599 -0400
+@@ -0,0 +1,133 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -112,7 +111,6 @@
 +  select AUTOFS4_FS
 +  select BLK_DEV_BSG
 +  select CGROUPS
-+  select DEVPTS_MULTIPLE_INSTANCES
 +  select EPOLL
 +  select FANOTIFY
 +  select FHANDLE

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 8b5024d2e9ee965de3ead2281ebe2d5507eed38d
Author: Mike Pagano  gentoo  org>
AuthorDate: Fri Jul  1 23:48:15 2016 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Fri Jul  1 23:48:15 2016 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=8b5024d2

Select SYSVIPC when GENTOO_LINUX_PORTAGE is selected. Dependency of IPC_NS. See 
bug #587736.

 4567_distro-Gentoo-Kconfig.patch | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index c7af596..499b21f 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,5 +1,5 @@
 a/Kconfig
-+++ b/Kconfig
+--- a/Kconfig  2016-07-01 19:22:17.117439707 -0400
 b/Kconfig  2016-07-01 19:21:54.371440596 -0400
 @@ -8,4 +8,6 @@ config SRCARCH
string
option env="SRCARCH"
@@ -7,9 +7,9 @@
 +source "distro/Kconfig"
 +
  source "arch/$SRCARCH/Kconfig"
 /dev/null
-+++ b/distro/Kconfig
-@@ -0,0 +1,131 @@
+--- /dev/null  2016-07-01 11:23:26.087932647 -0400
 b/distro/Kconfig   2016-07-01 19:32:35.581415519 -0400
+@@ -0,0 +1,134 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -63,6 +63,7 @@
 +  select NAMESPACES
 +  select IPC_NS
 +  select NET_NS
++  select SYSVIPC
 +
 +  help
 +  This enables options required by various Portage FEATURES.
@@ -71,6 +72,8 @@
 +  CGROUPS (required for FEATURES=cgroup)
 +  IPC_NS  (required for FEATURES=ipc-sandbox)
 +  NET_NS  (required for FEATURES=network-sandbox)
++  SYSVIPC (required by IPC_NS)
++   
 +
 +  It is highly recommended that you leave this enabled as these 
FEATURES
 +  are, or will soon be, enabled by default.

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: c4483f29a0d7562ad4b9e69df37175b5de57c0f3
Author: Mike Pagano  gentoo  org>
AuthorDate: Tue Jun 23 12:55:13 2015 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Tue Jun 23 12:55:13 2015 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=c4483f29

Fix readme

 _README | 72 -
 1 file changed, 72 deletions(-)

diff --git a/_README b/_README
index 0f63559..9018993 100644
--- a/_README
+++ b/_README
@@ -43,78 +43,6 @@ EXPERIMENTAL
 Individual Patch Descriptions:
 --
 
-Patch:  1000_linux-4.0.1.patch
-From:   http://www.kernel.org
-Desc:   Linux 4.0.1
-
-Patch:  1001_linux-4.0.2.patch
-From:   http://www.kernel.org
-Desc:   Linux 4.0.2
-
-Patch:  1002_linux-4.0.3.patch
-From:   http://www.kernel.org
-Desc:   Linux 4.0.3
-
-Patch:  1003_linux-4.0.4.patch
-From:   http://www.kernel.org
-Desc:   Linux 4.0.4
-
-Patch:  1004_linux-4.0.5.patch
-From:   http://www.kernel.org
-Desc:   Linux 4.0.5
-
-Patch:  1500_XATTR_USER_PREFIX.patch
-From:   https://bugs.gentoo.org/show_bug.cgi?id=470644
-Desc:   Support for namespace user.pax.* on tmpfs.
-
-Patch:  1510_fs-enable-link-security-restrictions-by-default.patch
-From:   
http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/
-Desc:   Enable link security restrictions by default.
-
-Patch:  2600_select-REGMAP_IRQ-for-rt5033.patch
-From:   http://git.kernel.org/
-Desc:   mfd: rt5033: MFD_RT5033 needs to select REGMAP_IRQ. See bug #546938.
-
-Patch:  2700_ThinkPad-30-brightness-control-fix.patch
-From:   Seth Forshee 
-Desc:   ACPI: Disable Windows 8 compatibility for some Lenovo ThinkPads.
-
-Patch:  2900_dev-root-proc-mount-fix.patch
-From:   https://bugs.gentoo.org/show_bug.cgi?id=438380
-Desc:   Ensure that /dev/root doesn't appear in /proc/mounts when bootint 
without an initramfs.
-
-Patch:  2905_s2disk-resume-image-fix.patch
-From:   Al Viro  ZenIV.linux.org.uk>
-Desc:   Do not lock when UMH is waiting on current thread spawned by linuxrc. 
(bug #481344)
-
-Patch:  2910_lz4-compression-fix.patch
-From:   https://bugs.gentoo.org/show_bug.cgi?id=546422
-Desc:   Fix for lz4 compression regression. Thanks to Christian Xia. See bug 
#546422.
-
-Patch:  4200_fbcondecor-3.19.patch
-From:   http://www.mepiscommunity.org/fbcondecor
-Desc:   Bootsplash ported by Marco. (Bug #539616)
-
 Patch:  4567_distro-Gentoo-Kconfig.patch
 From:   Tom Wijsman 
 Desc:   Add Gentoo Linux support config settings and defaults.
-
-Patch:  5000_enable-additional-cpu-optimizations-for-gcc.patch
-From:   https://github.com/graysky2/kernel_gcc_patch/
-Desc:   Kernel patch enables gcc < v4.9 optimizations for additional CPUs.
-
-Patch:  5001_block-cgroups-kconfig-build-bits-for-BFQ-v7r7-4.0.patch
-From:   http://algo.ing.unimo.it/people/paolo/disk_sched/
-Desc:   BFQ v7r7 patch 1 for 4.0: Build, cgroups and kconfig bits
-
-Patch:  5002_block-introduce-the-BFQ-v7r7-I-O-sched-for-4.0.patch1
-From:   http://algo.ing.unimo.it/people/paolo/disk_sched/
-Desc:   BFQ v7r7 patch 2 for 4.0: BFQ Scheduler
-
-Patch:  5003_block-bfq-add-Early-Queue-Merge-EQM-to-BFQ-v7r7-for-4.0.0.patch
-From:   http://algo.ing.unimo.it/people/paolo/disk_sched/
-Desc:   BFQ v7r7 patch 3 for 4.0: Early Queue Merge (EQM)
-
-Patch:  5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch
-From:   https://github.com/graysky2/kernel_gcc_patch/
-Desc:   Kernel patch enables gcc >= v4.9 optimizations for additional CPUs.

