diff --git a/Makefile b/Makefile index b568fe9..5f9f6b3 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -KERNEL_VERSION = linux-6.6.22 +KERNEL_VERSION = linux-6.6.32 KERNEL_REMOTE = https://cdn.kernel.org/pub/linux/kernel/v6.x/$(KERNEL_VERSION).tar.xz KERNEL_TARBALL = tarballs/$(KERNEL_VERSION).tar.xz KERNEL_SOURCES = $(KERNEL_VERSION) @@ -6,8 +6,8 @@ KERNEL_PATCHES = $(shell find patches/ -name "0*.patch" | sort) KERNEL_C_BUNDLE = kernel.c ABI_VERSION = 4 -FULL_VERSION = 4.1.0 -TIMESTAMP = "Mon Mar 18 10:18:40 AM CET 2024" +FULL_VERSION = 4.2.0 +TIMESTAMP = "Wed Jun 5 12:25:26 CEST 2024" KERNEL_FLAGS = KBUILD_BUILD_TIMESTAMP=$(TIMESTAMP) KERNEL_FLAGS += KBUILD_BUILD_USER=root diff --git a/config-libkrunfw-sev_x86_64 b/config-libkrunfw-sev_x86_64 index 22f4b64..905ceb7 100644 --- a/config-libkrunfw-sev_x86_64 +++ b/config-libkrunfw-sev_x86_64 @@ -1,23 +1,25 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.0.2 Kernel Configuration +# Linux/x86 6.6.32 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.1.1 20220628 (Red Hat 12.1.1-3)" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.1 20240316 (Red Hat 13.2.1-7)" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=120101 +CONFIG_GCC_VERSION=130201 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=23800 +CONFIG_AS_VERSION=24000 CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=23800 +CONFIG_LD_VERSION=24000 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y +CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y +CONFIG_TOOLS_SUPPORT_RELR=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y -CONFIG_PAHOLE_VERSION=123 +CONFIG_PAHOLE_VERSION=0 CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -148,7 +150,6 @@ CONFIG_CPU_ISOLATION=y CONFIG_TREE_RCU=y CONFIG_PREEMPT_RCU=y # CONFIG_RCU_EXPERT is not set -CONFIG_SRCU=y CONFIG_TREE_SRCU=y CONFIG_TASKS_RCU_GENERIC=y CONFIG_TASKS_RCU=y @@ -161,7 +162,6 @@ CONFIG_RCU_NEED_SEGCBLIST=y # CONFIG_IKHEADERS is not set CONFIG_LOG_BUF_SHIFT=16 CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 -CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=12 # CONFIG_PRINTK_INDEX is not set CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y @@ -175,14 +175,13 @@ CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_HAS_INT128=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" -CONFIG_GCC12_NO_ARRAY_BOUNDS=y +CONFIG_GCC10_NO_ARRAY_BOUNDS=y CONFIG_CC_NO_ARRAY_BOUNDS=y CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_CGROUPS=y CONFIG_PAGE_COUNTER=y # CONFIG_CGROUP_FAVOR_DYNMODS is not set CONFIG_MEMCG=y -CONFIG_MEMCG_SWAP=y CONFIG_MEMCG_KMEM=y CONFIG_BLK_CGROUP=y CONFIG_CGROUP_WRITEBACK=y @@ -190,6 +189,7 @@ CONFIG_CGROUP_SCHED=y CONFIG_FAIR_GROUP_SCHED=y CONFIG_CFS_BANDWIDTH=y CONFIG_RT_GROUP_SCHED=y +CONFIG_SCHED_MM_CID=y CONFIG_CGROUP_PIDS=y # CONFIG_CGROUP_RDMA is not set CONFIG_CGROUP_FREEZER=y @@ -212,7 +212,6 @@ CONFIG_PID_NS=y CONFIG_NET_NS=y # CONFIG_CHECKPOINT_RESTORE is not set CONFIG_SCHED_AUTOGROUP=y -# CONFIG_SYSFS_DEPRECATED is not set CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="" @@ -228,6 +227,7 @@ CONFIG_INITRAMFS_PRESERVE_MTIME=y CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_LD_ORPHAN_WARN=y +CONFIG_LD_ORPHAN_WARN_LEVEL="warn" CONFIG_SYSCTL=y CONFIG_HAVE_UID16=y CONFIG_SYSCTL_EXCEPTION_TRACE=y @@ -256,14 +256,15 @@ CONFIG_IO_URING=y CONFIG_ADVISE_SYSCALLS=y CONFIG_MEMBARRIER=y CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_SELFTEST is not set # CONFIG_KALLSYMS_ALL is not set CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y # CONFIG_KCMP is not set CONFIG_RSEQ=y +CONFIG_CACHESTAT_SYSCALL=y # CONFIG_DEBUG_RSEQ is not set -# CONFIG_EMBEDDED is not set CONFIG_HAVE_PERF_EVENTS=y # CONFIG_PC104 is not set @@ -275,6 +276,17 @@ CONFIG_PERF_EVENTS=y # end of Kernel Performance Events And Counters CONFIG_PROFILING=y + +# +# Kexec and crash features +# +CONFIG_CRASH_CORE=y +CONFIG_KEXEC_CORE=y +# CONFIG_KEXEC is not set +CONFIG_KEXEC_FILE=y +# CONFIG_KEXEC_SIG is not set +# CONFIG_CRASH_DUMP is not set +# end of Kexec and crash features # end of General setup CONFIG_64BIT=y @@ -296,7 +308,6 @@ CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_HAS_CPU_RELAX=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y -CONFIG_ARCH_NR_GPIO=1024 CONFIG_ARCH_SUSPEND_POSSIBLE=y CONFIG_AUDIT_ARCH=y CONFIG_X86_64_SMP=y @@ -310,12 +321,12 @@ CONFIG_CC_HAS_SANE_STACKPROTECTOR=y # Processor type and features # CONFIG_SMP=y -CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_X2APIC=y CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set # CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set CONFIG_SCHED_OMIT_FRAME_POINTER=y CONFIG_HYPERVISOR_GUEST=y CONFIG_PARAVIRT=y @@ -378,7 +389,8 @@ CONFIG_X86_16BIT=y CONFIG_X86_ESPFIX64=y CONFIG_X86_VSYSCALL_EMULATION=y # CONFIG_X86_IOPL_IOPERM is not set -# CONFIG_MICROCODE is not set +CONFIG_MICROCODE=y +# CONFIG_MICROCODE_LATE_LOADING is not set CONFIG_X86_MSR=y CONFIG_X86_CPUID=y # CONFIG_X86_5LEVEL is not set @@ -386,7 +398,6 @@ CONFIG_X86_DIRECT_GBPAGES=y # CONFIG_X86_CPA_STATISTICS is not set CONFIG_X86_MEM_ENCRYPT=y CONFIG_AMD_MEM_ENCRYPT=y -CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y # CONFIG_NUMA is not set CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SPARSEMEM_DEFAULT=y @@ -410,23 +421,39 @@ CONFIG_X86_INTEL_TSX_MODE_OFF=y # CONFIG_X86_INTEL_TSX_MODE_ON is not set # CONFIG_X86_INTEL_TSX_MODE_AUTO is not set # CONFIG_X86_SGX is not set +# CONFIG_X86_USER_SHADOW_STACK is not set +CONFIG_EFI=y +CONFIG_EFI_STUB=y +# CONFIG_EFI_HANDOVER_PROTOCOL is not set +# CONFIG_EFI_MIXED is not set +# CONFIG_EFI_FAKE_MEMMAP is not set +CONFIG_EFI_RUNTIME_MAP=y # CONFIG_HZ_100 is not set CONFIG_HZ_250=y # CONFIG_HZ_300 is not set # CONFIG_HZ_1000 is not set CONFIG_HZ=250 CONFIG_SCHED_HRTICK=y -# CONFIG_KEXEC is not set -CONFIG_KEXEC_FILE=y -CONFIG_ARCH_HAS_KEXEC_PURGATORY=y -# CONFIG_KEXEC_SIG is not set -# CONFIG_CRASH_DUMP is not set +CONFIG_ARCH_SUPPORTS_KEXEC=y +CONFIG_ARCH_SUPPORTS_KEXEC_FILE=y +CONFIG_ARCH_SELECTS_KEXEC_FILE=y +CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG_FORCE=y +CONFIG_ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_JUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_DUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y CONFIG_PHYSICAL_START=0x1000000 -# CONFIG_RELOCATABLE is not set +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x1000000 +CONFIG_DYNAMIC_MEMORY_LAYOUT=y +CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa +# CONFIG_ADDRESS_MASKING is not set CONFIG_HOTPLUG_CPU=y -# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set -# CONFIG_DEBUG_HOTPLUG_CPU0 is not set # CONFIG_COMPAT_VDSO is not set CONFIG_LEGACY_VSYSCALL_XONLY=y # CONFIG_LEGACY_VSYSCALL_NONE is not set @@ -440,16 +467,28 @@ CONFIG_HAVE_LIVEPATCH=y CONFIG_CC_HAS_SLS=y CONFIG_CC_HAS_RETURN_THUNK=y -CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_CC_HAS_ENTRY_PADDING=y +CONFIG_FUNCTION_PADDING_CFI=11 +CONFIG_FUNCTION_PADDING_BYTES=16 +CONFIG_CALL_PADDING=y +CONFIG_HAVE_CALL_THUNKS=y +CONFIG_CALL_THUNKS=y +CONFIG_PREFIX_SYMBOLS=y +CONFIG_CPU_MITIGATIONS=y CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_RETPOLINE=y CONFIG_RETHUNK=y CONFIG_CPU_UNRET_ENTRY=y +CONFIG_CALL_DEPTH_TRACKING=y +# CONFIG_CALL_THUNKS_DEBUG is not set CONFIG_CPU_IBPB_ENTRY=y CONFIG_CPU_IBRS_ENTRY=y +CONFIG_CPU_SRSO=y # CONFIG_SLS is not set +# CONFIG_GDS_FORCE_MITIGATION is not set +CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y CONFIG_ARCH_HAS_ADD_PAGES=y -CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y # # Power management and ACPI options @@ -462,7 +501,52 @@ CONFIG_PM_CLK=y # CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set # CONFIG_ENERGY_MODEL is not set CONFIG_ARCH_SUPPORTS_ACPI=y -# CONFIG_ACPI is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +# CONFIG_ACPI_SPCR_TABLE is not set +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +# CONFIG_ACPI_REV_OVERRIDE_POSSIBLE is not set +# CONFIG_ACPI_EC_DEBUGFS is not set +# CONFIG_ACPI_AC is not set +# CONFIG_ACPI_BATTERY is not set +# CONFIG_ACPI_BUTTON is not set +# CONFIG_ACPI_TINY_POWER_BUTTON is not set +# CONFIG_ACPI_FAN is not set +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_CPPC_LIB=y +CONFIG_ACPI_PROCESSOR=y +CONFIG_ACPI_HOTPLUG_CPU=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +# CONFIG_ACPI_THERMAL is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_TABLE_UPGRADE is not set +# CONFIG_ACPI_DEBUG is not set +CONFIG_ACPI_CONTAINER=y +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_CUSTOM_METHOD is not set +# CONFIG_ACPI_BGRT is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +CONFIG_ACPI_PCC=y +# CONFIG_ACPI_FFH is not set +# CONFIG_PMIC_OPREGION is not set +CONFIG_ACPI_PRMT=y +# CONFIG_X86_PM_TIMER is not set # # CPU Frequency scaling @@ -485,6 +569,11 @@ CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y # CPU frequency scaling drivers # CONFIG_X86_INTEL_PSTATE=y +# CONFIG_X86_PCC_CPUFREQ is not set +# CONFIG_X86_AMD_PSTATE is not set +# CONFIG_X86_AMD_PSTATE_UT is not set +# CONFIG_X86_ACPI_CPUFREQ is not set +# CONFIG_X86_SPEEDSTEP_CENTRINO is not set # CONFIG_X86_P4_CLOCKMOD is not set # @@ -499,7 +588,7 @@ CONFIG_CPU_IDLE=y CONFIG_CPU_IDLE_GOV_LADDER=y CONFIG_CPU_IDLE_GOV_MENU=y # CONFIG_CPU_IDLE_GOV_TEO is not set -# CONFIG_CPU_IDLE_GOV_HALTPOLL is not set +CONFIG_CPU_IDLE_GOV_HALTPOLL=y CONFIG_HALTPOLL_CPUIDLE=y # end of CPU Idle @@ -530,13 +619,19 @@ CONFIG_AS_AVX512=y CONFIG_AS_SHA1_NI=y CONFIG_AS_SHA256_NI=y CONFIG_AS_TPAUSE=y +CONFIG_AS_GFNI=y +CONFIG_AS_WRUSS=y +CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y # # General architecture-dependent options # -CONFIG_CRASH_CORE=y -CONFIG_KEXEC_CORE=y CONFIG_HOTPLUG_SMT=y +CONFIG_HOTPLUG_CORE_SYNC=y +CONFIG_HOTPLUG_CORE_SYNC_DEAD=y +CONFIG_HOTPLUG_CORE_SYNC_FULL=y +CONFIG_HOTPLUG_SPLIT_STARTUP=y +CONFIG_HOTPLUG_PARALLEL=y CONFIG_GENERIC_ENTRY=y CONFIG_JUMP_LABEL=y # CONFIG_STATIC_KEYS_SELFTEST is not set @@ -559,12 +654,14 @@ CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_ARCH_HAS_FORTIFY_SOURCE=y CONFIG_ARCH_HAS_SET_MEMORY=y CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y CONFIG_ARCH_WANTS_NO_INSTR=y CONFIG_HAVE_ASM_MODVERSIONS=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_RUST=y CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y CONFIG_HAVE_HW_BREAKPOINT=y CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y @@ -578,7 +675,9 @@ CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y CONFIG_MMU_GATHER_TABLE_FREE=y CONFIG_MMU_GATHER_RCU_TABLE_FREE=y CONFIG_MMU_GATHER_MERGE_VMAS=y +CONFIG_MMU_LAZY_TLB_REFCOUNT=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_ARCH_HAS_NMI_SAFE_THIS_CPU_OPS=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y @@ -596,6 +695,7 @@ CONFIG_STACKPROTECTOR_STRONG=y CONFIG_ARCH_SUPPORTS_LTO_CLANG=y CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y CONFIG_HAVE_CONTEXT_TRACKING_USER=y CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y @@ -608,6 +708,7 @@ CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y CONFIG_HAVE_ARCH_HUGE_VMAP=y CONFIG_HAVE_ARCH_HUGE_VMALLOC=y CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_PMD_MKWRITE=y CONFIG_HAVE_ARCH_SOFT_DIRTY=y CONFIG_HAVE_MOD_ARCH_SPECIFIC=y CONFIG_MODULES_USE_ELF_RELA=y @@ -656,6 +757,7 @@ CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y CONFIG_ARCH_HAS_ELFCORE_COMPAT=y CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y # # GCOV-based kernel profiling @@ -665,8 +767,9 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y # end of GCOV-based kernel profiling CONFIG_HAVE_GCC_PLUGINS=y -CONFIG_GCC_PLUGINS=y -# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +CONFIG_FUNCTION_ALIGNMENT_4B=y +CONFIG_FUNCTION_ALIGNMENT_16B=y +CONFIG_FUNCTION_ALIGNMENT=16 # end of General architecture-dependent options CONFIG_RT_MUTEXES=y @@ -711,7 +814,6 @@ CONFIG_PARTITION_ADVANCED=y # CONFIG_CMDLINE_PARTITION is not set # end of Partition Types -CONFIG_BLOCK_COMPAT=y CONFIG_BLK_MQ_VIRTIO=y CONFIG_BLK_PM=y CONFIG_BLOCK_HOLDER_DEPRECATED=y @@ -761,14 +863,15 @@ CONFIG_SWAP=y # # SLAB allocator options # -# CONFIG_SLAB is not set +# CONFIG_SLAB_DEPRECATED is not set CONFIG_SLUB=y -# CONFIG_SLOB is not set +# CONFIG_SLUB_TINY is not set CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLAB_FREELIST_RANDOM is not set CONFIG_SLAB_FREELIST_HARDENED=y # CONFIG_SLUB_STATS is not set CONFIG_SLUB_CPU_PARTIAL=y +# CONFIG_RANDOM_KMALLOC_CACHES is not set # end of SLAB allocator options # CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set @@ -777,6 +880,8 @@ CONFIG_SPARSEMEM=y CONFIG_SPARSEMEM_EXTREME=y CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP=y CONFIG_HAVE_FAST_GUP=y CONFIG_MEMORY_ISOLATION=y CONFIG_EXCLUSIVE_SYSTEM_RAM=y @@ -787,11 +892,13 @@ CONFIG_MEMORY_HOTPLUG=y # CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set CONFIG_MEMORY_HOTREMOVE=y CONFIG_MHP_MEMMAP_ON_MEMORY=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y CONFIG_MEMORY_BALLOON=y CONFIG_BALLOON_COMPACTION=y CONFIG_COMPACTION=y +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 CONFIG_PAGE_REPORTING=y CONFIG_MIGRATION=y CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y @@ -826,14 +933,19 @@ CONFIG_ARCH_HAS_PKEYS=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_PERCPU_STATS=y # CONFIG_GUP_TEST is not set +# CONFIG_DMAPOOL_TEST is not set CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_MEMFD_CREATE=y CONFIG_SECRETMEM=y # CONFIG_ANON_VMA_NAME is not set CONFIG_USERFAULTFD=y CONFIG_HAVE_ARCH_USERFAULTFD_WP=y CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y -CONFIG_PTE_MARKER=y CONFIG_PTE_MARKER_UFFD_WP=y +# CONFIG_LRU_GEN is not set +CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y +CONFIG_PER_VMA_LOCK=y +CONFIG_LOCK_MM_AND_FIND_VMA=y # # Data Access Monitoring @@ -843,6 +955,9 @@ CONFIG_PTE_MARKER_UFFD_WP=y # end of Memory Management options CONFIG_NET=y +CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y +CONFIG_NET_XGRESS=y CONFIG_SKB_EXTENSIONS=y # @@ -877,6 +992,7 @@ CONFIG_SYN_COOKIES=y # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 # CONFIG_INET_DIAG is not set CONFIG_TCP_CONG_ADVANCED=y # CONFIG_TCP_CONG_BIC is not set @@ -916,7 +1032,6 @@ CONFIG_NET_PTP_CLASSIFY=y # CONFIG_BRIDGE is not set # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set @@ -943,6 +1058,7 @@ CONFIG_VIRTIO_VSOCKETS_COMMON=y # CONFIG_NET_NCSI is not set CONFIG_TSI=y CONFIG_PCPU_DEV_REFCNT=y +CONFIG_MAX_SKB_FRAGS=17 CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_SOCK_RX_QUEUE_MAPPING=y @@ -1007,6 +1123,7 @@ CONFIG_PREVENT_FIRMWARE_BUILD=y # Firmware loader # CONFIG_FW_LOADER=y +CONFIG_FW_LOADER_DEBUG=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_FW_LOADER_USER_HELPER is not set # CONFIG_FW_LOADER_COMPRESS is not set @@ -1021,6 +1138,7 @@ CONFIG_GENERIC_CPU_AUTOPROBE=y CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_DMA_SHARED_BUFFER=y # CONFIG_DMA_FENCE_TRACE is not set +# CONFIG_FW_DEVLINK_SYNC_STATE_TIMEOUT is not set # end of Generic Driver Options # @@ -1030,6 +1148,11 @@ CONFIG_DMA_SHARED_BUFFER=y # CONFIG_MHI_BUS_EP is not set # end of Bus devices +# +# Cache Drivers +# +# end of Cache Drivers + CONFIG_CONNECTOR=y CONFIG_PROC_EVENTS=y @@ -1048,6 +1171,26 @@ CONFIG_FIRMWARE_MEMMAP=y # CONFIG_SYSFB_SIMPLEFB is not set # CONFIG_GOOGLE_FIRMWARE is not set +# +# EFI (Extensible Firmware Interface) Support +# +CONFIG_EFI_ESRT=y +CONFIG_EFI_DXE_MEM_ATTRIBUTES=y +CONFIG_EFI_RUNTIME_WRAPPERS=y +# CONFIG_EFI_BOOTLOADER_CONTROL is not set +# CONFIG_EFI_CAPSULE_LOADER is not set +# CONFIG_EFI_TEST is not set +# CONFIG_APPLE_PROPERTIES is not set +# CONFIG_RESET_ATTACK_MITIGATION is not set +# CONFIG_EFI_RCI2_TABLE is not set +# CONFIG_EFI_DISABLE_PCI_DMA is not set +CONFIG_EFI_EARLYCON=y +# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set +# CONFIG_EFI_DISABLE_RUNTIME is not set +# CONFIG_EFI_COCO_SECRET is not set +CONFIG_UNACCEPTED_MEMORY=y +# end of EFI (Extensible Firmware Interface) Support + # # Tegra firmware driver # @@ -1059,6 +1202,13 @@ CONFIG_FIRMWARE_MEMMAP=y # CONFIG_OF is not set CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y # CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y CONFIG_BLK_DEV=y # CONFIG_BLK_DEV_NULL_BLK is not set # CONFIG_BLK_DEV_FD is not set @@ -1118,6 +1268,7 @@ CONFIG_SCSI_MOD=y # CONFIG_ATA is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set +CONFIG_MD_BITMAP_FILE=y # CONFIG_BCACHE is not set CONFIG_BLK_DEV_DM_BUILTIN=y CONFIG_BLK_DEV_DM=y @@ -1171,7 +1322,9 @@ CONFIG_VETH=y CONFIG_VIRTIO_NET=y # CONFIG_NLMON is not set # CONFIG_ETHERNET is not set +# CONFIG_NET_SB1000 is not set # CONFIG_PHYLIB is not set +# CONFIG_PSE_CONTROLLER is not set # CONFIG_MDIO_DEVICE is not set # @@ -1194,6 +1347,7 @@ CONFIG_VIRTIO_NET=y # CONFIG_WWAN is not set # end of Wireless WAN +# CONFIG_FUJITSU_ES is not set # CONFIG_NETDEVSIM is not set CONFIG_NET_FAILOVER=y # CONFIG_ISDN is not set @@ -1245,6 +1399,7 @@ CONFIG_HW_CONSOLE=y CONFIG_VT_HW_CONSOLE_BINDING=y CONFIG_UNIX98_PTYS=y # CONFIG_LEGACY_PTYS is not set +CONFIG_LEGACY_TIOCSTI=y CONFIG_LDISC_AUTOLOAD=y # @@ -1253,6 +1408,7 @@ CONFIG_LDISC_AUTOLOAD=y CONFIG_SERIAL_EARLYCON=y CONFIG_SERIAL_8250=y CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y +CONFIG_SERIAL_8250_PNP=y # CONFIG_SERIAL_8250_16550A_VARIANTS is not set # CONFIG_SERIAL_8250_FINTEK is not set CONFIG_SERIAL_8250_CONSOLE=y @@ -1292,11 +1448,11 @@ CONFIG_VIRTIO_CONSOLE=y # CONFIG_MWAVE is not set CONFIG_DEVMEM=y # CONFIG_NVRAM is not set +CONFIG_DEVPORT=y +# CONFIG_HPET is not set # CONFIG_HANGCHECK_TIMER is not set # CONFIG_TCG_TPM is not set # CONFIG_TELCLOCK is not set -# CONFIG_RANDOM_TRUST_CPU is not set -# CONFIG_RANDOM_TRUST_BOOTLOADER is not set # end of Character devices # @@ -1333,6 +1489,8 @@ CONFIG_PTP_1588_CLOCK_OPTIONAL=y # Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. # CONFIG_PTP_1588_CLOCK_KVM=y +# CONFIG_PTP_1588_CLOCK_MOCK is not set +# CONFIG_PTP_1588_CLOCK_VMW is not set # end of PTP clock support # CONFIG_PINCTRL is not set @@ -1341,7 +1499,37 @@ CONFIG_PTP_1588_CLOCK_KVM=y # CONFIG_POWER_RESET is not set # CONFIG_POWER_SUPPLY is not set # CONFIG_HWMON is not set -# CONFIG_THERMAL is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_WRITABLE_TRIPS=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +CONFIG_THERMAL_GOV_USER_SPACE=y +# CONFIG_THERMAL_EMULATION is not set + +# +# Intel thermal drivers +# +# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_X86_THERMAL_VECTOR=y +CONFIG_INTEL_TCC=y +CONFIG_X86_PKG_TEMP_THERMAL=y + +# +# ACPI INT340X thermal drivers +# +# end of ACPI INT340X thermal drivers + +# CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_HFI_THERMAL is not set +# end of Intel thermal drivers + # CONFIG_WATCHDOG is not set CONFIG_SSB_POSSIBLE=y # CONFIG_SSB is not set @@ -1352,12 +1540,12 @@ CONFIG_BCMA_POSSIBLE=y # Multifunction device drivers # # CONFIG_MFD_MADERA is not set -# CONFIG_HTC_PASIC3 is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_PMC_BXT is not set # CONFIG_MFD_KEMPLD is not set # CONFIG_MFD_MT6397 is not set # CONFIG_MFD_SM501 is not set # CONFIG_MFD_SYSCON is not set -# CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_TQMX86 is not set # CONFIG_RAVE_SP_CORE is not set # end of Multifunction device drivers @@ -1376,14 +1564,10 @@ CONFIG_BCMA_POSSIBLE=y # # Graphics support # +# CONFIG_AUXDISPLAY is not set # CONFIG_DRM is not set # CONFIG_DRM_DEBUG_MODESET_LOCK is not set -# -# ARM devices -# -# end of ARM devices - # # Frame buffer Devices # @@ -1408,13 +1592,8 @@ CONFIG_DUMMY_CONSOLE_ROWS=25 # end of Graphics support # CONFIG_SOUND is not set - -# -# HID support -# +CONFIG_HID_SUPPORT=y # CONFIG_HID is not set -# end of HID support - CONFIG_USB_OHCI_LITTLE_ENDIAN=y # CONFIG_USB_SUPPORT is not set # CONFIG_MMC is not set @@ -1433,8 +1612,11 @@ CONFIG_DMADEVICES=y # # DMA Devices # +CONFIG_DMA_ACPI=y # CONFIG_ALTERA_MSGDMA is not set # CONFIG_INTEL_IDMA64 is not set +# CONFIG_XILINX_DMA is not set +# CONFIG_XILINX_XDMA is not set # CONFIG_QCOM_HIDMA_MGMT is not set # CONFIG_QCOM_HIDMA is not set # CONFIG_DW_DMAC is not set @@ -1454,10 +1636,11 @@ CONFIG_SYNC_FILE=y # CONFIG_DMABUF_SYSFS_STATS is not set # end of DMABUF options -# CONFIG_AUXDISPLAY is not set # CONFIG_UIO is not set # CONFIG_VFIO is not set CONFIG_VIRT_DRIVERS=y +CONFIG_VMGENID=y +# CONFIG_EFI_SECRET is not set CONFIG_CMDLINE_SECRET=y CONFIG_SEV_GUEST=y CONFIG_VIRTIO_ANCHOR=y @@ -1474,6 +1657,7 @@ CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y # # Microsoft Hyper-V guest support # +# CONFIG_HYPERV is not set # end of Microsoft Hyper-V guest support # CONFIG_GREYBUS is not set @@ -1484,9 +1668,22 @@ CONFIG_STAGING=y # CONFIG_CHROME_PLATFORMS is not set # CONFIG_MELLANOX_PLATFORM is not set CONFIG_SURFACE_PLATFORMS=y +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_SURFACE_AGGREGATOR is not set CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACPI_WMI is not set +# CONFIG_ACERHDF is not set +# CONFIG_ACER_WIRELESS is not set +# CONFIG_ADV_SWBUTTON is not set +# CONFIG_ASUS_WIRELESS is not set # CONFIG_X86_PLATFORM_DRIVERS_DELL is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_GPD_POCKET_FAN is not set +# CONFIG_X86_PLATFORM_DRIVERS_HP is not set +# CONFIG_WIRELESS_HOTKEY is not set # CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_IFS is not set +# CONFIG_INTEL_SAR_INT1092 is not set # # Intel Uncore Frequency Control @@ -1495,7 +1692,16 @@ CONFIG_X86_PLATFORM_DEVICES=y # end of Intel Uncore Frequency Control # CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set # CONFIG_INTEL_TURBO_MAX_3 is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_INTEL_SCU_PLATFORM is not set +# CONFIG_SIEMENS_SIMATIC_IPC is not set # CONFIG_WINMATE_FM07_KEYS is not set CONFIG_HAVE_CLK=y CONFIG_HAVE_CLK_PREPARE=y @@ -1511,7 +1717,9 @@ CONFIG_I8253_LOCK=y CONFIG_CLKBLD_I8253=y # end of Clock Source drivers -# CONFIG_MAILBOX is not set +CONFIG_MAILBOX=y +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set # CONFIG_IOMMU_SUPPORT is not set # @@ -1523,9 +1731,12 @@ CONFIG_CLKBLD_I8253=y # # Rpmsg drivers # +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set # CONFIG_RPMSG_VIRTIO is not set # end of Rpmsg drivers +# CONFIG_SOUNDWIRE is not set + # # SOC (System On Chip) specific Drivers # @@ -1560,6 +1771,8 @@ CONFIG_CLKBLD_I8253=y # # end of Enable LiteX SoC Builder specific drivers +# CONFIG_WPCM450_SOC is not set + # # Qualcomm SoC drivers # @@ -1647,6 +1860,8 @@ CONFIG_CLKBLD_I8253=y CONFIG_DCACHE_WORD_ACCESS=y # CONFIG_VALIDATE_FS_PARSER is not set CONFIG_FS_IOMAP=y +CONFIG_BUFFER_HEAD=y +CONFIG_LEGACY_DIRECT_IO=y # CONFIG_EXT2_FS is not set # CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y @@ -1660,6 +1875,14 @@ CONFIG_FS_MBCACHE=y # CONFIG_REISERFS_FS is not set # CONFIG_JFS_FS is not set CONFIG_XFS_FS=y +CONFIG_XFS_SUPPORT_V4=y +CONFIG_XFS_SUPPORT_ASCII_CI=y +# CONFIG_XFS_QUOTA is not set +# CONFIG_XFS_POSIX_ACL is not set +# CONFIG_XFS_RT is not set +# CONFIG_XFS_ONLINE_SCRUB is not set +# CONFIG_XFS_WARN is not set +# CONFIG_XFS_DEBUG is not set # CONFIG_GFS2_FS is not set # CONFIG_BTRFS_FS is not set # CONFIG_NILFS2_FS is not set @@ -1676,7 +1899,6 @@ CONFIG_INOTIFY_USER=y CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y # CONFIG_QUOTA is not set -# CONFIG_AUTOFS4_FS is not set # CONFIG_AUTOFS_FS is not set # CONFIG_FUSE_FS is not set # CONFIG_OVERLAY_FS is not set @@ -1697,8 +1919,12 @@ CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y # # DOS/FAT/EXFAT/NT Filesystems # +CONFIG_FAT_FS=y # CONFIG_MSDOS_FS is not set CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" +# CONFIG_FAT_DEFAULT_UTF8 is not set # CONFIG_EXFAT_FS is not set # CONFIG_NTFS_FS is not set # CONFIG_NTFS3_FS is not set @@ -1719,14 +1945,14 @@ CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_TMPFS_XATTR=y # CONFIG_TMPFS_INODE64 is not set +# CONFIG_TMPFS_QUOTA is not set CONFIG_HUGETLBFS=y CONFIG_HUGETLB_PAGE=y -CONFIG_ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y # CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set -CONFIG_MEMFD_CREATE=y CONFIG_ARCH_HAS_GIGANTIC_PAGE=y # CONFIG_CONFIGFS_FS is not set +CONFIG_EFIVAR_FS=y # end of Pseudo filesystems # CONFIG_MISC_FILESYSTEMS is not set @@ -1802,7 +2028,6 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y # CONFIG_SECURITY_PATH is not set -CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y # CONFIG_HARDENED_USERCOPY is not set CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set @@ -1816,6 +2041,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_LOCKDOWN_LSM is not set # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_INTEGRITY is not set +# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" @@ -1832,16 +2058,20 @@ CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y CONFIG_INIT_STACK_NONE=y # CONFIG_INIT_STACK_ALL_PATTERN is not set # CONFIG_INIT_STACK_ALL_ZERO is not set -# CONFIG_GCC_PLUGIN_STACKLEAK is not set # CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y # CONFIG_ZERO_CALL_USED_REGS is not set # end of Memory initialization +# +# Hardening of kernel data structures +# +CONFIG_LIST_HARDENED=y +CONFIG_BUG_ON_DATA_CORRUPTION=y +# end of Hardening of kernel data structures + CONFIG_RANDSTRUCT_NONE=y -# CONFIG_RANDSTRUCT_FULL is not set -# CONFIG_RANDSTRUCT_PERFORMANCE is not set # end of Kernel hardening options # end of Security options @@ -1857,6 +2087,7 @@ CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SIG2=y CONFIG_CRYPTO_SKCIPHER=y CONFIG_CRYPTO_SKCIPHER2=y CONFIG_CRYPTO_HASH=y @@ -1873,7 +2104,6 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_USER is not set CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y -CONFIG_CRYPTO_GF128MUL=y CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_NULL2=y # CONFIG_CRYPTO_PCRYPT is not set @@ -1881,6 +2111,7 @@ CONFIG_CRYPTO_CRYPTD=y CONFIG_CRYPTO_AUTHENC=y # CONFIG_CRYPTO_TEST is not set CONFIG_CRYPTO_SIMD=y +# end of Crypto core or helper # # Public-key cryptography @@ -1894,112 +2125,87 @@ CONFIG_CRYPTO_ECDH=y # CONFIG_CRYPTO_ECRDSA is not set # CONFIG_CRYPTO_SM2 is not set # CONFIG_CRYPTO_CURVE25519 is not set -# CONFIG_CRYPTO_CURVE25519_X86 is not set +# end of Public-key cryptography # -# Authenticated Encryption with Associated Data +# Block ciphers # -# CONFIG_CRYPTO_CCM is not set -CONFIG_CRYPTO_GCM=y -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_AEGIS128=y -CONFIG_CRYPTO_AEGIS128_AESNI_SSE2=y -CONFIG_CRYPTO_SEQIV=y -# CONFIG_CRYPTO_ECHAINIV is not set +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_TI=y +# CONFIG_CRYPTO_ARIA is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +# CONFIG_CRYPTO_DES is not set +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4_GENERIC is not set +# CONFIG_CRYPTO_TWOFISH is not set +# end of Block ciphers # -# Block modes +# Length-preserving ciphers and modes # +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_CHACHA20 is not set CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CTR=y CONFIG_CRYPTO_CTS=y CONFIG_CRYPTO_ECB=y +# CONFIG_CRYPTO_HCTR2 is not set +# CONFIG_CRYPTO_KEYWRAP is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_OFB is not set # CONFIG_CRYPTO_PCBC is not set CONFIG_CRYPTO_XTS=y -# CONFIG_CRYPTO_KEYWRAP is not set -# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set -# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set -# CONFIG_CRYPTO_ADIANTUM is not set -# CONFIG_CRYPTO_HCTR2 is not set -CONFIG_CRYPTO_ESSIV=y +# end of Length-preserving ciphers and modes # -# Hash modes +# AEAD (authenticated encryption with associated data) ciphers # -# CONFIG_CRYPTO_CMAC is not set -CONFIG_CRYPTO_HMAC=y -# CONFIG_CRYPTO_XCBC is not set -# CONFIG_CRYPTO_VMAC is not set +CONFIG_CRYPTO_AEGIS128=y +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_CCM is not set +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_GENIV=y +CONFIG_CRYPTO_SEQIV=y +# CONFIG_CRYPTO_ECHAINIV is not set +CONFIG_CRYPTO_ESSIV=y +# end of AEAD (authenticated encryption with associated data) ciphers # -# Digest +# Hashes, digests, and MACs # -CONFIG_CRYPTO_CRC32C=y -# CONFIG_CRYPTO_CRC32C_INTEL is not set -# CONFIG_CRYPTO_CRC32 is not set -# CONFIG_CRYPTO_CRC32_PCLMUL is not set -# CONFIG_CRYPTO_XXHASH is not set # CONFIG_CRYPTO_BLAKE2B is not set -# CONFIG_CRYPTO_BLAKE2S_X86 is not set -CONFIG_CRYPTO_CRCT10DIF=y -CONFIG_CRYPTO_CRCT10DIF_PCLMUL=y +# CONFIG_CRYPTO_CMAC is not set CONFIG_CRYPTO_GHASH=y -# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set -# CONFIG_CRYPTO_POLY1305 is not set -# CONFIG_CRYPTO_POLY1305_X86_64 is not set +CONFIG_CRYPTO_HMAC=y # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set +# CONFIG_CRYPTO_POLY1305 is not set # CONFIG_CRYPTO_RMD160 is not set CONFIG_CRYPTO_SHA1=y -# CONFIG_CRYPTO_SHA1_SSSE3 is not set -# CONFIG_CRYPTO_SHA256_SSSE3 is not set -# CONFIG_CRYPTO_SHA512_SSSE3 is not set CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y -# CONFIG_CRYPTO_SHA3 is not set +CONFIG_CRYPTO_SHA3=y # CONFIG_CRYPTO_SM3_GENERIC is not set -# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set # CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_VMAC is not set # CONFIG_CRYPTO_WP512 is not set -# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_XXHASH is not set +# end of Hashes, digests, and MACs # -# Ciphers +# CRCs (cyclic