Update to 4.14.6 and auto generate config

The config is now generated based on Fedora's config. This way we need
to only track qubes specific changes and can quickly update to never
Fedora configs.
This commit is contained in:
Simon Gaiser 2017-12-15 10:08:09 +01:00
parent a00512fb97
commit 537e0d17a8
6 changed files with 1482 additions and 1027 deletions

File diff suppressed because it is too large Load Diff

119
config-qubes Normal file
View File

@ -0,0 +1,119 @@
## Qubes specific config settings.
##
## Lines starting with ## are comments.
################################################################################
## Enable expert options
CONFIG_EXPERT=y
################################################################################
## Use xz to save space on /boot
# CONFIG_KERNEL_GZIP is not set
CONFIG_KERNEL_XZ=y
################################################################################
## Enable /proc/config.gz to help debugging etc.
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
################################################################################
## Enable some more hardening options
CONFIG_GCC_PLUGINS=y
CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
CONFIG_GCC_PLUGIN_STRUCTLEAK=y
## XXX: What's about RANDSTRUCT?
## Those depend on CONFIG_EXPERT
CONFIG_ARCH_MMAP_RND_BITS=32
CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16
CONFIG_REFCOUNT_FULL=y
# CONFIG_KEXEC is not set
# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
CONFIG_LEGACY_VSYSCALL_NONE=y
# CONFIG_ACPI_CUSTOM_METHOD is not set
CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_INTEL_IOMMU_DEFAULT_ON=y
# CONFIG_PROC_KCORE is not set
CONFIG_PAGE_POISONING=y
# CONFIG_PAGE_POISONING_NO_SANITY is not set
CONFIG_PAGE_POISONING_ZERO=y
CONFIG_PANIC_ON_OOPS=y
CONFIG_PANIC_ON_OOPS_VALUE=1
CONFIG_PANIC_TIMEOUT=-1
CONFIG_SCHED_STACK_END_CHECK=y
CONFIG_DEBUG_TIMEKEEPING=y
CONFIG_IO_STRICT_DEVMEM=y
CONFIG_SECURITY_YAMA=y
# CONFIG_HIBERNATION is not set
################################################################################
## Disable PCI hotplug to prevent DMA attacks via ExpressCard or Thunderbolt
## ports. QubesOS/qubes-issues#1673
# CONFIG_HOTPLUG_PCI is not set
################################################################################
## We don't use singed modules
# CONFIG_MODULE_SIG is not set
################################################################################
## Deactivate selinux by default
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
################################################################################
## Enable paravirt spinlocks. This should be more performant.
CONFIG_PARAVIRT_SPINLOCKS=y
################################################################################
## Disable atomisp support. It's broken.
## https://lists.xen.org/archives/html/xen-devel/2017-09/msg00793.html
# CONFIG_INTEL_ATOMISP is not set
################################################################################
## TODO: from diff to old config
## CONFIG_X86_AMD_PLATFORM_DEVICE=y
##
## # CONFIG_X86_MCELOG_LEGACY is not set
## # CONFIG_X86_MCE_INJECT is not set
##
## CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
##
## CONFIG_SECURITY_APPARMOR=y
## sensors from 0f976d972a1671a303fad30a5e690304b0b82ee0
##
## Intel ME driver e0f8e9ca81b80d897b190f48a4af80eff3198cb1

61
gen-config Executable file
View File

@ -0,0 +1,61 @@
#!/bin/bash
# The Qubes OS Project, https://www.qubes-os.org
#
# Copyright (C) 2017 Simon Gaiser <simon@invisiblethingslab.com>
# Copyright (c) 2009-2010 Wind River Systems, Inc.
# Copyright 2011 Linaro
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details.
set -eu -o pipefail
linux_merge_config="./scripts/kconfig/merge_config.sh"
make_opts=""
if [ -n "${RPM_PACKAGE_VERSION:-}" ]; then
linux_merge_config="../linux-$RPM_PACKAGE_VERSION/scripts/kconfig/merge_config.sh"
make_opts="-C ../linux-$RPM_PACKAGE_VERSION O=$PWD"
fi
if [ -z "$linux_merge_config" ]; then
printf 'Error: Could not find merge_config.sh from the linux source tree!\n'
exit 1
fi
sed_config_exp='s/^\(# \)\{0,1\}\(CONFIG_[a-zA-Z0-9_]*\)[= ].*/\2/p'
if [ $# -ne 2 ]; then
printf 'Usage: gen-config base.config local.config\n'
exit 1
fi
base_config="$1"
local_config="$2"
grep -v '^##' "$local_config" > "$local_config.gen"
$linux_merge_config -m "$base_config" "$local_config.gen"
make $make_opts KCONFIG_ALLCONFIG=.config alldefconfig
rc=0
for cfg in $(sed -n "$sed_config_exp" "$local_config.gen"); do
requested="$(grep -w "$cfg" "$local_config.gen" || true)"
actual="$(grep -w "$cfg" .config || true)"
if [ "$requested" != "$actual" ]; then
printf 'Local config setting for %s didn'\''t make it into the final config\n' "$cfg"
rc=1
fi
done
rm "$local_config.gen"
exit $rc