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 7940d2a9fd1c415d391b9878ef3e6e18294243c8
Author: Mike Pagano  gentoo  org>
AuthorDate: Fri Mar 20 00:23:37 2015 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Fri Mar 20 00:23:37 2015 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=7940d2a9

Update the distro kernel patch to add an option to the Gentoo menu that enables 
CGROUPS for cgroup, IPC_NS for ipc-sandbox, and NET_NS for network-sandbox.

 4567_distro-Gentoo-Kconfig.patch | 39 +++
 1 file changed, 31 insertions(+), 8 deletions(-)

diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
index 652e2a7..c7af596 100644
--- a/4567_distro-Gentoo-Kconfig.patch
+++ b/4567_distro-Gentoo-Kconfig.patch
@@ -1,5 +1,5 @@
 a/Kconfig  2014-04-02 09:45:05.389224541 -0400
-+++ b/Kconfig  2014-04-02 09:45:39.269224273 -0400
+--- a/Kconfig
 b/Kconfig
 @@ -8,4 +8,6 @@ config SRCARCH
string
option env="SRCARCH"
@@ -7,9 +7,9 @@
 +source "distro/Kconfig"
 +
  source "arch/$SRCARCH/Kconfig"
1969-12-31 19:00:00.0 -0500
-+++ b/distro/Kconfig   2014-04-02 09:57:03.539218861 -0400
-@@ -0,0 +1,108 @@
+--- /dev/null
 b/distro/Kconfig
+@@ -0,0 +1,131 @@
 +menu "Gentoo Linux"
 +
 +config GENTOO_LINUX
@@ -30,7 +30,7 @@
 +
 +  depends on GENTOO_LINUX
 +  default y if GENTOO_LINUX
-+  
++
 +  select DEVTMPFS
 +  select TMPFS
 +
@@ -51,7 +51,29 @@
 +  boot process; if not available, it causes sysfs and udev to 
malfunction.
 +
 +  To ensure Gentoo Linux boots, it is best to leave this setting 
enabled;
-+  if you run a custom setup, you could consider whether to 
disable this. 
++  if you run a custom setup, you could consider whether to 
disable this.
++
++config GENTOO_LINUX_PORTAGE
++  bool "Select options required by Portage features"
++
++  depends on GENTOO_LINUX
++  default y if GENTOO_LINUX
++
++  select CGROUPS
++  select NAMESPACES
++  select IPC_NS
++  select NET_NS
++
++  help
++  This enables options required by various Portage FEATURES.
++  Currently this selects:
++
++  CGROUPS (required for FEATURES=cgroup)
++  IPC_NS  (required for FEATURES=ipc-sandbox)
++  NET_NS  (required for FEATURES=network-sandbox)
++
++  It is highly recommended that you leave this enabled as these 
FEATURES
++  are, or will soon be, enabled by default.
 +
 +menu "Support for init systems, system and service managers"
 +  visible if GENTOO_LINUX
@@ -87,12 +109,13 @@
 +  select AUTOFS4_FS
 +  select BLK_DEV_BSG
 +  select CGROUPS
++  select DEVPTS_MULTIPLE_INSTANCES
 +  select EPOLL
 +  select FANOTIFY
 +  select FHANDLE
 +  select INOTIFY_USER
 +  select NET
-+  select NET_NS 
++  select NET_NS
 +  select PROC_FS
 +  select SIGNALFD
 +  select SYSFS

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 58e7c3a053a0e6b0a9836db809f579db10b9f883
Author: Mike Pagano  gentoo  org>
AuthorDate: Sun May 17 15:54:56 2015 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sun May 17 15:54:56 2015 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=58e7c3a0

Linux patch 4.0.4

 _README|4 +
 1003_linux-4.0.4.patch | 2713 
 2 files changed, 2717 insertions(+)

diff --git a/_README b/_README
index b11f028..3bcb0f8 100644
--- a/_README
+++ b/_README
@@ -55,6 +55,10 @@ Patch:  1002_linux-4.0.3.patch
 From:   http://www.kernel.org
 Desc:   Linux 4.0.3
 
+Patch:  1003_linux-4.0.4.patch
+From:   http://www.kernel.org
+Desc:   Linux 4.0.4
+
 Patch:  1500_XATTR_USER_PREFIX.patch
 From:   https://bugs.gentoo.org/show_bug.cgi?id=470644
 Desc:   Support for namespace user.pax.* on tmpfs.