redundancy checks) # -CONFIG_CRYPTO_AES=y -CONFIG_CRYPTO_AES_TI=y -# CONFIG_CRYPTO_AES_NI_INTEL is not set -# CONFIG_CRYPTO_BLOWFISH is not set -# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA is not set -# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set -# CONFIG_CRYPTO_CAST5 is not set -# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAST6 is not set -# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set -# CONFIG_CRYPTO_DES is not set -# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set -# CONFIG_CRYPTO_FCRYPT is not set -# CONFIG_CRYPTO_CHACHA20 is not set -# CONFIG_CRYPTO_CHACHA20_X86_64 is not set -# CONFIG_CRYPTO_ARIA is not set -# CONFIG_CRYPTO_SERPENT is not set -# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set -# CONFIG_CRYPTO_SM4_GENERIC is not set -# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set -# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set -# CONFIG_CRYPTO_TWOFISH is not set -# CONFIG_CRYPTO_TWOFISH_X86_64 is not set -# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set -# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32 is not set +CONFIG_CRYPTO_CRCT10DIF=y +# end of CRCs (cyclic redundancy checks) # # Compression @@ -2010,9 +2216,10 @@ CONFIG_CRYPTO_LZO=y # CONFIG_CRYPTO_LZ4 is not set # CONFIG_CRYPTO_LZ4HC is not set # CONFIG_CRYPTO_ZSTD is not set +# end of Compression # -# Random Number Generation +# Random number generation # # CONFIG_CRYPTO_ANSI_CPRNG is not set CONFIG_CRYPTO_DRBG_MENU=y @@ -2021,11 +2228,59 @@ CONFIG_CRYPTO_DRBG_HASH=y CONFIG_CRYPTO_DRBG_CTR=y CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_JITTERENTROPY=y +# CONFIG_CRYPTO_JITTERENTROPY_TESTINTERFACE is not set CONFIG_CRYPTO_KDF800108_CTR=y +# end of Random number generation + +# +# Userspace interface +# # CONFIG_CRYPTO_USER_API_HASH is not set # CONFIG_CRYPTO_USER_API_SKCIPHER is not set # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set +# end of Userspace interface + +# +# Accelerated Cryptographic Algorithms for CPU (x86) +# +# CONFIG_CRYPTO_CURVE25519_X86 is not set +# CONFIG_CRYPTO_AES_NI_INTEL is not set +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set +# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_ARIA_GFNI_AVX512_X86_64 is not set +# CONFIG_CRYPTO_CHACHA20_X86_64 is not set +CONFIG_CRYPTO_AEGIS128_AESNI_SSE2=y +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +# CONFIG_CRYPTO_BLAKE2S_X86 is not set +# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set +# CONFIG_CRYPTO_POLY1305_X86_64 is not set +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +CONFIG_CRYPTO_CRCT10DIF_PCLMUL=y +# end of Accelerated Cryptographic Algorithms for CPU (x86) + # CONFIG_CRYPTO_HW is not set # CONFIG_ASYMMETRIC_KEY_TYPE is not set @@ -2057,7 +2312,9 @@ CONFIG_ARCH_USE_SYM_ANNOTATIONS=y # # Crypto library routines # +CONFIG_CRYPTO_LIB_UTILS=y CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_GF128MUL=y CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y # CONFIG_CRYPTO_LIB_CHACHA is not set # CONFIG_CRYPTO_LIB_CURVE25519 is not set @@ -2068,7 +2325,6 @@ CONFIG_CRYPTO_LIB_SHA1=y CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines -CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC_T10DIF=y @@ -2106,6 +2362,7 @@ CONFIG_GENERIC_ALLOCATOR=y CONFIG_XARRAY_MULTI=y CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y CONFIG_NEED_SG_DMA_LENGTH=y @@ -2113,21 +2370,28 @@ CONFIG_NEED_DMA_MAP_STATE=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y CONFIG_ARCH_HAS_FORCE_DMA_UNENCRYPTED=y CONFIG_SWIOTLB=y +# CONFIG_SWIOTLB_DYNAMIC is not set CONFIG_DMA_COHERENT_POOL=y # CONFIG_DMA_API_DEBUG is not set # CONFIG_DMA_MAP_BENCHMARK is not set CONFIG_SGL_ALLOC=y +# CONFIG_FORCE_NR_CPUS is not set CONFIG_CPU_RMAP=y CONFIG_DQL=y CONFIG_NLATTR=y CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y +CONFIG_UCS2_STRING=y CONFIG_HAVE_GENERIC_VDSO=y CONFIG_GENERIC_GETTIMEOFDAY=y CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_FONT_SUPPORT=y +CONFIG_FONT_8x16=y +CONFIG_FONT_AUTOSELECT=y CONFIG_SG_POOL=y CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION=y CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y CONFIG_ARCH_HAS_COPY_MC=y CONFIG_ARCH_STACKWALK=y @@ -2161,6 +2425,7 @@ CONFIG_DEBUG_MISC=y # # Compile-time checks and compiler options # +CONFIG_AS_HAS_NON_CONST_LEB128=y CONFIG_DEBUG_INFO_NONE=y # CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set # CONFIG_DEBUG_INFO_DWARF4 is not set @@ -2222,10 +2487,11 @@ CONFIG_ARCH_HAS_DEBUG_WX=y # CONFIG_DEBUG_WX is not set CONFIG_GENERIC_PTDUMP=y # CONFIG_PTDUMP_DEBUGFS is not set -# CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SHRINKER_DEBUG is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_PER_VMA_LOCK_STATS is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SHRINKER_DEBUG is not set # CONFIG_DEBUG_STACK_USAGE is not set # CONFIG_SCHED_STACK_END_CHECK is not set CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y @@ -2244,6 +2510,7 @@ CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y # CONFIG_KASAN is not set CONFIG_HAVE_ARCH_KFENCE=y # CONFIG_KFENCE is not set +CONFIG_HAVE_ARCH_KMSAN=y # end of Memory Debugging # CONFIG_DEBUG_SHIRQ is not set @@ -2255,10 +2522,12 @@ CONFIG_HAVE_ARCH_KFENCE=y CONFIG_PANIC_ON_OOPS_VALUE=0 CONFIG_PANIC_TIMEOUT=0 # CONFIG_SOFTLOCKUP_DETECTOR is not set -CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y # CONFIG_HARDLOCKUP_DETECTOR is not set +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y # CONFIG_DETECT_HUNG_TASK is not set # CONFIG_WQ_WATCHDOG is not set +# CONFIG_WQ_CPU_INTENSIVE_REPORT is not set # end of Debug Oops, Lockups and Hangs # @@ -2292,6 +2561,7 @@ CONFIG_LOCK_DEBUGGING_SUPPORT=y # CONFIG_CSD_LOCK_WAIT_DEBUG is not set # end of Lock Debugging (spinlocks, mutexes, etc...) +# CONFIG_NMI_CHECK_CPU is not set # CONFIG_DEBUG_IRQFLAGS is not set CONFIG_STACKTRACE=y # CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set @@ -2304,11 +2574,9 @@ CONFIG_DEBUG_LIST=y # CONFIG_DEBUG_PLIST is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set -CONFIG_BUG_ON_DATA_CORRUPTION=y +# CONFIG_DEBUG_MAPLE_TREE is not set # end of Debug kernel data structures -# CONFIG_DEBUG_CREDENTIALS is not set - # # RCU Debugging # @@ -2317,6 +2585,7 @@ CONFIG_BUG_ON_DATA_CORRUPTION=y # CONFIG_RCU_REF_SCALE_TEST is not set CONFIG_RCU_CPU_STALL_TIMEOUT=59 CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +# CONFIG_RCU_CPU_STALL_CPUTIME is not set # CONFIG_RCU_TRACE is not set # CONFIG_RCU_EQS_DEBUG is not set # end of RCU Debugging @@ -2331,10 +2600,12 @@ CONFIG_HAVE_DYNAMIC_FTRACE=y CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y CONFIG_HAVE_SYSCALL_TRACEPOINTS=y CONFIG_HAVE_FENTRY=y CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_OBJTOOL_NOP_MCOUNT=y CONFIG_HAVE_C_RECORDMCOUNT=y CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y CONFIG_TRACING_SUPPORT=y @@ -2351,6 +2622,7 @@ CONFIG_STRICT_DEVMEM=y # CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y +# CONFIG_EFI_PGT_DUMP is not set # CONFIG_DEBUG_TLBFLUSH is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=y # CONFIG_X86_DECODER_SELFTEST is not set @@ -2377,6 +2649,7 @@ CONFIG_ARCH_HAS_KCOV=y CONFIG_CC_HAS_SANCOV_TRACE_PC=y # CONFIG_KCOV is not set CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_TEST_DHRY is not set # CONFIG_LKDTM