From 6a25557e89f9161772270768163e4bf6c4f96bb4 Mon Sep 17 00:00:00 2001
From: Reg Tiangha <reg@reginaldtiangha.com>
Date: Sun, 23 Apr 2017 15:44:18 -0600
Subject: [PATCH 1/7] update to version 4.4.63

---
 config  | 2 +-
 version | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config b/config
index 077bae9..caa052f 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.4.62 Kernel Configuration
+# Linux/x86 4.4.63 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
diff --git a/version b/version
index 18d5470..1b8ae17 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-4.4.62
+4.4.63

From af6ebe2a5fa3dbffd7de3540c9280104dff0f6bd Mon Sep 17 00:00:00 2001
From: Reg Tiangha <reg@reginaldtiangha.com>
Date: Mon, 24 Apr 2017 21:58:01 -0600
Subject: [PATCH 2/7] Add in relevant XSA 157 security patches

---
 ...xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch | 0
 ...xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch | 0
 ...xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch | 0
 rel                                                           | 2 +-
 series.conf                                                   | 4 ++++
 5 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch
 create mode 100644 patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch
 create mode 100644 patches.xen/xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch

diff --git a/patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch b/patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch
new file mode 100644
index 0000000..e69de29
diff --git a/patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch b/patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch
new file mode 100644
index 0000000..e69de29
diff --git a/patches.xen/xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch b/patches.xen/xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch
new file mode 100644
index 0000000..e69de29
diff --git a/rel b/rel
index b4de394..48082f7 100644
--- a/rel
+++ b/rel
@@ -1 +1 @@
-11
+12
diff --git a/series.conf b/series.conf
index 88bf539..38eab47 100644
--- a/series.conf
+++ b/series.conf
@@ -28,6 +28,10 @@ patches.xen/xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to-
 patches.xen/xsa155-linux-0011-xen-netfront-add-range-check-for-Tx-response-id.patch
 patches.xen/xsa155-linux312-0012-xen-blkfront-make-local-copy-of-response-before-usin.patch
 patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch
+patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch
+patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch
+patches.xen/xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch
+
 
 # MSI-X enabled device passthrough fix (#1734)
 patches.xen/0003-xen-pcifront-Report-the-errors-better.patch

From 567f26be1ed6d00c99de2b3282bcb7f42c90a3dc Mon Sep 17 00:00:00 2001
From: Reg Tiangha <reg@reginaldtiangha.com>
Date: Thu, 27 Apr 2017 06:43:11 -0600
Subject: [PATCH 3/7] Update to version 4.4.64, implement most of KSPP's
 recommended kernel settings (as of Apr 26, 2017)

---
 config  | 19 ++++++++++---------
 version |  2 +-
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/config b/config
index caa052f..784e42e 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.4.63 Kernel Configuration
+# Linux/x86 4.4.64 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -478,7 +478,6 @@ CONFIG_ARCH_SPARSEMEM_ENABLE=y
 CONFIG_ARCH_SPARSEMEM_DEFAULT=y
 CONFIG_ARCH_SELECT_MEMORY_MODEL=y
 # CONFIG_ARCH_MEMORY_PROBE is not set
-CONFIG_ARCH_PROC_KCORE_TEXT=y
 CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
 CONFIG_SELECT_MEMORY_MODEL=y
 CONFIG_SPARSEMEM_MANUAL=y
@@ -556,7 +555,7 @@ CONFIG_SECCOMP=y
 CONFIG_HZ_1000=y
 CONFIG_HZ=1000
 CONFIG_SCHED_HRTICK=y
-CONFIG_KEXEC=y
+# CONFIG_KEXEC is not set
 CONFIG_KEXEC_FILE=y
 CONFIG_KEXEC_VERIFY_SIG=y
 CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
@@ -636,7 +635,7 @@ CONFIG_ACPI_HOTPLUG_MEMORY=y
 CONFIG_ACPI_HOTPLUG_IOAPIC=y
 CONFIG_ACPI_SBS=m
 CONFIG_ACPI_HED=y
-CONFIG_ACPI_CUSTOM_METHOD=m
+# CONFIG_ACPI_CUSTOM_METHOD is not set
 CONFIG_ACPI_BGRT=y
 # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
 CONFIG_ACPI_NFIT=m
@@ -6438,13 +6437,15 @@ CONFIG_MSDOS_FS=m
 CONFIG_VFAT_FS=m
 CONFIG_FAT_DEFAULT_CODEPAGE=437
 CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
-# CONFIG_NTFS_FS is not set
+CONFIG_NTFS_FS=m
+# CONFIG_NTFS_DEBUG is not set
+CONFIG_NTFS_RW=y
 