diff --git a/1003_linux-4.0.4.patch b/1003_linux-4.0.4.patch
new file mode 100644
index 000..e5c793a
--- /dev/null
+++ b/1003_linux-4.0.4.patch
@@ -0,0 +1,2713 @@
+diff --git a/Documentation/devicetree/bindings/dma/fsl-mxs-dma.txt 
b/Documentation/devicetree/bindings/dma/fsl-mxs-dma.txt
+index a4873e5e3e36..e30e184f50c7 100644
+--- a/Documentation/devicetree/bindings/dma/fsl-mxs-dma.txt
 b/Documentation/devicetree/bindings/dma/fsl-mxs-dma.txt
+@@ -38,7 +38,7 @@ dma_apbx: dma-apbx@80024000 {
+ 80 81 68 69
+ 70 71 72 73
+ 74 75 76 77>;
+-  interrupt-names = "auart4-rx", "aurat4-tx", "spdif-tx", "empty",
++  interrupt-names = "auart4-rx", "auart4-tx", "spdif-tx", "empty",
+ "saif0", "saif1", "i2c0", "i2c1",
+ "auart0-rx", "auart0-tx", "auart1-rx", "auart1-tx",
+ "auart2-rx", "auart2-tx", "auart3-rx", "auart3-tx";
+diff --git a/Makefile b/Makefile
+index dc9f43a019d6..3d16bcc87585 100644
+--- a/Makefile
 b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 0
+-SUBLEVEL = 3
++SUBLEVEL = 4
+ EXTRAVERSION =
+ NAME = Hurr durr I'ma sheep
+ 
+diff --git a/arch/arm/boot/dts/armada-xp-openblocks-ax3-4.dts 
b/arch/arm/boot/dts/armada-xp-openblocks-ax3-4.dts
+index 0c76d9f05fd0..f4838ebd918b 100644
+--- a/arch/arm/boot/dts/armada-xp-openblocks-ax3-4.dts
 b/arch/arm/boot/dts/armada-xp-openblocks-ax3-4.dts
+@@ -105,6 +105,10 @@
+   };
+ 
+   internal-regs {
++  rtc@10300 {
++  /* No crystal connected to the internal RTC */
++  status = "disabled";
++  };
+   serial@12000 {
+   status = "okay";
+   };
+diff --git a/arch/arm/boot/dts/imx23-olinuxino.dts 
b/arch/arm/boot/dts/imx23-olinuxino.dts
+index 7e6eef2488e8..82045398bf1f 100644
+--- a/arch/arm/boot/dts/imx23-olinuxino.dts
 b/arch/arm/boot/dts/imx23-olinuxino.dts
+@@ -12,6 +12,7 @@
+  */
+ 
+ /dts-v1/;
++#include 
+ #include "imx23.dtsi"
+ 
+ / {
+@@ -93,6 +94,7 @@
+ 
+   ahb@8008 {
+   usb0: usb@8008 {
++  dr_mode = "host";
+   vbus-supply = <®_usb0_vbus>;
+   status = "okay";
+   };
+@@ -122,7 +124,7 @@
+ 
+   user {
+   label = "green";
+-  gpios = <&gpio2 1 1>;
++  gpios = <&gpio2 1 GPIO_ACTIVE_HIGH>;
+   };
+   };
+ };
+diff --git a/arch/arm/boot/dts/imx25.dtsi b/arch/arm/boot/dts/imx25.dtsi
+index e4d3aecc4ed2..677f81d9dcd5 100644
+--- a/arch/arm/boot/dts/imx25.dtsi
 b/arch/arm/boot/dts/imx25.dtsi
+@@ -428,6 +428,7 @@
+ 
+   pwm4: pwm@53fc8000 {
+   compatible = "fsl,imx25-pwm", "fsl,imx27-pwm";
++  #pwm-cells = <2>;
+   reg = <0x53fc8000 0x4000>;
+   clocks = <&clks 108>, <&clks 52>;
+   clock-names = "ipg", "per";
+diff --git a/arch/arm/boot/dts/imx28.dtsi b/arch/arm/boot/dts/imx28.dtsi
+index 47f68ac868d4..5ed245a3f9ac 100644
+--- a/arch/arm/boot/dts/imx28.dtsi
 b/arch/arm/boot/dts/imx28.dtsi
+@@ -900,7 +900,7 @@
+ 80 81 68 69
+ 70 71 72 73
+ 74 75 76 77>;
+-  interrupt-names = "auart4-rx", "aurat4-tx", 
"spdif-tx", "empty",
++  interrupt-names = "auart4-rx", "auart4-tx", 
"spdif-tx", "empty",
+ "saif0", "saif1", "i2c0", 
"i2c1",
+ "auart0-rx", "auart0-tx", 
"auart1-rx", "auart1-tx",
+ "auart2-rx", "auart2-tx", 
"auart3-rx", "auart3-tx";
+diff --git a/

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: b5c2b5b2947190cece9bf6218aa9dca795670288
Author: Mike Pagano  gentoo  org>
AuthorDate: Wed Apr 29 13:35:22 2015 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Wed Apr 29 13:35:22 2015 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=b5c2b5b2

Linux patch 4.0.1

 _README|   4 +
 1000_linux-4.0.1.patch | 479 +
 2 files changed, 483 insertions(+)

diff --git a/_README b/_README
index 0cdee6d..483ca42 100644
--- a/_README
+++ b/_README
@@ -43,6 +43,10 @@ EXPERIMENTAL
 Individual Patch Descriptions:
 --
 
+Patch:  1000_linux-4.0.1.patch
+From:   http://www.kernel.org
+Desc:   Linux 4.0.1
+
 Patch:  1500_XATTR_USER_PREFIX.patch
 From:   https://bugs.gentoo.org/show_bug.cgi?id=470644
 Desc:   Support for namespace user.pax.* on tmpfs.