View File

@ -79,7 +79,9 @@ Source14: series.conf
Source16: guards Source16: guards
Source17: apply-patches Source17: apply-patches
Source33: check-for-config-changes Source33: check-for-config-changes
Source100: config Source34: gen-config
Source100: config-base
Source101: config-qubes
# FIXME: Including dirs this way does NOT produce proper src.rpms # FIXME: Including dirs this way does NOT produce proper src.rpms
Source204: patches.rpmify Source204: patches.rpmify
Source205: patches.xen Source205: patches.xen
@ -114,11 +116,7 @@ fi
cd %kernel_build_dir cd %kernel_build_dir
if [ -f %_sourcedir/config-%{version} ]; then %_sourcedir/gen-config %_sourcedir/config-base %_sourcedir/config-qubes
cp %_sourcedir/config-%{version} .config
else
cp %_sourcedir/config .config
fi
%build_src_dir/scripts/config \ %build_src_dir/scripts/config \
--set-str CONFIG_LOCALVERSION -%release.%cpu_arch \ --set-str CONFIG_LOCALVERSION -%release.%cpu_arch \
@ -128,14 +126,6 @@ fi
# Enabling CONFIG_DEBUG_INFO produces *huge* packages! # Enabling CONFIG_DEBUG_INFO produces *huge* packages!
MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD" MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD"
if test -e %_sourcedir/TOLERATE-UNKNOWN-NEW-CONFIG-OPTIONS; then
yes '' | make oldconfig $MAKE_ARGS
else
cp .config .config.orig
make silentoldconfig $MAKE_ARGS < /dev/null
%_sourcedir/check-for-config-changes .config.orig .config
rm .config.orig
fi
make prepare $MAKE_ARGS make prepare $MAKE_ARGS
make scripts $MAKE_ARGS make scripts $MAKE_ARGS