 #
 # Pseudo filesystems
 #
 CONFIG_PROC_FS=y
-CONFIG_PROC_KCORE=y
+# CONFIG_PROC_KCORE is not set
 CONFIG_PROC_VMCORE=y
 CONFIG_PROC_SYSCTL=y
 CONFIG_PROC_PAGE_MONITOR=y
@@ -6738,8 +6739,8 @@ CONFIG_DEBUG_BUGVERBOSE=y
 CONFIG_DEBUG_LIST=y
 # CONFIG_DEBUG_PI_LIST is not set
 # CONFIG_DEBUG_SG is not set
-# CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_DEBUG_CREDENTIALS is not set
+CONFIG_DEBUG_NOTIFIERS=y
+CONFIG_DEBUG_CREDENTIALS=y
 
 #
 # RCU Debugging
@@ -6912,7 +6913,7 @@ CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
 CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
 CONFIG_SECURITY_APPARMOR_HASH=y
-# CONFIG_SECURITY_YAMA is not set
+CONFIG_SECURITY_YAMA=y
 # CONFIG_INTEGRITY is not set
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
diff --git a/version b/version
index 1b8ae17..036e039 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-4.4.63
+4.4.64

From 83e961a6b377dd858f64fcf8c52a06d790c6c494 Mon Sep 17 00:00:00 2001
From: Reg Tiangha <reg@reginaldtiangha.com>
Date: Sun, 30 Apr 2017 16:13:04 -0600
Subject: [PATCH 4/7] Update to 4.4.65, disable Intel ME driver.

---
 config  | 11 ++++-------
 version |  2 +-
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/config b/config
index 784e42e..8cd7450 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.4.64 Kernel Configuration
+# Linux/x86 4.4.65 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -1633,17 +1633,14 @@ CONFIG_NFC_SHDLC=y
 #
 CONFIG_NFC_PN533=m
 # CONFIG_NFC_WILINK is not set
-CONFIG_NFC_MEI_PHY=m
 CONFIG_NFC_SIM=m
 CONFIG_NFC_PORT100=m
 CONFIG_NFC_FDP=m
 CONFIG_NFC_FDP_I2C=m
 CONFIG_NFC_PN544=m
 CONFIG_NFC_PN544_I2C=m
-CONFIG_NFC_PN544_MEI=m
 CONFIG_NFC_MICROREAD=m
 CONFIG_NFC_MICROREAD_I2C=m
-CONFIG_NFC_MICROREAD_MEI=m
 CONFIG_NFC_MRVL=m
 CONFIG_NFC_MRVL_USB=m
 CONFIG_NFC_MRVL_UART=m
@@ -1877,9 +1874,9 @@ CONFIG_SENSORS_LIS3_I2C=m
 # Altera FPGA firmware download module
 #
 CONFIG_ALTERA_STAPL=m
-CONFIG_INTEL_MEI=m
-CONFIG_INTEL_MEI_ME=m
-CONFIG_INTEL_MEI_TXE=m
+# CONFIG_INTEL_MEI is not set
+# CONFIG_INTEL_MEI_ME is not set
+# CONFIG_INTEL_MEI_TXE is not set
 CONFIG_VMWARE_VMCI=m
 
 #
diff --git a/version b/version
index 036e039..169335f 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-4.4.64
+4.4.65

From 4a902b51f6ac024dca3b7342b27daa06d85e587c Mon Sep 17 00:00:00 2001
From: Reg Tiangha <reg@reginaldtiangha.com>
Date: Wed, 3 May 2017 10:18:39 -0600
Subject: [PATCH 5/7] Update to version 4.4.66

---
 config  | 2 +-
 version | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config b/config
index 8cd7450..2613f52 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.4.65 Kernel Configuration
+# Linux/x86 4.4.66 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
diff --git a/version b/version
index 169335f..2b034a1 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-4.4.65
+4.4.66