diff --git a/1000_linux-4.0.1.patch b/1000_linux-4.0.1.patch
new file mode 100644
index 000..ac58552
--- /dev/null
+++ b/1000_linux-4.0.1.patch
@@ -0,0 +1,479 @@
+diff --git a/Makefile b/Makefile
+index fbd43bfe4445..f499cd2f5738 100644
+--- a/Makefile
 b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 0
+-SUBLEVEL = 0
++SUBLEVEL = 1
+ EXTRAVERSION =
+ NAME = Hurr durr I'ma sheep
+ 
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h 
b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
+index 4085c4b31047..355d5fea5be9 100644
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
 b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
+@@ -531,20 +531,8 @@ struct bnx2x_fastpath {
+   struct napi_struct  napi;
+ 
+ #ifdef CONFIG_NET_RX_BUSY_POLL
+-  unsigned int state;
+-#define BNX2X_FP_STATE_IDLE 0
+-#define BNX2X_FP_STATE_NAPI   (1 << 0)/* NAPI owns this FP */
+-#define BNX2X_FP_STATE_POLL   (1 << 1)/* poll owns this FP */
+-#define BNX2X_FP_STATE_DISABLED   (1 << 2)
+-#define BNX2X_FP_STATE_NAPI_YIELD (1 << 3)/* NAPI yielded this FP */
+-#define BNX2X_FP_STATE_POLL_YIELD (1 << 4)/* poll yielded this FP */
+-#define BNX2X_FP_OWNED(BNX2X_FP_STATE_NAPI | BNX2X_FP_STATE_POLL)
+-#define BNX2X_FP_YIELD(BNX2X_FP_STATE_NAPI_YIELD | 
BNX2X_FP_STATE_POLL_YIELD)
+-#define BNX2X_FP_LOCKED   (BNX2X_FP_OWNED | BNX2X_FP_STATE_DISABLED)
+-#define BNX2X_FP_USER_PEND (BNX2X_FP_STATE_POLL | BNX2X_FP_STATE_POLL_YIELD)
+-  /* protect state */
+-  spinlock_t lock;
+-#endif /* CONFIG_NET_RX_BUSY_POLL */
++  unsigned long   busy_poll_state;
++#endif
+ 
+   union host_hc_status_block  status_blk;
+   /* chip independent shortcuts into sb structure */
+@@ -619,104 +607,83 @@ struct bnx2x_fastpath {
+ #define bnx2x_fp_qstats(bp, fp)   
(&((bp)->fp_stats[(fp)->index].eth_q_stats))
+ 
+ #ifdef CONFIG_NET_RX_BUSY_POLL
+-static inline void bnx2x_fp_init_lock(struct bnx2x_fastpath *fp)
++
++enum bnx2x_fp_state {
++  BNX2X_STATE_FP_NAPI = BIT(0), /* NAPI handler owns the queue */
++
++  BNX2X_STATE_FP_NAPI_REQ_BIT = 1, /* NAPI would like to own the queue */
++  BNX2X_STATE_FP_NAPI_REQ = BIT(1),
++
++  BNX2X_STATE_FP_POLL_BIT = 2,
++  BNX2X_STATE_FP_POLL = BIT(2), /* busy_poll owns the queue */
++
++  BNX2X_STATE_FP_DISABLE_BIT = 3, /* queue is dismantled */
++};
++
++static inline void bnx2x_fp_busy_poll_init(struct bnx2x_fastpath *fp)
+ {
+-  spin_lock_init(&fp->lock);
+-  fp->state = BNX2X_FP_STATE_IDLE;
++  WRITE_ONCE(fp->busy_poll_state, 0);
+ }
+ 
+ /* called from the device poll routine to get ownership of a FP */
+ static inline bool bnx2x_fp_lock_napi(struct bnx2x_fastpath *fp)
+ {
+-  bool rc = true;
+-
+-  spin_lock_bh(&fp->lock);
+-  if (fp->state & BNX2X_FP_LOCKED) {
+-  WARN_ON(fp->state & BNX2X_FP_STATE_NAPI);
+-  fp->state |= BNX2X_FP_STATE_NAPI_YIELD;
+-  rc = false;
+-  } else {
+-  /* we don't care if someone yielded */
+-  fp->state = BNX2X_FP_STATE_NAPI;
++  unsigned long prev, old = READ_ONCE(fp->busy_poll_state);
++
++  while (1) {
++  switch (old) {
++  case BNX2X_STATE_FP_POLL:
++  /* make sure bnx2x_fp_lock_poll() wont starve us */
++  set_bit(BNX2X_STATE_FP_NAPI_REQ_BIT,
++  &fp->busy_poll_state);
++  /* fallthrough */
++  case BNX2X_STATE_FP_POLL | BNX2X_STATE_FP_NAPI_REQ:
++  return false;
++  default:
++  break;
++  }
++  prev = cmpxchg(&fp->busy_poll_state, old, BNX2X_STATE_FP_NAPI);
++  if (unlikely(prev != old)) {
++  old = prev;
++  continue;
++  }
++  return true;
+   }
+-  spin_unlock_bh(&fp->lock);
+-  return rc;
+ }
+ 
+-/* r

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: f2dffc7244ec86ad41fde2ee164a4082c974ade5
Author: Mike Pagano  gentoo  org>
AuthorDate: Mon Apr 27 17:56:11 2015 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Mon Apr 27 17:56:11 2015 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f2dffc72

Patch to select REGMAP_IRQ for rt5033 mfd driver. See bug #546938.

 _README |  6 +-
 2600_select-REGMAP_IRQ-for-rt5033.patch | 30 ++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/_README b/_README
index ca06e06..0cdee6d 100644
--- a/_README
+++ b/_README
@@ -49,7 +49,11 @@ Desc:   Support for namespace user.pax.* on tmpfs.
 
 Patch:  1510_fs-enable-link-security-restrictions-by-default.patch
 From:   
http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/
-Desc:   Enable link security restrictions by default
+Desc:   Enable link security restrictions by default.
+
+Patch:  2600_select-REGMAP_IRQ-for-rt5033.patch
+From:   http://git.kernel.org/
+Desc:   mfd: rt5033: MFD_RT5033 needs to select REGMAP_IRQ. See bug #546938.
 
 Patch:  2700_ThinkPad-30-brightness-control-fix.patch
 From:   Seth Forshee 

diff --git a/2600_select-REGMAP_IRQ-for-rt5033.patch 
b/2600_select-REGMAP_IRQ-for-rt5033.patch
new file mode 100644
index 000..92fb2e0
--- /dev/null
+++ b/2600_select-REGMAP_IRQ-for-rt5033.patch
@@ -0,0 +1,30 @@
+From 23a2a22a3f3f17de094f386a893f7047c10e44a0 Mon Sep 17 00:00:00 2001
+From: Artem Savkov 
+Date: Thu, 5 Mar 2015 12:42:27 +0100
+Subject: mfd: rt5033: MFD_RT5033 needs to select REGMAP_IRQ
+
+Since commit 0b2712585(linux-next.git) this driver uses regmap_irq and so needs
+to select REGMAP_IRQ.
+
+This fixes the following compilation errors:
+ERROR: "regmap_irq_get_domain" [drivers/mfd/rt5033.ko] undefined!
+ERROR: "regmap_add_irq_chip" [drivers/mfd/rt5033.ko] undefined!
+
+Signed-off-by: Artem Savkov 
+Signed-off-by: Lee Jones 
+
+diff --git a/drivers/mfd/Kconfig b/drivers/mfd/Kconfig
+index f8ef77d9a..f49f404 100644
+--- a/drivers/mfd/Kconfig
 b/drivers/mfd/Kconfig
+@@ -680,6 +680,7 @@ config MFD_RT5033
+   depends on I2C=y
+   select MFD_CORE
+   select REGMAP_I2C
++  select REGMAP_IRQ
+   help
+ This driver provides for the Richtek RT5033 Power Management IC,
+ which includes the I2C driver and the Core APIs. This driver provides
+-- 
+cgit v0.10.2
+

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 18f6a4706fd8339bf905e5a36d5fcff525915340
Author: Mike Pagano  gentoo  org>
AuthorDate: Sat Mar 21 20:00:01 2015 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sat Mar 21 20:00:01 2015 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=18f6a470

Update gcc >= 4.9 optimization patch. See bug #544028.

