From 88c0eb46deede1a16a99a17f756d237342237df3 Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Sat, 16 Nov 2024 10:29:43 +0100 Subject: [PATCH] update to 6.6.60 update CONFIG_LSM from "yama,loadpin,safesetid,integrity" to "landlock,lockdown,yama,loadpin,safesetid,apparmor,bpf" [release 6.6.60-1mamba;Thu Nov 14 2024] --- kernel-6.6-mamba-64GB-config | 4 ++- kernel-6.6-mamba-aarch64-config | 41 +++++++++++++++++++------------ kernel-6.6-mamba-config | 38 +++++++++++++++++++---------- kernel-6.6-mamba-x86_64-config | 43 ++++++++++++++++++--------------- kernel.spec | 7 +++++- 5 files changed, 83 insertions(+), 50 deletions(-) diff --git a/kernel-6.6-mamba-64GB-config b/kernel-6.6-mamba-64GB-config index d0fd0b4..bd5320e 100644 --- a/kernel-6.6-mamba-64GB-config +++ b/kernel-6.6-mamba-64GB-config @@ -744,6 +744,7 @@ CONFIG_AS_SHA1_NI=y CONFIG_AS_SHA256_NI=y CONFIG_AS_TPAUSE=y CONFIG_AS_GFNI=y +CONFIG_AS_WRUSS=y CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y # @@ -11640,7 +11641,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,apparmor,bpf" # # Kernel hardening options @@ -12208,6 +12209,7 @@ CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y CONFIG_HAVE_DEBUG_STACKOVERFLOW=y # CONFIG_DEBUG_STACKOVERFLOW is not set CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_KASAN_SW_TAGS=y CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y CONFIG_HAVE_ARCH_KFENCE=y # CONFIG_KFENCE is not set diff --git a/kernel-6.6-mamba-aarch64-config b/kernel-6.6-mamba-aarch64-config index 1963953..748f1ef 100644 --- a/kernel-6.6-mamba-aarch64-config +++ b/kernel-6.6-mamba-aarch64-config @@ -1,15 +1,15 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.6.8 Kernel Configuration +# Linux/arm64 6.6.58 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.1 20240909" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=130200 +CONFIG_GCC_VERSION=140201 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=24100 +CONFIG_AS_VERSION=24301 CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=24100 +CONFIG_LD_VERSION=24301 CONFIG_LLD_VERSION=0 CONFIG_RUST_IS_AVAILABLE=y CONFIG_CC_CAN_LINK=y @@ -185,7 +185,7 @@ CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_HAS_INT128=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" -CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_GCC10_NO_ARRAY_BOUNDS=y CONFIG_CC_NO_ARRAY_BOUNDS=y CONFIG_ARCH_SUPPORTS_INT128=y # CONFIG_NUMA_BALANCING is not set @@ -415,7 +415,10 @@ CONFIG_ARM64_ERRATUM_2067961=y CONFIG_ARM64_ERRATUM_2441009=y CONFIG_ARM64_ERRATUM_2457168=y CONFIG_ARM64_ERRATUM_2645198=y +CONFIG_ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD=y CONFIG_ARM64_ERRATUM_2966298=y +CONFIG_ARM64_ERRATUM_3117295=y +CONFIG_ARM64_ERRATUM_3194386=y CONFIG_CAVIUM_ERRATUM_22375=y CONFIG_CAVIUM_ERRATUM_23144=y CONFIG_CAVIUM_ERRATUM_23154=y @@ -726,6 +729,7 @@ CONFIG_KVM_GENERIC_HARDWARE_ENABLING=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=y # CONFIG_NVHE_EL2_DEBUG is not set +CONFIG_CPU_MITIGATIONS=y # # General architecture-dependent options @@ -991,11 +995,11 @@ CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZO=y # CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD is not set CONFIG_ZSWAP_COMPRESSOR_DEFAULT="lzo" CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y -# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD is not set +# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED is not set # CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC is not set CONFIG_ZSWAP_ZPOOL_DEFAULT="zbud" CONFIG_ZBUD=y -CONFIG_Z3FOLD=m +# CONFIG_Z3FOLD_DEPRECATED is not set CONFIG_ZSMALLOC=y # CONFIG_ZSMALLOC_STAT is not set CONFIG_ZSMALLOC_CHAIN_SIZE=8 @@ -1037,6 +1041,7 @@ CONFIG_PAGE_REPORTING=y CONFIG_MIGRATION=y CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y CONFIG_CONTIG_ALLOC=y +CONFIG_PCP_BATCH_SCALE_MAX=5 CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_MMU_NOTIFIER=y CONFIG_KSM=y @@ -1890,7 +1895,6 @@ CONFIG_BT_BNEP_MC_FILTER=y CONFIG_BT_BNEP_PROTO_FILTER=y CONFIG_BT_CMTP=m CONFIG_BT_HIDP=m -CONFIG_BT_HS=y CONFIG_BT_LE=y CONFIG_BT_LE_L2CAP_ECRED=y CONFIG_BT_6LOWPAN=m @@ -3618,6 +3622,7 @@ CONFIG_NET_VENDOR_MICROSEMI=y CONFIG_MSCC_OCELOT_SWITCH_LIB=m CONFIG_MSCC_OCELOT_SWITCH=m CONFIG_NET_VENDOR_MICROSOFT=y +CONFIG_MICROSOFT_MANA=m CONFIG_NET_VENDOR_MYRI=y CONFIG_MYRI10GE=m CONFIG_FEALNX=m @@ -6160,8 +6165,6 @@ CONFIG_BCM_NS_THERMAL=m CONFIG_BCM_SR_THERMAL=m # end of Broadcom thermal drivers -# CONFIG_TI_SOC_THERMAL is not set - # # Samsung thermal drivers # @@ -7630,6 +7633,7 @@ CONFIG_DVB_SP2=m # Graphics support # CONFIG_APERTURE_HELPERS=y +CONFIG_SCREEN_INFO=y CONFIG_VIDEO_CMDLINE=y CONFIG_VIDEO_NOMODESET=y CONFIG_AUXDISPLAY=y @@ -7669,7 +7673,6 @@ CONFIG_DRM_DISPLAY_HDMI_HELPER=y CONFIG_DRM_DP_AUX_CHARDEV=y CONFIG_DRM_DP_CEC=y CONFIG_DRM_TTM=m -CONFIG_DRM_TTM_KUNIT_TEST=m CONFIG_DRM_EXEC=m CONFIG_DRM_BUDDY=m CONFIG_DRM_VRAM_HELPER=m @@ -8086,6 +8089,7 @@ CONFIG_FB_PROVIDE_GET_FB_UNMAPPED_AREA=y CONFIG_FB_SYS_FOPS=y CONFIG_FB_DEFERRED_IO=y CONFIG_FB_DMAMEM_HELPERS=y +CONFIG_FB_IOMEM_FOPS=y CONFIG_FB_IOMEM_HELPERS=y CONFIG_FB_SYSMEM_HELPERS=y CONFIG_FB_SYSMEM_HELPERS_DEFERRED=y @@ -9032,6 +9036,7 @@ CONFIG_HID_ZYDACRON=m CONFIG_HID_SENSOR_HUB=m CONFIG_HID_SENSOR_CUSTOM_SENSOR=m CONFIG_HID_ALPS=m +CONFIG_HID_MCP2200=m CONFIG_HID_MCP2221=m CONFIG_HID_KUNIT_TEST=m # end of Special HID drivers @@ -9562,10 +9567,8 @@ CONFIG_MMC_BCM2835=m CONFIG_MMC_MTK=m CONFIG_MMC_SDHCI_BRCMSTB=m CONFIG_MMC_SDHCI_XENON=m -CONFIG_MMC_SDHCI_OMAP=m CONFIG_MMC_SDHCI_AM654=m CONFIG_MMC_OWL=m -CONFIG_MMC_SDHCI_EXTERNAL_DMA=y CONFIG_MMC_LITEX=m CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_UFS_BSG=y @@ -9762,6 +9765,7 @@ CONFIG_INFINIBAND_ERDMA=m CONFIG_INFINIBAND_HNS=m