View File

@ -19,11 +19,9 @@ guest (or stubdom) can already generate MSIs through other ways, see
drivers/xen/xen-pciback/pciback.h | 1 + drivers/xen/xen-pciback/pciback.h | 1 +
3 files changed, 105 insertions(+) 3 files changed, 105 insertions(+)
diff --git a/drivers/xen/xen-pciback/conf_space_capability.c b/drivers/xen/xen-pciback/conf_space_capability.c
index 7f83e9083e9d..793635238267 100644
--- a/drivers/xen/xen-pciback/conf_space_capability.c --- a/drivers/xen/xen-pciback/conf_space_capability.c
+++ b/drivers/xen/xen-pciback/conf_space_capability.c +++ b/drivers/xen/xen-pciback/conf_space_capability.c
@@ -189,6 +189,40 @@ static const struct config_field caplist_pm[] = { @@ -190,6 +190,40 @@ static const struct config_field caplist
{} {}
}; };
@ -64,7 +62,7 @@ index 7f83e9083e9d..793635238267 100644
static struct xen_pcibk_config_capability xen_pcibk_config_capability_pm = { static struct xen_pcibk_config_capability xen_pcibk_config_capability_pm = {
.capability = PCI_CAP_ID_PM, .capability = PCI_CAP_ID_PM,
.fields = caplist_pm, .fields = caplist_pm,
@@ -197,11 +231,16 @@ static struct xen_pcibk_config_capability xen_pcibk_config_capability_vpd = { @@ -198,11 +232,16 @@ static struct xen_pcibk_config_capabilit
.capability = PCI_CAP_ID_VPD, .capability = PCI_CAP_ID_VPD,
.fields = caplist_vpd, .fields = caplist_vpd,
}; };
@ -81,11 +79,9 @@ index 7f83e9083e9d..793635238267 100644
return 0; return 0;
} }
diff --git a/drivers/xen/xen-pciback/pci_stub.c b/drivers/xen/xen-pciback/pci_stub.c
index 6331a95691a4..953866285ac1 100644
--- a/drivers/xen/xen-pciback/pci_stub.c --- a/drivers/xen/xen-pciback/pci_stub.c
+++ b/drivers/xen/xen-pciback/pci_stub.c +++ b/drivers/xen/xen-pciback/pci_stub.c
@@ -303,6 +303,8 @@ void pcistub_put_pci_dev(struct pci_dev *dev) @@ -303,6 +303,8 @@ void pcistub_put_pci_dev(struct pci_dev
xen_pcibk_config_reset_dev(dev); xen_pcibk_config_reset_dev(dev);
xen_pcibk_config_free_dyn_fields(dev); xen_pcibk_config_free_dyn_fields(dev);
@ -94,12 +90,12 @@ index 6331a95691a4..953866285ac1 100644
xen_unregister_device_domain_owner(dev); xen_unregister_device_domain_owner(dev);
spin_lock_irqsave(&found_psdev->lock, flags); spin_lock_irqsave(&found_psdev->lock, flags);
@@ -1434,6 +1436,64 @@ static ssize_t permissive_show(struct device_driver *drv, char *buf) @@ -1430,6 +1432,63 @@ static ssize_t permissive_show(struct de
static DRIVER_ATTR(permissive, S_IRUSR | S_IWUSR, permissive_show, }
permissive_add); static DRIVER_ATTR_RW(permissive);
+static ssize_t allow_msi_enable_add(struct device_driver *drv, const char *buf, +static ssize_t allow_msi_enable_store(struct device_driver *drv, const char *buf,
+ size_t count) + size_t count)
+{ +{
+ int domain, bus, slot, func; + int domain, bus, slot, func;
+ int err; + int err;
@ -153,22 +149,21 @@ index 6331a95691a4..953866285ac1 100644
+ spin_unlock_irqrestore(&pcistub_devices_lock, flags); + spin_unlock_irqrestore(&pcistub_devices_lock, flags);
+ return count; + return count;
+} +}
+static DRIVER_ATTR(allow_msi_enable, S_IRUSR | S_IWUSR, allow_msi_enable_show, +static DRIVER_ATTR_RW(allow_msi_enable);
+ allow_msi_enable_add);
+ +
static void pcistub_exit(void) static void pcistub_exit(void)
{ {
driver_remove_file(&xen_pcibk_pci_driver.driver, &driver_attr_new_slot); driver_remove_file(&xen_pcibk_pci_driver.driver, &driver_attr_new_slot);
@@ -1443,6 +1503,8 @@ static void pcistub_exit(void) @@ -1440,6 +1499,8 @@ static void pcistub_exit(void)
driver_remove_file(&xen_pcibk_pci_driver.driver, &driver_attr_quirks);
driver_remove_file(&xen_pcibk_pci_driver.driver, driver_remove_file(&xen_pcibk_pci_driver.driver,
&driver_attr_permissive); &driver_attr_permissive);
+ driver_remove_file(&xen_pcibk_pci_driver.driver,
+ &driver_attr_allow_msi_enable);
driver_remove_file(&xen_pcibk_pci_driver.driver, driver_remove_file(&xen_pcibk_pci_driver.driver,
+ &driver_attr_allow_msi_enable);
+ driver_remove_file(&xen_pcibk_pci_driver.driver,
&driver_attr_irq_handlers); &driver_attr_irq_handlers);
driver_remove_file(&xen_pcibk_pci_driver.driver, driver_remove_file(&xen_pcibk_pci_driver.driver,
@@ -1533,6 +1595,9 @@ static int __init pcistub_init(void) &driver_attr_irq_handler_state);
@@ -1529,6 +1590,9 @@ static int __init pcistub_init(void)
if (!err) if (!err)
err = driver_create_file(&xen_pcibk_pci_driver.driver, err = driver_create_file(&xen_pcibk_pci_driver.driver,
&driver_attr_permissive); &driver_attr_permissive);
@ -178,11 +173,9 @@ index 6331a95691a4..953866285ac1 100644
if (!err) if (!err)
err = driver_create_file(&xen_pcibk_pci_driver.driver, err = driver_create_file(&xen_pcibk_pci_driver.driver,
diff --git a/drivers/xen/xen-pciback/pciback.h b/drivers/xen/xen-pciback/pciback.h
index 7af369b6aaa2..32006bb4dad1 100644
--- a/drivers/xen/xen-pciback/pciback.h --- a/drivers/xen/xen-pciback/pciback.h
+++ b/drivers/xen/xen-pciback/pciback.h +++ b/drivers/xen/xen-pciback/pciback.h
@@ -44,6 +44,7 @@ struct xen_pcibk_dev_data { @@ -45,6 +45,7 @@ struct xen_pcibk_dev_data {
struct list_head config_fields; struct list_head config_fields;
struct pci_saved_state *pci_saved_state; struct pci_saved_state *pci_saved_state;
unsigned int permissive:1; unsigned int permissive:1;
@ -190,6 +183,3 @@ index 7af369b6aaa2..32006bb4dad1 100644
unsigned int warned_on_write:1; unsigned int warned_on_write:1;
unsigned int enable_intx:1; unsigned int enable_intx:1;
unsigned int isr_on:1; /* Whether the IRQ handler is installed. */ unsigned int isr_on:1; /* Whether the IRQ handler is installed. */
--
2.14.1

View File

@ -1 +1 @@
4.13.12 4.14.6