 ...-additional-cpu-optimizations-for-gcc-4.9.patch | 67 +-
 1 file changed, 41 insertions(+), 26 deletions(-)

diff --git a/5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch 
b/5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch
index f931f75..c4efd06 100644
--- a/5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch
+++ b/5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch
@@ -18,13 +18,14 @@ should use the newer 'march=bonnell' flag for atom 
processors.
 I have made that change to this patch set as well.  See the following kernel
 bug report to see if I'm right: 
https://bugzilla.kernel.org/show_bug.cgi?id=77461
 
-This patch will expand the number of microarchitectures to include new
+This patch will expand the number of microarchitectures to include newer
 processors including: AMD K10-family, AMD Family 10h (Barcelona), AMD Family
 14h (Bobcat), AMD Family 15h (Bulldozer), AMD Family 15h (Piledriver), AMD
 Family 16h (Jaguar), Intel 1st Gen Core i3/i5/i7 (Nehalem), Intel 1.5 Gen Core
 i3/i5/i7 (Westmere), Intel 2nd Gen Core i3/i5/i7 (Sandybridge), Intel 3rd Gen
-Core i3/i5/i7 (Ivybridge), Intel 4th Gen Core i3/i5/i7 (Haswell), and Intel 5th
-Gen Core i3/i5/i7 (Broadwell). It also offers the compiler the 'native' flag.
+Core i3/i5/i7 (Ivybridge), Intel 4th Gen Core i3/i5/i7 (Haswell), Intel 5th
+Gen Core i3/i5/i7 (Broadwell), and the low power Silvermont series of Atom
+processors (Silvermont). It also offers the compiler the 'native' flag.
 
 Small but real speed increases are measurable using a make endpoint comparing
 a generic kernel to one built with one of the respective microarchs.
@@ -36,9 +37,9 @@ REQUIREMENTS
 linux version >=3.15
 gcc version >=4.9
 
 a/arch/x86/include/asm/module.h2014-08-03 18:25:02.0 -0400
-+++ b/arch/x86/include/asm/module.h2014-09-13 09:37:16.721385247 -0400
-@@ -15,6 +15,20 @@
+--- a/arch/x86/include/asm/module.h2014-06-16 16:44:27.0 -0400
 b/arch/x86/include/asm/module.h2015-03-07 03:27:32.556672424 -0500
+@@ -15,6 +15,22 @@
  #define MODULE_PROC_FAMILY "586MMX "
  #elif defined CONFIG_MCORE2
  #define MODULE_PROC_FAMILY "CORE2 "
@@ -48,6 +49,8 @@ gcc version >=4.9
 +#define MODULE_PROC_FAMILY "NEHALEM "
 +#elif defined CONFIG_MWESTMERE
 +#define MODULE_PROC_FAMILY "WESTMERE "
++#elif defined CONFIG_MSILVERMONT
++#define MODULE_PROC_FAMILY "SILVERMONT "
 +#elif defined CONFIG_MSANDYBRIDGE
 +#define MODULE_PROC_FAMILY "SANDYBRIDGE "
 +#elif defined CONFIG_MIVYBRIDGE
@@ -59,7 +62,7 @@ gcc version >=4.9
  #elif defined CONFIG_MATOM
  #define MODULE_PROC_FAMILY "ATOM "
  #elif defined CONFIG_M686
-@@ -33,6 +47,20 @@
+@@ -33,6 +49,20 @@
  #define MODULE_PROC_FAMILY "K7 "
  #elif defined CONFIG_MK8
  #define MODULE_PROC_FAMILY "K8 "
@@ -80,8 +83,8 @@ gcc version >=4.9
  #elif defined CONFIG_MELAN
  #define MODULE_PROC_FAMILY "ELAN "
  #elif defined CONFIG_MCRUSOE
 a/arch/x86/Kconfig.cpu 2014-08-03 18:25:02.0 -0400
-+++ b/arch/x86/Kconfig.cpu 2014-09-13 09:37:16.721385247 -0400
+--- a/arch/x86/Kconfig.cpu 2014-06-16 16:44:27.0 -0400
 b/arch/x86/Kconfig.cpu 2015-03-07 03:32:14.337713226 -0500
 @@ -137,9 +137,8 @@ config MPENTIUM4
-Paxville
-Dempsey
@@ -185,7 +188,7 @@ gcc version >=4.9
---help---
  
  Select this for Intel Core 2 and newer Core 2 Xeons (Xeon 51xx and
-@@ -260,14 +318,55 @@ config MCORE2
+@@ -260,14 +318,63 @@ config MCORE2
  family in /proc/cpuinfo. Newer ones have 6 and older ones 15
  (not a typo)
  
@@ -213,6 +216,14 @@ gcc version >=4.9
 +
 +Enables -march=westmere
 +
++config MSILVERMONT
++  bool "Intel Silvermont"
++  ---help---
++
++Select this for the Intel Silvermont platform.
++
++Enables -march=silvermont
++
 +config MSANDYBRIDGE
 +  bool "Intel Sandy Bridge"
 +  ---help---
@@ -247,7 +258,7 @@ gcc version >=4.9
  
  config GENERIC_CPU
bool "Generic-x86-64"
-@@ -276,6 +375,19 @@ config GENERIC_CPU
+@@ -276,6 +383,19 @@ config GENERIC_CPU
  Generic x86-64 CPU.
  Run equally well on all x86-64 CPUs.
  