CONFIG_INFINIBAND_HNS_HIP08=y CONFIG_INFINIBAND_IRDMA=m +CONFIG_MANA_INFINIBAND=m CONFIG_MLX4_INFINIBAND=m CONFIG_MLX5_INFINIBAND=m CONFIG_INFINIBAND_MTHCA=m @@ -10556,6 +10560,7 @@ CONFIG_SURFACE_PRO3_BUTTON=m CONFIG_SURFACE_AGGREGATOR=m CONFIG_SURFACE_AGGREGATOR_BUS=y CONFIG_SURFACE_AGGREGATOR_ERROR_INJECTION=y +# CONFIG_SERIAL_MULTI_INSTANTIATE is not set CONFIG_HAVE_CLK=y CONFIG_HAVE_CLK_PREPARE=y CONFIG_COMMON_CLK=y @@ -11429,6 +11434,7 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 CONFIG_IIO_SW_DEVICE=m CONFIG_IIO_SW_TRIGGER=m CONFIG_IIO_TRIGGERED_EVENT=m +CONFIG_IIO_BACKEND=m # # Accelerometers @@ -13007,6 +13013,9 @@ CONFIG_ENCRYPTED_KEYS=y # CONFIG_USER_DECRYPTED_DATA is not set # CONFIG_KEY_DH_OPERATIONS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y @@ -13057,7 +13066,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,apparmor,bpf" # # Kernel hardening options @@ -13109,6 +13118,7 @@ CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SIG=y CONFIG_CRYPTO_SIG2=y CONFIG_CRYPTO_SKCIPHER=y CONFIG_CRYPTO_SKCIPHER2=y @@ -13725,6 +13735,7 @@ CONFIG_HAVE_ARCH_KASAN=y CONFIG_HAVE_ARCH_KASAN_SW_TAGS=y CONFIG_HAVE_ARCH_KASAN_VMALLOC=y CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_KASAN_SW_TAGS=y CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y # CONFIG_KASAN is not set CONFIG_HAVE_ARCH_KFENCE=y diff --git a/kernel-6.6-mamba-config b/kernel-6.6-mamba-config index 7401b81..900b57c 100644 --- a/kernel-6.6-mamba-config +++ b/kernel-6.6-mamba-config @@ -1,22 +1,21 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 6.6.21 Kernel Configuration +# Linux/i386 6.6.58 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.1 20240909" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=130200 +CONFIG_GCC_VERSION=140201 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=24200 +CONFIG_AS_VERSION=24301 CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=24200 +CONFIG_LD_VERSION=24301 CONFIG_LLD_VERSION=0 CONFIG_RUST_IS_AVAILABLE=y CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y -CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y CONFIG_TOOLS_SUPPORT_RELR=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y @@ -181,7 +180,7 @@ CONFIG_UCLAMP_BUCKETS_COUNT=5 CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" -CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_GCC10_NO_ARRAY_BOUNDS=y CONFIG_CC_NO_ARRAY_BOUNDS=y CONFIG_CGROUPS=y CONFIG_PAGE_COUNTER=y @@ -499,10 +498,12 @@ CONFIG_CC_HAS_RETURN_THUNK=y CONFIG_CC_HAS_ENTRY_PADDING=y CONFIG_FUNCTION_PADDING_CFI=0 CONFIG_FUNCTION_PADDING_BYTES=4 -CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_CPU_MITIGATIONS=y CONFIG_RETPOLINE=y # CONFIG_RETHUNK is not set # CONFIG_GDS_FORCE_MITIGATION is not set +CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y # # Power management and ACPI options @@ -735,6 +736,8 @@ CONFIG_AS_SHA1_NI=y CONFIG_AS_SHA256_NI=y CONFIG_AS_TPAUSE=y CONFIG_AS_GFNI=y +CONFIG_AS_WRUSS=y +CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y # # General architecture-dependent options @@ -1006,11 +1009,11 @@ CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZO=y # CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD is not set CONFIG_ZSWAP_COMPRESSOR_DEFAULT="lzo" CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y -# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD is not set +# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED is not set # CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC is not set CONFIG_ZSWAP_ZPOOL_DEFAULT="zbud" CONFIG_ZBUD=y -CONFIG_Z3FOLD=m +# CONFIG_Z3FOLD_DEPRECATED is not set CONFIG_ZSMALLOC=y # CONFIG_ZSMALLOC_STAT is not set CONFIG_ZSMALLOC_CHAIN_SIZE=8 @@ -1047,6 +1050,7 @@ CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 CONFIG_PAGE_REPORTING=y CONFIG_MIGRATION=y CONFIG_CONTIG_ALLOC=y +CONFIG_PCP_BATCH_SCALE_MAX=5 CONFIG_BOUNCE=y CONFIG_MMU_NOTIFIER=y CONFIG_KSM=y @@ -1900,7 +1904,6 @@ CONFIG_BT_BNEP_MC_FILTER=y CONFIG_BT_BNEP_PROTO_FILTER=y CONFIG_BT_CMTP=m CONFIG_BT_HIDP=m -CONFIG_BT_HS=y CONFIG_BT_LE=y CONFIG_BT_LE_L2CAP_ECRED=y CONFIG_BT_6LOWPAN=m @@ -7102,6 +7105,7 @@ CONFIG_DVB_SP2=m # Graphics support # CONFIG_APERTURE_HELPERS=y +CONFIG_SCREEN_INFO=y CONFIG_VIDEO_CMDLINE=y CONFIG_VIDEO_NOMODESET=y CONFIG_AUXDISPLAY=y @@ -7155,7 +7159,6 @@ CONFIG_DRM_DISPLAY_HDMI_HELPER=y CONFIG_DRM_DP_AUX_CHARDEV=y CONFIG_DRM_DP_CEC=y CONFIG_DRM_TTM=m -CONFIG_DRM_TTM_KUNIT_TEST=m CONFIG_DRM_EXEC=m CONFIG_DRM_BUDDY=m CONFIG_DRM_VRAM_HELPER=m @@ -7518,6 +7521,7 @@ CONFIG_FB_SYS_IMAGEBLIT=y CONFIG_FB_SYS_FOPS=y CONFIG_FB_DEFERRED_IO=y CONFIG_FB_DMAMEM_HELPERS=y +CONFIG_FB_IOMEM_FOPS=y CONFIG_FB_IOMEM_HELPERS=y CONFIG_FB_SYSMEM_HELPERS=y CONFIG_FB_SYSMEM_HELPERS_DEFERRED=y @@ -8550,6 +8554,7 @@ CONFIG_HID_ZYDACRON=m CONFIG_HID_SENSOR_HUB=m CONFIG_HID_SENSOR_CUSTOM_SENSOR=m CONFIG_HID_ALPS=m +CONFIG_HID_MCP2200=m CONFIG_HID_MCP2221=m CONFIG_HID_KUNIT_TEST=m # end of Special HID drivers @@ -10255,6 +10260,7 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 CONFIG_IIO_SW_DEVICE=m CONFIG_IIO_SW_TRIGGER=m CONFIG_IIO_TRIGGERED_EVENT=m +CONFIG_IIO_BACKEND=m # # Accelerometers @@ -11520,6 +11526,9 @@ CONFIG_ENCRYPTED_KEYS=m # CONFIG_USER_DECRYPTED_DATA is not set # CONFIG_KEY_DH_OPERATIONS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y @@ -11570,7 +11579,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,apparmor,bpf" # # Kernel hardening options @@ -11620,6 +11629,7 @@ CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=m CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SIG=y CONFIG_CRYPTO_SIG2=y CONFIG_CRYPTO_SKCIPHER=y CONFIG_CRYPTO_SKCIPHER2=y @@ -12074,6 +12084,7 @@ CONFIG_FRAME_WARN=1024 # CONFIG_HEADERS_INSTALL