is not set # CONFIG_TEST_MIN_HEAP is not set # CONFIG_TEST_DIV64 is not set @@ -2389,20 +2662,20 @@ CONFIG_RUNTIME_TESTING_MENU=y # CONFIG_TEST_HEXDUMP is not set # CONFIG_STRING_SELFTEST is not set # CONFIG_TEST_STRING_HELPERS is not set -# CONFIG_TEST_STRSCPY is not set # CONFIG_TEST_KSTRTOX is not set # CONFIG_TEST_PRINTF is not set # CONFIG_TEST_SCANF is not set # CONFIG_TEST_BITMAP is not set # CONFIG_TEST_UUID is not set # CONFIG_TEST_XARRAY is not set +# CONFIG_TEST_MAPLE_TREE is not set # CONFIG_TEST_RHASHTABLE is not set -# CONFIG_TEST_SIPHASH is not set # CONFIG_TEST_IDA is not set # CONFIG_FIND_BIT_BENCHMARK is not set # CONFIG_TEST_FIRMWARE is not set # CONFIG_TEST_SYSCTL is not set # CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_DYNAMIC_DEBUG is not set # CONFIG_TEST_MEMCAT_P is not set # CONFIG_TEST_MEMINIT is not set # CONFIG_TEST_FREE_PAGES is not set @@ -2411,4 +2684,9 @@ CONFIG_RUNTIME_TESTING_MENU=y CONFIG_ARCH_USE_MEMTEST=y # CONFIG_MEMTEST is not set # end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking # end of Kernel hacking diff --git a/patches-sev/0012-virtio-enable-DMA-API-if-memory-is-restricted.patch b/patches-sev/0012-virtio-enable-DMA-API-if-memory-is-restricted.patch index c0f162b..9917529 100644 --- a/patches-sev/0012-virtio-enable-DMA-API-if-memory-is-restricted.patch +++ b/patches-sev/0012-virtio-enable-DMA-API-if-memory-is-restricted.patch @@ -1,4 +1,4 @@ -From eb36cefd65edcdcf7151428b99c028f43e23a835 Mon Sep 17 00:00:00 2001 +From d93ce33345c5f2b98dd9755305b0d9d398700a82 Mon Sep 17 00:00:00 2001 From: Sergio Lopez <slp@sinrega.org> Date: Fri, 10 Sep 2021 13:05:01 +0200 Subject: [PATCH 12/15] virtio: enable DMA API if memory is restricted @@ -15,7 +15,7 @@ Signed-off-by: Sergio Lopez <slp@redhat.com> 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c -index 3893dc29eb26..1c1821200ff4 100644 +index 71dee622b771..f92475dbca43 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -180,12 +180,6 @@ static int virtio_features_ok(struct virtio_device *dev) @@ -32,7 +32,7 @@ index 3893dc29eb26..1c1821200ff4 100644 if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c -index 49299b1f9ec7..10b42919cdf5 100644 +index 6f7e5010a673..d40dbac45284 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -6,6 +6,7 @@ @@ -54,5 +54,5 @@ index 49299b1f9ec7..10b42919cdf5 100644 /* * In theory, it's possible to have a buggy QEMU-supposed -- -2.43.0 +2.45.1 diff --git a/patches-sev/0013-x86-sev-write-AP-reset-vector.patch b/patches-sev/0013-x86-sev-write-AP-reset-vector.patch index c17acf1..2668e8f 100644 --- a/patches-sev/0013-x86-sev-write-AP-reset-vector.patch +++ b/patches-sev/0013-x86-sev-write-AP-reset-vector.patch @@ -1,4 +1,4 @@ -From 33ec7f77be813f455a9215591ad9972752051074 Mon Sep 17 00:00:00 2001 +From 6aa274f70051eb95674044157079ca13fa701a0f Mon Sep 17 00:00:00 2001 From: Sergio Lopez <slp@redhat.com> Date: Thu, 20 Oct 2022 10:23:16 +0200 Subject: [PATCH 13/15] x86/sev: write AP reset vector @@ -12,10 +12,10 @@ Signed-off-by: Sergio Lopez <slp@redhat.com> 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c -index d87c6ff1f513..f16277f67536 100644 +index 9905dc0e0b09..38df85fd1324 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c -@@ -1128,6 +1128,29 @@ void __init snp_set_wakeup_secondary_cpu(void) +@@ -1116,6 +1116,29 @@ void __init snp_set_wakeup_secondary_cpu(void) apic_update_callback(wakeup_secondary_cpu, wakeup_cpu_via_vmgexit); } @@ -45,7 +45,7 @@ index d87c6ff1f513..f16277f67536 100644 int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh) { u16 startup_cs, startup_ip; -@@ -1139,7 +1162,7 @@ int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh) +@@ -1127,7 +1150,7 @@ int __init sev_es_setup_ap_jump_table(struct real_mode_header *rmh) /* On UP guests there is no jump table so this is not a failure */ if (!jump_table_addr) @@ -55,5 +55,5 @@ index d87c6ff1f513..f16277f67536 100644 /* Check if AP Jump Table is page-aligned */ if (jump_table_addr & ~PAGE_MASK) -- -2.43.0 +2.45.1 diff --git a/patches-sev/0014-Implement-driver-to-retrieve-secrets-from-cmdline.patch b/patches-sev/0014-Implement-driver-to-retrieve-secrets-from-cmdline.patch index 7857e22..928d536 100644 --- a/patches-sev/0014-Implement-driver-to-retrieve-secrets-from-cmdline.patch +++ b/patches-sev/0014-Implement-driver-to-retrieve-secrets-from-cmdline.patch @@ -1,4 +1,4 @@ -From 98629d2518028a03fb272870b30379e57ff0f5c7 Mon Sep 17 00:00:00 2001 +From 6430fda28a91d4b96e7da41fc61e3469ded4d272 Mon Sep 17 00:00:00 2001 From: Sergio Lopez <slp@redhat.com> Date: Wed, 3 Aug 2022 12:35:12 +0200 Subject: [PATCH 14/15] Implement driver to retrieve secrets from cmdline @@ -28,7 +28,7 @@ Signed-off-by: Sergio Lopez <slp@redhat.com> create mode 100644 drivers/virt/coco/cmdline_secret/cmdline_secret.c diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index b098b1fa2470..743e50066bfe 100644 +index eb129277dcdd..3906896a62af 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -876,7 +876,9 @@ void __init setup_arch(char **cmdline_p) @@ -261,10 +261,10 @@ index 01b52c9c7526..889a0cf32832 100644 /* used by init/main.c */ diff --git a/init/main.c b/init/main.c -index e24b0780fdff..1281bab9894f 100644 +index b25c779e93ac..fd0066bc5894 100644 --- a/init/main.c +++ b/init/main.c -@@ -146,6 +146,11 @@ static char *extra_command_line; +@@ -147,6 +147,11 @@ static char *extra_command_line; /* Extra init arguments */ static char *extra_init_args; @@ -276,7 +276,7 @@ index e24b0780fdff..1281bab9894f 100644 #ifdef CONFIG_BOOT_CONFIG /* Is bootconfig on command line? */ static bool bootconfig_found; -@@ -668,6 +673,14 @@ static void __init setup_command_line(char *command_line) +@@ -671,6 +676,14 @@ static void __init setup_command_line(char *command_line) } saved_command_line_len = strlen(saved_command_line); @@ -292,5 +292,5 @@ index e24b0780fdff..1281bab9894f 100644 /* -- -2.43.0 +2.45.1 diff --git a/patches-sev/0015-x86-sev-Avoid-using-native_cpuid.patch b/patches-sev/0015-x86-sev-Avoid-using-native_cpuid.patch index f1b7d80..0e82f13 100644 --- a/patches-sev/0015-x86-sev-Avoid-using-native_cpuid.patch +++ b/patches-sev/0015-x86-sev-Avoid-using-native_cpuid.patch @@ -1,6 +1,6 @@ -From 190c80375ed4faa469f620fd12b90dfe304ed767 Mon Sep 17 00:00:00 2001 +From 8e06ee2bf8580e382b58434d69dc6ea3697bb34d Mon Sep 17 00:00:00 2001 From: Sergio Lopez <slp@redhat.com> -Date: Thu, 20 Oct 2022 14:26:54 +0200 +Date: Wed, 5 Jun 2024 16:20:08 +0200 Subject: [PATCH 15/15] x86/sev: Avoid using native_cpuid In the state we get into the kernel from qboot-krunfw we can't return @@ -12,29 +12,23 @@ enabled and the location of the cbit. Signed-off-by: Sergio Lopez <slp@redhat.com> --- - arch/x86/mm/mem_encrypt_identity.c | 114 +++++++---------------------- - 1 file changed, 26 insertions(+), 88 deletions(-) + arch/x86/mm/mem_encrypt_identity.c | 26 +++----------------------- + 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c -index d73aeb16417f..4417c23632db 100644 +index cc47a818a640..a2b5b08eee23 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c -@@ -504,115 +504,53 @@ void __init sme_encrypt_kernel(struct boot_params *bp) - - void __init sme_enable(struct boot_params *bp) - { -- const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off; +@@ -495,37 +495,17 @@ void __head sme_enable(struct boot_params *bp) unsigned int eax, ebx, ecx, edx; -- unsigned long feature_mask; -- bool active_by_default; + unsigned long feature_mask; unsigned long me_mask; -- char buffer[16]; + unsigned long cbit; bool snp; u64 msr; -- snp = snp_init(bp); -- + snp = snp_init(bp); + - /* Check for the SME/SEV support leaf */ - eax = 0x80000000; - ecx = 0; @@ -42,10 +36,8 @@ index d73aeb16417f..4417c23632db 100644 - if (eax < 0x8000001f) - return; - --#define AMD_SME_BIT BIT(0) --#define AMD_SEV_BIT BIT(1) -+ /* Check the SEV MSR whether SEV or SME is enabled */ -+ sev_status = __rdmsr(MSR_AMD64_SEV); + #define AMD_SME_BIT BIT(0) + #define AMD_SEV_BIT BIT(1) - /* - * Check for the SME/SEV feature: @@ -61,106 +53,13 @@ index d73aeb16417f..4417c23632db 100644 - /* Check whether SEV or SME is supported */ - if (!