@@ -267,53 +278,53 @@ gcc version >=4.9
  endchoice
  
  config X86_GENERIC
-@@ -300,7 +412,7 @@ config X86_INTERNODE_CACHE_SHIFT
+@@ -300,7 +420,7 @@ config X86_INTERNODE_CACHE_SHIFT
  config X86_L1_CACHE_SHIFT
int
default "7" if MPENTIUM4 || MPSC
 -  default "6" if MK7 || MK8 || MPENTIUMM || MCORE2 || MATOM || MVIAC7 || 
X86_GENERIC || GENERIC_CPU
-+  default "6" if MK7 || MK8 || MK8SSE3 || MK10 || MBARCELONA || MBOBCAT 
|| MBUL

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: 3c00c4432f861528e758a67ed7421c676afdbe8e
Author: Mike Pagano  gentoo  org>
AuthorDate: Thu May 14 12:22:54 2015 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Thu May 14 12:22:54 2015 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3c00c443

Linux patch 4.0.3

 _README|4 +
 1002_linux-4.0.3.patch | 2827 
 2 files changed, 2831 insertions(+)

diff --git a/_README b/_README
index 4fdafa3..b11f028 100644
--- a/_README
+++ b/_README
@@ -51,6 +51,10 @@ Patch:  1001_linux-4.0.2.patch
 From:   http://www.kernel.org
 Desc:   Linux 4.0.2
 
+Patch:  1002_linux-4.0.3.patch
+From:   http://www.kernel.org
+Desc:   Linux 4.0.3
+
 Patch:  1500_XATTR_USER_PREFIX.patch
 From:   https://bugs.gentoo.org/show_bug.cgi?id=470644
 Desc:   Support for namespace user.pax.* on tmpfs.

diff --git a/1002_linux-4.0.3.patch b/1002_linux-4.0.3.patch
new file mode 100644
index 000..d137bf2
--- /dev/null
+++ b/1002_linux-4.0.3.patch
@@ -0,0 +1,2827 @@
+diff --git a/Documentation/kernel-parameters.txt 
b/Documentation/kernel-parameters.txt
+index bfcb1a62a7b4..4d68ec841304 100644
+--- a/Documentation/kernel-parameters.txt
 b/Documentation/kernel-parameters.txt
+@@ -3746,6 +3746,8 @@ bytes respectively. Such letter suffixes can also be 
entirely omitted.
+   READ_CAPACITY_16 command);
+   f = NO_REPORT_OPCODES (don't use report opcodes
+   command, uas only);
++  g = MAX_SECTORS_240 (don't transfer more than
++  240 sectors at a time, uas only);
+   h = CAPACITY_HEURISTICS (decrease the
+   reported device capacity by one
+   sector if the number is odd);
+diff --git a/Makefile b/Makefile
+index 0649a6011a76..dc9f43a019d6 100644
+--- a/Makefile
 b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 0
+-SUBLEVEL = 2
++SUBLEVEL = 3
+ EXTRAVERSION =
+ NAME = Hurr durr I'ma sheep
+ 
+diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
+index ef7d112f5ce0..b0bd4e5fd5cf 100644
+--- a/arch/arm64/mm/dma-mapping.c
 b/arch/arm64/mm/dma-mapping.c
+@@ -67,8 +67,7 @@ static void *__alloc_from_pool(size_t size, struct page 
**ret_page, gfp_t flags)
+ 
+   *ret_page = phys_to_page(phys);
+   ptr = (void *)val;
+-  if (flags & __GFP_ZERO)
+-  memset(ptr, 0, size);
++  memset(ptr, 0, size);
+   }
+ 
+   return ptr;
+@@ -105,7 +104,6 @@ static void *__dma_alloc_coherent(struct device *dev, 
size_t size,
+   struct page *page;
+   void *addr;
+ 
+-  size = PAGE_ALIGN(size);
+   page = dma_alloc_from_contiguous(dev, size >> PAGE_SHIFT,
+   get_order(size));
+   if (!page)
+@@ -113,8 +111,7 @@ static void *__dma_alloc_coherent(struct device *dev, 
size_t size,
+ 
+   *dma_handle = phys_to_dma(dev, page_to_phys(page));
+   addr = page_address(page);
+-  if (flags & __GFP_ZERO)
+-  memset(addr, 0, size);
++  memset(addr, 0, size);
+   return addr;
+   } else {
+   return swiotlb_alloc_coherent(dev, size, dma_handle, flags);
+@@ -195,6 +192,8 @@ static void __dma_free(struct device *dev, size_t size,
+ {
+   void *swiotlb_addr = phys_to_virt(dma_to_phys(dev, dma_handle));
+ 
++  size = PAGE_ALIGN(size);
++
+   if (!is_device_dma_coherent(dev)) {
+   if (__free_from_pool(vaddr, size))
+   return;
+diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
+index c7a16904cd03..1a313c468d65 100644
+--- a/arch/mips/Kconfig
 b/arch/mips/Kconfig
+@@ -2072,7 +2072,7 @@ config MIPSR2_TO_R6_EMULATOR
+   help
+ Choose this option if you want to run non-R6 MIPS userland code.
+ Even if you say 'Y' here, the emulator will still be disabled by
+-default. You can enable it using the 'mipsr2emul' kernel option.
++default. You can enable it using the 'mipsr2emu' kernel option.
+ The only reason this is a build-time option is to save ~14K from the
+ final kernel image.
+ comment "MIPS R2-to-R6 emulator is only available for UP kernels"
+@@ -2142,7 +2142,7 @@ config MIPS_CMP
+ 
+ config MIPS_CPS
+   bool "MIPS Coherent Processing System support"
+-  depends on SYS_SUPPORTS_MIPS_CPS
++  depends on SYS_SUPPORTS_MIPS_CPS && !64BIT
+   select MIPS_CM
+   select MIPS_CPC
+   select MIPS_CPS_PM if HOTPLUG_CPU
+diff --git a/arch/mips/Makefile b/arch/mips/Makefile
+index 8f57fc72d62c..1b4dab1e6ab8 100644
+--- a/arch/mips/Makefile
 b/arch/mips/Makefile
+@@ -197,

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: aca5f6281d96053a892f47fb707516f7df7d56a9
Author: Mike Pagano  gentoo  org>
AuthorDate: Wed Mar 18 23:16:43 2015 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Wed Mar 18 23:16:43 2015 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=aca5f628

Patch to enable link security restrictions by default. Patch to disable Windows 
8 compatibility for some Lenovo ThinkPads.  Patch to ensure that /dev/root 
doesn't appear in /proc/mounts when bootint without an initramfs.  Path to not 
not lock when UMH is waiting on current thread spawned by linuxrc. (bug 
#481344) fbcondecor bootsplash patch.  Add Gentoo Linux support config settings 
and defaults.  Kernel patch that enables gcc < v4.9 optimizations for 
additional CPUs.  Kernel patch enables gcc >= v4.9 optimizations for additional 
CPUs.