is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_FRAME_POINTER=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set # end of Compile-time checks and compiler options @@ -12138,6 +12149,7 @@ CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y CONFIG_HAVE_DEBUG_STACKOVERFLOW=y # CONFIG_DEBUG_STACKOVERFLOW is not set CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_KASAN_SW_TAGS=y CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y CONFIG_HAVE_ARCH_KFENCE=y # CONFIG_KFENCE is not set diff --git a/kernel-6.6-mamba-x86_64-config b/kernel-6.6-mamba-x86_64-config index 1276157..b0449a5 100644 --- a/kernel-6.6-mamba-x86_64-config +++ b/kernel-6.6-mamba-x86_64-config @@ -1,15 +1,15 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 6.6.8 Kernel Configuration +# Linux/x86_64 6.6.58 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.1 20240909" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=130200 +CONFIG_GCC_VERSION=140201 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=24100 +CONFIG_AS_VERSION=24301 CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=24100 +CONFIG_LD_VERSION=24301 CONFIG_LLD_VERSION=0 CONFIG_RUST_IS_AVAILABLE=y CONFIG_CC_CAN_LINK=y @@ -187,7 +187,7 @@ CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_HAS_INT128=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" -CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_GCC10_NO_ARRAY_BOUNDS=y CONFIG_CC_NO_ARRAY_BOUNDS=y CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_NUMA_BALANCING=y @@ -451,7 +451,6 @@ CONFIG_X86_DIRECT_GBPAGES=y # CONFIG_X86_CPA_STATISTICS is not set CONFIG_X86_MEM_ENCRYPT=y CONFIG_AMD_MEM_ENCRYPT=y -CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y CONFIG_NUMA=y CONFIG_AMD_NUMA=y CONFIG_X86_64_ACPI_NUMA=y @@ -526,7 +525,7 @@ CONFIG_CALL_PADDING=y CONFIG_HAVE_CALL_THUNKS=y CONFIG_CALL_THUNKS=y CONFIG_PREFIX_SYMBOLS=y -CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_CPU_MITIGATIONS=y CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_RETPOLINE=y CONFIG_RETHUNK=y @@ -538,6 +537,8 @@ CONFIG_CPU_IBRS_ENTRY=y CONFIG_CPU_SRSO=y CONFIG_SLS=y # CONFIG_GDS_FORCE_MITIGATION is not set +CONFIG_MITIGATION_RFDS=y +CONFIG_MITIGATION_SPECTRE_BHI=y CONFIG_ARCH_HAS_ADD_PAGES=y # @@ -757,6 +758,7 @@ CONFIG_AS_SHA256_NI=y CONFIG_AS_TPAUSE=y CONFIG_AS_GFNI=y CONFIG_AS_WRUSS=y +CONFIG_ARCH_CONFIGURES_CPU_MITIGATIONS=y # # General architecture-dependent options @@ -1056,11 +1058,11 @@ CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZO=y # CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD is not set CONFIG_ZSWAP_COMPRESSOR_DEFAULT="lzo" CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y -# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD is not set +# CONFIG_ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED is not set # CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC is not set