From d8ffa10314c2d9f82c7327d86dd5f3fd7f36929e Mon Sep 17 00:00:00 2001
From: Reg Tiangha <reg@reginaldtiangha.com>
Date: Sun, 7 May 2017 10:31:03 -0600
Subject: [PATCH 6/7] Revert XSA 157 commits; empty files accidentally uploaded
 and is already patched in upstream

---
 ...-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch | 0
 ...-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch | 0
 ...-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch | 0
 series.conf                                                    | 3 ---
 4 files changed, 3 deletions(-)
 delete mode 100644 patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch
 delete mode 100644 patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch
 delete mode 100644 patches.xen/xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch

diff --git a/patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch b/patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch
deleted file mode 100644
index e69de29..0000000
diff --git a/patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch b/patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch
deleted file mode 100644
index e69de29..0000000
diff --git a/patches.xen/xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch b/patches.xen/xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch
deleted file mode 100644
index e69de29..0000000
diff --git a/series.conf b/series.conf
index 38eab47..70bee37 100644
--- a/series.conf
+++ b/series.conf
@@ -28,9 +28,6 @@ patches.xen/xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to-
 patches.xen/xsa155-linux-0011-xen-netfront-add-range-check-for-Tx-response-id.patch
 patches.xen/xsa155-linux312-0012-xen-blkfront-make-local-copy-of-response-before-usin.patch
 patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch
-patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch
-patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch
-patches.xen/xsa157-0005-xen-pciback-Don-t-allow-MSI-X-ops-if-PCI_COMMAND_MEM.patch
 
 
 # MSI-X enabled device passthrough fix (#1734)

From ce1b104205b42601e802571da5d0f530b03afa06 Mon Sep 17 00:00:00 2001
From: Reg Tiangha <reg@reginaldtiangha.com>
Date: Mon, 8 May 2017 03:35:33 -0600
Subject: [PATCH 7/7] Update to 4.4.67, implement more of KSPP's recommended
 settings, activate Intel preliminary hardware support by default for newer
 Intel graphic cards.

---
 config  | 14 +++++++-------
 version |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/config b/config
index 2613f52..e6fef28 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.4.66 Kernel Configuration
+# Linux/x86 4.4.67 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -4613,7 +4613,7 @@ CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 # CONFIG_DRM_I810 is not set
 CONFIG_DRM_I915=m
-# CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
+CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT=y
 # CONFIG_DRM_MGA is not set
 # CONFIG_DRM_SIS is not set
 CONFIG_DRM_VIA=m
@@ -4622,7 +4622,7 @@ CONFIG_DRM_VGEM=m
 CONFIG_DRM_VMWGFX=m
 CONFIG_DRM_VMWGFX_FBCON=y
 CONFIG_DRM_GMA500=m
-# CONFIG_DRM_GMA600 is not set
+CONFIG_DRM_GMA600=y
 CONFIG_DRM_GMA3600=y
 CONFIG_DRM_UDL=m
 CONFIG_DRM_AST=m
@@ -6707,9 +6707,9 @@ CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0
 # CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set
 CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
 # CONFIG_DETECT_HUNG_TASK is not set
-# CONFIG_PANIC_ON_OOPS is not set
-CONFIG_PANIC_ON_OOPS_VALUE=0
-CONFIG_PANIC_TIMEOUT=0
+CONFIG_PANIC_ON_OOPS=y
+CONFIG_PANIC_ON_OOPS_VALUE=1
+CONFIG_PANIC_TIMEOUT=-1
 CONFIG_SCHED_DEBUG=y
 CONFIG_SCHED_INFO=y
 CONFIG_SCHEDSTATS=y
@@ -6735,7 +6735,7 @@ CONFIG_STACKTRACE=y
 CONFIG_DEBUG_BUGVERBOSE=y
 CONFIG_DEBUG_LIST=y
 # CONFIG_DEBUG_PI_LIST is not set
-# CONFIG_DEBUG_SG is not set
+CONFIG_DEBUG_SG=y
 CONFIG_DEBUG_NOTIFIERS=y
 CONFIG_DEBUG_CREDENTIALS=y
 
diff --git a/version b/version
index 2b034a1..368fbbe 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-4.4.66
+4.4.67