 _README|   28 +
 ...ble-link-security-restrictions-by-default.patch |   22 +
 2700_ThinkPad-30-brightness-control-fix.patch  |   67 +
 2900_dev-root-proc-mount-fix.patch |   30 +
 2905_2disk-resume-image-fix.patch  |   24 +
 4200_fbcondecor-3.19.patch | 2119 
 ...able-additional-cpu-optimizations-for-gcc.patch |  327 +++
 ...-additional-cpu-optimizations-for-gcc-4.9.patch |  387 
 8 files changed, 3004 insertions(+)

diff --git a/_README b/_README
index 36c2b96..ca06e06 100644
--- a/_README
+++ b/_README
@@ -47,6 +47,34 @@ Patch:  1500_XATTR_USER_PREFIX.patch
 From:   https://bugs.gentoo.org/show_bug.cgi?id=470644
 Desc:   Support for namespace user.pax.* on tmpfs.
 
+Patch:  1510_fs-enable-link-security-restrictions-by-default.patch
+From:   
http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/
+Desc:   Enable link security restrictions by default
+
+Patch:  2700_ThinkPad-30-brightness-control-fix.patch
+From:   Seth Forshee 
+Desc:   ACPI: Disable Windows 8 compatibility for some Lenovo ThinkPads.
+
+Patch:  2900_dev-root-proc-mount-fix.patch
+From:   https://bugs.gentoo.org/show_bug.cgi?id=438380
+Desc:   Ensure that /dev/root doesn't appear in /proc/mounts when bootint 
without an initramfs.
+
+Patch:  2905_s2disk-resume-image-fix.patch
+From:   Al Viro  ZenIV.linux.org.uk>
+Desc:   Do not lock when UMH is waiting on current thread spawned by linuxrc. 
(bug #481344)
+
+Patch:  4200_fbcondecor-3.19.patch
+From:   http://www.mepiscommunity.org/fbcondecor
+Desc:   Bootsplash ported by Marco. (Bug #539616)
+
 Patch:  4567_distro-Gentoo-Kconfig.patch
 From:   Tom Wijsman 
 Desc:   Add Gentoo Linux support config settings and defaults.
+
+Patch:  5000_enable-additional-cpu-optimizations-for-gcc.patch
+From:   https://github.com/graysky2/kernel_gcc_patch/
+Desc:   Kernel patch enables gcc < v4.9 optimizations for additional CPUs.
+
+Patch:  5010_enable-additional-cpu-optimizations-for-gcc-4.9.patch
+From:   https://github.com/graysky2/kernel_gcc_patch/
+Desc:   Kernel patch enables gcc >= v4.9 optimizations for additional CPUs.

diff --git a/1510_fs-enable-link-security-restrictions-by-default.patch 
b/1510_fs-enable-link-security-restrictions-by-default.patch
new file mode 100644
index 000..639fb3c
--- /dev/null
+++ b/1510_fs-enable-link-security-restrictions-by-default.patch
@@ -0,0 +1,22 @@
+From: Ben Hutchings 
+Subject: fs: Enable link security restrictions by default
+Date: Fri, 02 Nov 2012 05:32:06 +
+Bug-Debian: https://bugs.debian.org/609455
+Forwarded: not-needed
+
+This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
+('VFS: don't do protected {sym,hard}links by default').
+
+--- a/fs/namei.c
 b/fs/namei.c
+@@ -651,8 +651,8 @@ static inline void put_link(struct namei
+   path_put(link);
+ }
+ 
+-int sysctl_protected_symlinks __read_mostly = 0;
+-int sysctl_protected_hardlinks __read_mostly = 0;
++int sysctl_protected_symlinks __read_mostly = 1;
++int sysctl_protected_hardlinks __read_mostly = 1;
+ 
+ /**
+  * may_follow_link - Check symlink following for unsafe situations

diff --git a/2700_ThinkPad-30-brightness-control-fix.patch 
b/2700_ThinkPad-30-brightness-control-fix.patch
new file mode 100644
index 000..b548c6d
--- /dev/null
+++ b/2700_ThinkPad-30-brightness-control-fix.patch
@@ -0,0 +1,67 @@
+diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c
+index cb96296..6c242ed 100644
+--- a/drivers/acpi/blacklist.c
 b/drivers/acpi/blacklist.c
+@@ -269,6 +276,61 @@  static struct dmi_system_id acpi_osi_dmi_table[] 
__initdata = {
+   },
+ 
+   /*
++   * The following Lenovo models have a broken workaround in the
++   * acpi_video backlight implementation to meet the Windows 8
++   * requirement of 101 backlight levels. Reverting to pre-Win8
++   * behavior fixes the problem.
++   */
++  {
++  .callback = dmi_disable_osi_win8,
++  .ident = "Lenovo ThinkPad L430",
++  .m

[gentoo-commits] proj/linux-patches:master commit in: /

[Mike Pagano]

commit: a7f93abca481c4afc0d6e0c515d41f2c4aef9e41
Author: Mike Pagano  gentoo  org>
AuthorDate: Sun May  3 19:54:53 2015 +
Commit: Mike Pagano  gentoo  org>
CommitDate: Sun May  3 19:54:53 2015 +
URL:https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=a7f93abc

Fix for lz4 compression. Thanks to Christian Xia. See bug #546422.

