Merge remote-tracking branch 'qubesos/pr/7' into stable-4.4
* qubesos/pr/7: Update to 4.4.67, implement more of KSPP's recommended settings, activate Intel preliminary hardware support by default for newer Intel graphic cards. Revert XSA 157 commits; empty files accidentally uploaded and is already patched in upstream Update to version 4.4.66 Update to 4.4.65, disable Intel ME driver. Update to version 4.4.64, implement most of KSPP's recommended kernel settings (as of Apr 26, 2017) Add in relevant XSA 157 security patches update to version 4.4.63
This commit is contained in:
Marek Marczykowski-Górecki
commit
6f999c452f
40
config
40
config
@ -1,6 +1,6 @@
|
||||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/x86 4.4.62 Kernel Configuration
|
||||
# Linux/x86 4.4.67 Kernel Configuration
|
||||
#
|
||||
CONFIG_64BIT=y
|
||||
CONFIG_X86_64=y
|
||||
@ -478,7 +478,6 @@ CONFIG_ARCH_SPARSEMEM_ENABLE=y
|
||||
CONFIG_ARCH_SPARSEMEM_DEFAULT=y
|
||||
CONFIG_ARCH_SELECT_MEMORY_MODEL=y
|
||||
# CONFIG_ARCH_MEMORY_PROBE is not set
|
||||
CONFIG_ARCH_PROC_KCORE_TEXT=y
|
||||
CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
|
||||
CONFIG_SELECT_MEMORY_MODEL=y
|
||||
CONFIG_SPARSEMEM_MANUAL=y
|
||||
@ -556,7 +555,7 @@ CONFIG_SECCOMP=y
|
||||
CONFIG_HZ_1000=y
|
||||
CONFIG_HZ=1000
|
||||
CONFIG_SCHED_HRTICK=y
|
||||
CONFIG_KEXEC=y
|
||||
# CONFIG_KEXEC is not set
|
||||
CONFIG_KEXEC_FILE=y
|
||||
CONFIG_KEXEC_VERIFY_SIG=y
|
||||
CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
|
||||
@ -636,7 +635,7 @@ CONFIG_ACPI_HOTPLUG_MEMORY=y
|
||||
CONFIG_ACPI_HOTPLUG_IOAPIC=y
|
||||
CONFIG_ACPI_SBS=m
|
||||
CONFIG_ACPI_HED=y
|
||||
CONFIG_ACPI_CUSTOM_METHOD=m
|
||||
# CONFIG_ACPI_CUSTOM_METHOD is not set
|
||||
CONFIG_ACPI_BGRT=y
|
||||
# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
|
||||
CONFIG_ACPI_NFIT=m
|
||||
@ -1634,17 +1633,14 @@ CONFIG_NFC_SHDLC=y
|
||||
#
|
||||
CONFIG_NFC_PN533=m
|
||||
# CONFIG_NFC_WILINK is not set
|
||||
CONFIG_NFC_MEI_PHY=m
|
||||
CONFIG_NFC_SIM=m
|
||||
CONFIG_NFC_PORT100=m
|
||||
CONFIG_NFC_FDP=m
|
||||
CONFIG_NFC_FDP_I2C=m
|
||||
CONFIG_NFC_PN544=m
|
||||
CONFIG_NFC_PN544_I2C=m
|
||||
CONFIG_NFC_PN544_MEI=m
|
||||
CONFIG_NFC_MICROREAD=m
|
||||
CONFIG_NFC_MICROREAD_I2C=m
|
||||
CONFIG_NFC_MICROREAD_MEI=m
|
||||
CONFIG_NFC_MRVL=m
|
||||
CONFIG_NFC_MRVL_USB=m
|
||||
CONFIG_NFC_MRVL_UART=m
|
||||
@ -1878,9 +1874,9 @@ CONFIG_SENSORS_LIS3_I2C=m
|
||||
# Altera FPGA firmware download module
|
||||
#
|
||||
CONFIG_ALTERA_STAPL=m
|
||||
CONFIG_INTEL_MEI=m
|
||||
CONFIG_INTEL_MEI_ME=m
|
||||
CONFIG_INTEL_MEI_TXE=m
|
||||
# CONFIG_INTEL_MEI is not set
|
||||
# CONFIG_INTEL_MEI_ME is not set
|
||||
# CONFIG_INTEL_MEI_TXE is not set
|
||||
CONFIG_VMWARE_VMCI=m
|
||||
|
||||
#
|
||||
@ -4617,7 +4613,7 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3
|
||||
CONFIG_DRM_NOUVEAU_BACKLIGHT=y
|
||||
# CONFIG_DRM_I810 is not set
|
||||
CONFIG_DRM_I915=m