(eax & (AMD_SEV_BIT | AMD_SME_BIT))) - return; -+ snp = snp_init(bp); - +- - me_mask = 1UL << (ebx & 0x3f); -+ if (snp || sev_status & MSR_AMD64_SEV_ES_ENABLED) { -+ cbit = __rdmsr(MSR_AMD64_SEV_ES_GHCB) >> 24; -+ me_mask = 1UL << (cbit & 0x3f); - -- /* Check the SEV MSR whether SEV or SME is enabled */ -- sev_status = __rdmsr(MSR_AMD64_SEV); -- feature_mask = (sev_status & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT; -+ /* The SEV-SNP CC blob should never be present unless SEV-SNP is enabled. */ -+ if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) -+ snp_abort(); -+ } else { - -- /* The SEV-SNP CC blob should never be present unless SEV-SNP is enabled. */ -- if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED)) -- snp_abort(); -+#define AMD_SME_BIT BIT(0) -+#define AMD_SEV_BIT BIT(1) - -- /* Check if memory encryption is enabled */ -- if (feature_mask == AMD_SME_BIT) { - /* -- * No SME if Hypervisor bit is set. This check is here to -- * prevent a guest from trying to enable SME. For running as a -- * KVM guest the MSR_AMD64_SYSCFG will be sufficient, but there -- * might be other hypervisors which emulate that MSR as non-zero -- * or even pass it through to the guest. -- * A malicious hypervisor can still trick a guest into this -- * path, but there is no way to protect against that. -+ * Check for the SME/SEV feature: -+ * CPUID Fn8000_001F[EAX] -+ * - Bit 0 - Secure Memory Encryption support -+ * - Bit 1 - Secure Encrypted Virtualization support -+ * CPUID Fn8000_001F[EBX] -+ * - Bits 5:0 - Pagetable bit position used to indicate encryption - */ -- eax = 1; -+ eax = 0x8000001f; - ecx = 0; - native_cpuid(&eax, &ebx, &ecx, &edx); -- if (ecx & BIT(31)) -+ /* Check whether SEV or SME is supported */ -+ if (!(eax & (AMD_SEV_BIT | AMD_SME_BIT))) - return; ++ cbit = __rdmsr(MSR_AMD64_SEV_ES_GHCB) >> 24; ++ me_mask = 1UL << (cbit & 0x3f); -- /* For SME, check the SYSCFG MSR */ -- msr = __rdmsr(MSR_AMD64_SYSCFG); -- if (!(msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT)) -- return; -- } else { -- /* SEV state cannot be controlled by a command line option */ -- sme_me_mask = me_mask; -- goto out; -+ me_mask = 1UL << (ebx & 0x3f); - } -+ -+ sme_me_mask = me_mask; - -- /* -- * Fixups have not been applied to phys_base yet and we're running -- * identity mapped, so we must obtain the address to the SME command -- * line argument data using rip-relative addressing. -- */ -- asm ("lea sme_cmdline_arg(%%rip), %0" -- : "=r" (cmdline_arg) -- : "p" (sme_cmdline_arg)); -- asm ("lea sme_cmdline_on(%%rip), %0" -- : "=r" (cmdline_on) -- : "p" (sme_cmdline_on)); -- asm ("lea sme_cmdline_off(%%rip), %0" -- : "=r" (cmdline_off) -- : "p" (sme_cmdline_off)); -- -- if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT)) -- active_by_default = true; -- else -- active_by_default = false; -- -- cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr | -- ((u64)bp->ext_cmd_line_ptr << 32)); -- -- if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0) -- return; -- -- if (!strncmp(buffer, cmdline_on, sizeof(buffer))) -- sme_me_mask = me_mask; -- else if (!strncmp(buffer, cmdline_off, sizeof(buffer))) -- sme_me_mask = 0; -- else -- sme_me_mask = active_by_default ? me_mask : 0; --out: - if (sme_me_mask) { - physical_mask &= ~sme_me_mask; - cc_vendor = CC_VENDOR_AMD; - cc_set_mask(sme_me_mask); - } - } -+ + /* Check the SEV MSR whether SEV or SME is enabled */ + RIP_REL_REF(sev_status) = msr = __rdmsr(MSR_AMD64_SEV); -- -2.43.0 +2.45.1 diff --git a/patches/0001-krunfw-Don-t-panic-when-init-dies.patch b/patches/0001-krunfw-Don-t-panic-when-init-dies.patch index 094beb0..7d38603 100644 --- a/patches/0001-krunfw-Don-t-panic-when-init-dies.patch +++ b/patches/0001-krunfw-Don-t-panic-when-init-dies.patch @@ -1,4 +1,4 @@ -From d0335120fc8a20c86c6ae7e997d0f66f0f720ea5 Mon Sep 17 00:00:00 2001 +From 9b38520109ca41f4a24a808b6d828773d8be1e3f Mon Sep 17 00:00:00 2001 From: Sergio Lopez <slp@redhat.com> Date: Thu, 2 Mar 2023 07:34:49 +0100 Subject: [PATCH 01/15] krunfw: Don't panic when init dies @@ -58,5 +58,5 @@ index 6ebef11c8876..4323caa5b871 100644 machine_restart(cmd); } -- -2.43.0 +2.45.1 diff --git a/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch b/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch index 23f8912..99f2018 100644 --- a/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch +++ b/patches/0002-krunfw-Ignore-run_cmd-on-orderly-reboot.patch @@ -1,4 +1,4 @@ -From 173727d23d401176bbaf1c0baf2b60aee83d540e Mon Sep 17 00:00:00 2001 +From 3f52a9c872f08a1bd8cceb91d26256bafad0ae67 Mon Sep 17 00:00:00 2001 From: Sergio Lopez <slp@redhat.com> Date: Mon, 16 May 2022 16:04:27 +0200 Subject: [PATCH 02/15] krunfw: Ignore run_cmd on orderly reboot @@ -28,5 +28,5 @@ index 4323caa5b871..d9d6f0dd2ebc 100644 if (ret) { pr_warn("Failed to start orderly reboot: forcing the issue\n"); -- -2.43.0 +2.45.1 diff --git a/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch b/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch index eed73ff..f71c843 100644 --- a/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch +++ b/patches/0003-vsock-dgram-generalize-recvmsg-and-drop-transport-dg.patch @@ -1,4 +1,4 @@ -From 4a59c212ef33bafeb8c354b882cb8159de7742f0 Mon Sep 17 00:00:00 2001 +From 915fb507c6b714320a1880a07447ce008ddbc409 Mon Sep 17 00:00:00 2001 From: Bobby Eshleman <bobby.eshleman () bytedance ! com> Date: Sat, 10 Jun 2023 00:58:28 +0000 Subject: [PATCH 03/15] vsock/dgram: generalize recvmsg and drop @@ -190,10 +190,10 @@ index e2157e387217..a83b30d366af 100644 .dgram_allow = hvs_dgram_allow, diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c -index a64bf601b480..06be719c7bd0 100644 +index 2925f5d27ad3..332d6d580cba 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c -@@ -429,9 +429,11 @@ static struct virtio_transport virtio_transport = { +@@ -430,9 +430,11 @@ static struct virtio_transport virtio_transport = { .cancel_pkt = virtio_transport_cancel_pkt, .dgram_bind = virtio_transport_dgram_bind, @@ -352,5 +352,5 @@ index 0ce65d0a4a44..6b19e308a140 100644 .stream_dequeue = virtio_transport_stream_dequeue, .stream_enqueue = virtio_transport_stream_enqueue, -- -2.43.0 +2.45.1 diff --git a/patches/0004-vsock-refactor-transport-lookup-code.patch b/patches/0004-vsock-refactor-transport-lookup-code.patch index 0144536..990114c 100644 --- a/patches/0004-vsock-refactor-transport-lookup-code.patch +++ b/patches/0004-vsock-refactor-transport-lookup-code.patch @@ -1,4 +1,4 @@ -From 538b855f9fc3be9f9dab7e5da0a4781bdb967567 Mon Sep 17 00:00:00 2001 +From 7edf115e626ba445d3c371911820cdf3b779179d