 _README|  4 
 2910_lz4-compression-fix.patch | 30 ++
 2 files changed, 34 insertions(+)

diff --git a/_README b/_README
index bcce967..f51d299 100644
--- a/_README
+++ b/_README
@@ -71,6 +71,10 @@ Patch:  2905_s2disk-resume-image-fix.patch
 From:   Al Viro  ZenIV.linux.org.uk>
 Desc:   Do not lock when UMH is waiting on current thread spawned by linuxrc. 
(bug #481344)
 
+Patch:  2910_lz4-compression-fix.patch
+From:   https://bugs.gentoo.org/show_bug.cgi?id=546422
+Desc:   Fix for lz4 compression regression. Thanks to Christian Xia. See bug 
#546422.
+
 Patch:  4200_fbcondecor-3.19.patch
 From:   http://www.mepiscommunity.org/fbcondecor
 Desc:   Bootsplash ported by Marco. (Bug #539616)

diff --git a/2910_lz4-compression-fix.patch b/2910_lz4-compression-fix.patch
new file mode 100644
index 000..1c55f32
--- /dev/null
+++ b/2910_lz4-compression-fix.patch
@@ -0,0 +1,30 @@
+--- a/lib/lz4/lz4_decompress.c 2015-04-13 16:20:04.896315560 +0800
 b/lib/lz4/lz4_decompress.c 2015-04-13 16:27:08.929317053 +0800
+@@ -139,8 +139,12 @@
+   /* Error: request to write beyond destination buffer */
+   if (cpy > oend)
+   goto _output_error;
++#if LZ4_ARCH64
++  if ((ref + COPYLENGTH) > oend)
++#else
+   if ((ref + COPYLENGTH) > oend ||
+   (op + COPYLENGTH) > oend)
++#endif
+   goto _output_error;
+   LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
+   while (op < cpy)
+@@ -270,7 +274,13 @@
+   if (cpy > oend - COPYLENGTH) {
+   if (cpy > oend)
+   goto _output_error; /* write outside of buf */
+-
++#if LZ4_ARCH64
++  if ((ref + COPYLENGTH) > oend)
++#else
++  if ((ref + COPYLENGTH) > oend ||
++  (op + COPYLENGTH) > oend)
++#endif
++  goto _output_error;
+   LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
+   while (op < cpy)
+   *op++ = *ref++;

[gentoo-commits] proj/linux-patches:master commit in: /

[Anthony G. Basile]

commit: 7c6175afc50eb106b1dbb9712e638fe2cf976c85
Author: Anthony G. Basile  gentoo  org>
AuthorDate: Tue Oct  7 01:40:44 2014 +
Commit: Anthony G. Basile  gentoo  org>
CommitDate: Tue Oct  7 01:41:07 2014 +
URL:
http://sources.gentoo.org/gitweb/?p=proj/linux-patches.git;a=commit;h=7c6175af

Add patch to support namespace user.pax.* on tmpfs, bug #470644

This patch is needed on all Gentoo to preserve end-to-end support
of PaX flags held in the extended attribute namespace user.pax.*
Even non-hardened Gentoo users need this in case they switch from
a gentoo-sources kernel to hardened.  With the XATTR_PAX markings
already in place, they do not need to remake the PaX flags on all
their ELF objects because it will already be done.

---
 _README  |  4 
 1500_XATTR_USER_PREFIX.patch | 54 
 2 files changed, 58 insertions(+)

diff --git a/_README b/_README
index 9018993..36c2b96 100644
--- a/_README
+++ b/_README
@@ -43,6 +43,10 @@ EXPERIMENTAL
 Individual Patch Descriptions:
 --
 
+Patch:  1500_XATTR_USER_PREFIX.patch
+From:   https://bugs.gentoo.org/show_bug.cgi?id=470644
+Desc:   Support for namespace user.pax.* on tmpfs.
+
 Patch:  4567_distro-Gentoo-Kconfig.patch
 From:   Tom Wijsman 
 Desc:   Add Gentoo Linux support config settings and defaults.

diff --git a/1500_XATTR_USER_PREFIX.patch b/1500_XATTR_USER_PREFIX.patch
new file mode 100644
index 000..cc15cd5
--- /dev/null
+++ b/1500_XATTR_USER_PREFIX.patch
@@ -0,0 +1,54 @@
+From: Anthony G. Basile 
+
+This patch adds support for a restricted user-controlled namespace on
+tmpfs filesystem used to house PaX flags.  The namespace must be of the
+form user.pax.* and its value cannot exceed a size of 8 bytes.
+
+This is needed even on all Gentoo systems so that XATTR_PAX flags
+are preserved for users who might build packages using portage on
+a tmpfs system with a non-hardened kernel and then switch to a
+hardened kernel with XATTR_PAX enabled.
+
+The namespace is added to any user with Extended Attribute support
+enabled for tmpfs.  Users who do not enable xattrs will not have
+the XATTR_PAX flags preserved.
+
+diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
+index e4629b9..6958086 100644
+--- a/include/uapi/linux/xattr.h
 b/include/uapi/linux/xattr.h
+@@ -63,5 +63,9 @@
+ #define XATTR_POSIX_ACL_DEFAULT  "posix_acl_default"
+ #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX 
XATTR_POSIX_ACL_DEFAULT
+ 
++/* User namespace */
++#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax."
++#define XATTR_PAX_FLAGS_SUFFIX "flags"
++#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX
+ 
+ #endif /* _UAPI_LINUX_XATTR_H */
+diff --git a/mm/shmem.c b/mm/shmem.c
+index 1c44af7..f23bb1b 100644
+--- a/mm/shmem.c
 b/mm/shmem.c
+@@ -2201,6 +2201,7 @@ static const struct xattr_handler 
*shmem_xattr_handlers[] = {
+ static int shmem_xattr_validate(const char *name)
+ {
+   struct { const char *prefix; size_t len; } arr[] = {
++  { XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN},
+   { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
+   { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
+   };
+@@ -2256,6 +2257,12 @@ static int shmem_setxattr(struct dentry *dentry, const 
char *name,
+   if (err)
+   return err;
+ 
++  if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
++  if (strcmp(name, XATTR_NAME_PAX_FLAGS))
++  return -EOPNOTSUPP;
++  if (size > 8)
++  return -EINVAL;
++  }
+   return simple_xattr_set(&info->xattrs, name, value, size, flags);
+ }
+