|
||||
# CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
|
||||
CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT=y
|
||||
# CONFIG_DRM_MGA is not set
|
||||
# CONFIG_DRM_SIS is not set
|
||||
CONFIG_DRM_VIA=m
|
||||
@ -4626,7 +4622,7 @@ CONFIG_DRM_VGEM=m
|
||||
CONFIG_DRM_VMWGFX=m
|
||||
CONFIG_DRM_VMWGFX_FBCON=y
|
||||
CONFIG_DRM_GMA500=m
|
||||
# CONFIG_DRM_GMA600 is not set
|
||||
CONFIG_DRM_GMA600=y
|
||||
CONFIG_DRM_GMA3600=y
|
||||
CONFIG_DRM_UDL=m
|
||||
CONFIG_DRM_AST=m
|
||||
@ -6438,13 +6434,15 @@ CONFIG_MSDOS_FS=m
|
||||
CONFIG_VFAT_FS=m
|
||||
CONFIG_FAT_DEFAULT_CODEPAGE=437
|
||||
CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
|
||||
# CONFIG_NTFS_FS is not set
|
||||
CONFIG_NTFS_FS=m
|
||||
# CONFIG_NTFS_DEBUG is not set
|
||||
CONFIG_NTFS_RW=y
|
||||
|
||||
#
|
||||
# Pseudo filesystems
|
||||
#
|
||||
CONFIG_PROC_FS=y
|
||||
CONFIG_PROC_KCORE=y
|
||||
# CONFIG_PROC_KCORE is not set
|
||||
CONFIG_PROC_VMCORE=y
|
||||
CONFIG_PROC_SYSCTL=y
|
||||
CONFIG_PROC_PAGE_MONITOR=y
|
||||
@ -6709,9 +6707,9 @@ CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0
|
||||
# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set
|
||||
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
|
||||
# CONFIG_DETECT_HUNG_TASK is not set
|
||||
# CONFIG_PANIC_ON_OOPS is not set
|
||||
CONFIG_PANIC_ON_OOPS_VALUE=0
|
||||
CONFIG_PANIC_TIMEOUT=0
|
||||
CONFIG_PANIC_ON_OOPS=y
|
||||
CONFIG_PANIC_ON_OOPS_VALUE=1
|
||||
CONFIG_PANIC_TIMEOUT=-1
|
||||
CONFIG_SCHED_DEBUG=y
|
||||
CONFIG_SCHED_INFO=y
|
||||
CONFIG_SCHEDSTATS=y
|
||||
@ -6737,9 +6735,9 @@ CONFIG_STACKTRACE=y
|
||||
CONFIG_DEBUG_BUGVERBOSE=y
|
||||
CONFIG_DEBUG_LIST=y
|
||||
# CONFIG_DEBUG_PI_LIST is not set
|
||||
# CONFIG_DEBUG_SG is not set
|
||||
# CONFIG_DEBUG_NOTIFIERS is not set
|
||||
# CONFIG_DEBUG_CREDENTIALS is not set
|
||||
CONFIG_DEBUG_SG=y
|
||||
CONFIG_DEBUG_NOTIFIERS=y
|
||||
CONFIG_DEBUG_CREDENTIALS=y
|
||||
|
||||
#
|
||||
# RCU Debugging
|
||||
@ -6912,7 +6910,7 @@ CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
|
||||
CONFIG_SECURITY_APPARMOR=y
|
||||
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
|
||||
CONFIG_SECURITY_APPARMOR_HASH=y
|
||||
# CONFIG_SECURITY_YAMA is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_INTEGRITY is not set
|
||||
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
||||
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
||||
|
||||
@ -29,6 +29,7 @@ patches.xen/xsa155-linux-0011-xen-netfront-add-range-check-for-Tx-response-id.pa
|
||||
patches.xen/xsa155-linux312-0012-xen-blkfront-make-local-copy-of-response-before-usin.patch
|
||||
patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch
|
||||
|
||||
|
||||
# MSI-X enabled device passthrough fix (#1734)
|
||||
patches.xen/0003-xen-pcifront-Report-the-errors-better.patch
|
||||
patches.xen/pci_op-cleanup.patch
|
||||
|
||||
Loading…
Reference in New Issue
Block a user