Mon Sep 17 00:00:00 2001 From: Bobby Eshleman <bobby.eshleman () bytedance ! com> Date: Sat, 10 Jun 2023 00:58:29 +0000 Subject: [PATCH 04/15] vsock: refactor transport lookup code @@ -57,5 +57,5 @@ index c66d3def5e6e..813588bee10f 100644 default: return -ESOCKTNOSUPPORT; -- -2.43.0 +2.45.1 diff --git a/patches/0005-vsock-support-multi-transport-datagrams.patch b/patches/0005-vsock-support-multi-transport-datagrams.patch index d0eae57..5be7454 100644 --- a/patches/0005-vsock-support-multi-transport-datagrams.patch +++ b/patches/0005-vsock-support-multi-transport-datagrams.patch @@ -1,4 +1,4 @@ -From 4f00cd024f48a737478f663b81c7f8948de54f40 Mon Sep 17 00:00:00 2001 +From 1c6ba81a2fc7eacfc8622eab862fe34154526f6a Mon Sep 17 00:00:00 2001 From: Bobby Eshleman <bobby.eshleman () bytedance ! com> Date: Sat, 10 Jun 2023 00:58:30 +0000 Subject: [PATCH 05/15] vsock: support multi-transport datagrams @@ -262,10 +262,10 @@ index a83b30d366af..1a9e9a22c929 100644 .dgram_get_port = hvs_dgram_get_port, .dgram_get_length = hvs_dgram_get_length, diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c -index 06be719c7bd0..122cbaaa238c 100644 +index 332d6d580cba..4e138ad3c113 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c -@@ -428,7 +428,6 @@ static struct virtio_transport virtio_transport = { +@@ -429,7 +429,6 @@ static struct virtio_transport virtio_transport = { .shutdown = virtio_transport_shutdown, .cancel_pkt = virtio_transport_cancel_pkt, @@ -304,5 +304,5 @@ index 6b19e308a140..21a4debde550 100644 .dgram_allow = virtio_transport_dgram_allow, .dgram_get_cid = virtio_transport_dgram_get_cid, -- -2.43.0 +2.45.1 diff --git a/patches/0006-vsock-make-vsock-bind-reusable.patch b/patches/0006-vsock-make-vsock-bind-reusable.patch index 9cb67b3..5aa54e7 100644 --- a/patches/0006-vsock-make-vsock-bind-reusable.patch +++ b/patches/0006-vsock-make-vsock-bind-reusable.patch @@ -1,4 +1,4 @@ -From c49b3d0e7225760761fb2954e8aa4203ccff1357 Mon Sep 17 00:00:00 2001 +From 9b5fadb3aa13c529323c684c6b7e9f91d184f43e Mon Sep 17 00:00:00 2001 From: Bobby Eshleman <bobby.eshleman () bytedance ! com> Date: Sat, 10 Jun 2023 00:58:31 +0000 Subject: [PATCH 06/15] vsock: make vsock bind reusable @@ -102,5 +102,5 @@ index 2567641a829f..034c3db91fc3 100644 struct sockaddr_vm *addr) { -- -2.43.0 +2.45.1 diff --git a/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch b/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch index c6377f7..631fe20 100644 --- a/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch +++ b/patches/0007-virtio-vsock-add-VIRTIO_VSOCK_F_DGRAM-feature-bit.patch @@ -1,4 +1,4 @@ -From 14b1b9edb983893c05d5b22f25158ee247846df5 Mon Sep 17 00:00:00 2001 +From 53285b9ceaab26da36945e7a60fb5397acd2f02d Mon Sep 17 00:00:00 2001 From: Bobby Eshleman <bobby.eshleman () bytedance ! com> Date: Sat, 10 Jun 2023 00:58:32 +0000 Subject: [PATCH 07/15] virtio/vsock: add VIRTIO_VSOCK_F_DGRAM feature bit @@ -24,5 +24,5 @@ index 64738838bee5..9c25f267bbc0 100644 struct virtio_vsock_config { __le64 guest_cid; -- -2.43.0 +2.45.1 diff --git a/patches/0008-virtio-vsock-support-dgrams.patch b/patches/0008-virtio-vsock-support-dgrams.patch index fec7bbd..1fdf5eb 100644 --- a/patches/0008-virtio-vsock-support-dgrams.patch +++ b/patches/0008-virtio-vsock-support-dgrams.patch @@ -1,4 +1,4 @@ -From fbce22997243ced7c34ad7202d93362332875a38 Mon Sep 17 00:00:00 2001 +From fffe341670a4c18182d59ce9e0c415c8e83dd7e9 Mon Sep 17 00:00:00 2001 From: Bobby Eshleman <bobby.eshleman () bytedance ! com> Date: Sat, 10 Jun 2023 00:58:33 +0000 Subject: [PATCH 08/15] virtio/vsock: support dgrams @@ -283,7 +283,7 @@ index 034c3db91fc3..c59bbd0e1e1c 100644 default: diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c -index 122cbaaa238c..7ca9ca0d0d84 100644 +index 4e138ad3c113..3dd63dc8f6b7 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -63,6 +63,7 @@ struct virtio_vsock { @@ -294,7 +294,7 @@ index 122cbaaa238c..7ca9ca0d0d84 100644 }; static u32 virtio_transport_get_local_cid(void) -@@ -413,6 +414,7 @@ static void virtio_vsock_rx_done(struct virtqueue *vq) +@@ -414,6 +415,7 @@ static void virtio_vsock_rx_done(struct virtqueue *vq) queue_work(virtio_vsock_workqueue, &vsock->rx_work); } @@ -302,7 +302,7 @@ index 122cbaaa238c..7ca9ca0d0d84 100644 static bool virtio_transport_seqpacket_allow(u32 remote_cid); static struct virtio_transport virtio_transport = { -@@ -466,6 +468,21 @@ static struct virtio_transport virtio_transport = { +@@ -467,6 +469,21 @@ static struct virtio_transport virtio_transport = { .send_pkt = virtio_transport_send_pkt, }; @@ -324,7 +324,7 @@ index 122cbaaa238c..7ca9ca0d0d84 100644 static bool virtio_transport_seqpacket_allow(u32 remote_cid) { struct virtio_vsock *vsock; -@@ -673,6 +690,9 @@ static int virtio_vsock_probe(struct virtio_device *vdev) +@@ -674,6 +691,9 @@ static int virtio_vsock_probe(struct virtio_device *vdev) if (virtio_has_feature(vdev, VIRTIO_VSOCK_F_SEQPACKET)) vsock->seqpacket_allow = true; @@ -334,7 +334,7 @@ index 122cbaaa238c..7ca9ca0d0d84 100644 vdev->priv = vsock; ret = virtio_vsock_vqs_init(vsock); -@@ -767,7 +787,8 @@ static struct virtio_device_id id_table[] = { +@@ -768,7 +788,8 @@ static struct virtio_device_id id_table[] = { }; static unsigned int features[] = { @@ -741,5 +741,5 @@ index 21a4debde550..20f5b123bde5 100644 { return true; -- -2.43.0 +2.45.1 diff --git a/patches/0009-tests-add-vsock-dgram-tests.patch b/patches/0009-tests-add-vsock-dgram-tests.patch index 7d7b798..b5f0f73 100644 --- a/patches/0009-tests-add-vsock-dgram-tests.patch +++ b/patches/0009-tests-add-vsock-dgram-tests.patch @@ -1,4 +1,4 @@ -From 194e1c83af3be2413357eb4dd1075bf1823084ee Mon Sep 17 00:00:00 2001 +From 167a4eb71c30486127dbdffd91d525ba374a1302 Mon Sep 17 00:00:00 2001 From: Jiang Wang <jiang.wang@bytedance.com> Date: Sat, 10 Jun 2023 00:58:35 +0000 Subject: [PATCH 09/15] tests: add vsock dgram tests @@ -667,5 +667,5 @@ index 5dc7767039f6..7c66e934341a 100644 {}, }; -- -2.43.0 +2.45.1 diff --git a/patches/0010-Transparent-Socket-Impersonation-implementation.patch b/patches/0010-Transparent-Socket-Impersonation-implementation.patch index d1913a1..c7b1d29 100644 --- a/patches/0010-Transparent-Socket-Impersonation-implementation.patch +++ b/patches/0010-Transparent-Socket-Impersonation-implementation.patch @@ -1,4 +1,4 @@ -From 7dd9b9b40956914e455f8bb9ac9fd449bbe2c173 Mon Sep 17 00:00:00 2001 +From 38ff31352b912b6fb8facebc6d56f257dfb4142f Mon Sep 17 00:00:00 2001 From: Sergio Lopez <slp@redhat.com> Date: Thu, 19 May 2022 22:38:26 +0200 Subject: [PATCH 10/15] Transparent Socket Impersonation implementation @@ -1508,5 +1508,5 @@ index 000000000000..cf381734bebe + +#endif -- -2.43.0 +2.45.1 diff --git a/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch b/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch index e49ea15..3c1b52b 100644 --- a/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch +++ b/patches/0011-tsi-allow-hijacking-sockets-tsi_hijack.patch @@ -1,4 +1,4 @@ -From cd93675f1948f2ba865e4feb05c1c161ed33105a Mon Sep 17 00:00:00 2001 +From c06716b09e9f021cc0a66ded750a6daee3cd1a0f Mon Sep 17 00:00:00 2001 From: Sergio Lopez <slp@redhat.com> Date: Thu, 19 May 2022 22:42:01 +0200 Subject: [PATCH 11/15] tsi: allow hijacking sockets (tsi_hijack) @@ -69,5 +69,5 @@ index eda6c4ba7961..6cf01d7ce8f5 100644 int err; -- -2.43.0 +2.45.1