CONFIG_ZSWAP_ZPOOL_DEFAULT="zbud" CONFIG_ZBUD=y -CONFIG_Z3FOLD=m +# CONFIG_Z3FOLD_DEPRECATED is not set CONFIG_ZSMALLOC=y # CONFIG_ZSMALLOC_STAT is not set CONFIG_ZSMALLOC_CHAIN_SIZE=8 @@ -1110,6 +1112,7 @@ CONFIG_DEVICE_MIGRATION=y CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y CONFIG_ARCH_ENABLE_THP_MIGRATION=y CONFIG_CONTIG_ALLOC=y +CONFIG_PCP_BATCH_SCALE_MAX=5 CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_MMU_NOTIFIER=y CONFIG_KSM=y @@ -1975,7 +1978,6 @@ CONFIG_BT_BNEP_MC_FILTER=y CONFIG_BT_BNEP_PROTO_FILTER=y CONFIG_BT_CMTP=m CONFIG_BT_HIDP=m -CONFIG_BT_HS=y CONFIG_BT_LE=y CONFIG_BT_LE_L2CAP_ECRED=y CONFIG_BT_6LOWPAN=m @@ -4529,7 +4531,6 @@ CONFIG_TOUCHSCREEN_PENMOUNT=m CONFIG_TOUCHSCREEN_EDT_FT5X06=m CONFIG_TOUCHSCREEN_TOUCHRIGHT=m CONFIG_TOUCHSCREEN_TOUCHWIN=m -CONFIG_TOUCHSCREEN_TI_AM335X_TSC=m CONFIG_TOUCHSCREEN_PIXCIR=m CONFIG_TOUCHSCREEN_WDT87XX_I2C=m CONFIG_TOUCHSCREEN_WM831X=m @@ -5758,7 +5759,6 @@ CONFIG_INTEL_TCC_COOLING=m CONFIG_INTEL_HFI_THERMAL=y # end of Intel thermal drivers -# CONFIG_TI_SOC_THERMAL is not set CONFIG_GENERIC_ADC_THERMAL=m CONFIG_WATCHDOG=y CONFIG_WATCHDOG_CORE=y @@ -6001,7 +6001,6 @@ CONFIG_STMPE_SPI=y # end of STMicroelectronics STMPE Interface Drivers CONFIG_MFD_SYSCON=y -CONFIG_MFD_TI_AM335X_TSCADC=m CONFIG_MFD_LP3943=m CONFIG_MFD_LP8788=y CONFIG_MFD_TI_LMU=m @@ -7123,6 +7122,7 @@ CONFIG_DVB_SP2=m # Graphics support # CONFIG_APERTURE_HELPERS=y +CONFIG_SCREEN_INFO=y CONFIG_VIDEO_CMDLINE=y CONFIG_VIDEO_NOMODESET=y CONFIG_AUXDISPLAY=y @@ -7170,7 +7170,6 @@ CONFIG_DRM_DISPLAY_HDMI_HELPER=y CONFIG_DRM_DP_AUX_CHARDEV=y CONFIG_DRM_DP_CEC=y CONFIG_DRM_TTM=m -CONFIG_DRM_TTM_KUNIT_TEST=m CONFIG_DRM_EXEC=m CONFIG_DRM_BUDDY=m CONFIG_DRM_VRAM_HELPER=m @@ -7532,6 +7531,7 @@ CONFIG_FB_SYS_IMAGEBLIT=y CONFIG_FB_SYS_FOPS=y CONFIG_FB_DEFERRED_IO=y CONFIG_FB_DMAMEM_HELPERS=y +CONFIG_FB_IOMEM_FOPS=y CONFIG_FB_IOMEM_HELPERS=y CONFIG_FB_SYSMEM_HELPERS=y CONFIG_FB_SYSMEM_HELPERS_DEFERRED=y @@ -8523,6 +8523,7 @@ CONFIG_HID_ZYDACRON=m CONFIG_HID_SENSOR_HUB=m CONFIG_HID_SENSOR_CUSTOM_SENSOR=m CONFIG_HID_ALPS=m +CONFIG_HID_MCP2200=m CONFIG_HID_MCP2221=m CONFIG_HID_KUNIT_TEST=m # end of Special HID drivers @@ -9034,9 +9035,6 @@ CONFIG_MMC_HSQ=m CONFIG_MMC_TOSHIBA_PCI=m CONFIG_MMC_MTK=m CONFIG_MMC_SDHCI_XENON=m -CONFIG_MMC_SDHCI_OMAP=m -CONFIG_MMC_SDHCI_AM654=m -CONFIG_MMC_SDHCI_EXTERNAL_DMA=y CONFIG_MMC_LITEX=m CONFIG_SCSI_UFSHCD=m # CONFIG_SCSI_UFS_BSG is not set @@ -10337,6 +10335,7 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 CONFIG_IIO_SW_DEVICE=m CONFIG_IIO_SW_TRIGGER=m CONFIG_IIO_TRIGGERED_EVENT=m +CONFIG_IIO_BACKEND=m # # Accelerometers @@ -10487,7 +10486,6 @@ CONFIG_TI_ADS8344=m CONFIG_TI_ADS8688=m CONFIG_TI_ADS124S08=m CONFIG_TI_ADS131E08=m -CONFIG_TI_AM335X_ADC=m CONFIG_TI_LMP92064=m CONFIG_TI_TLC4541=m CONFIG_TI_TSC2046=m @@ -11631,6 +11629,9 @@ CONFIG_ENCRYPTED_KEYS=m # CONFIG_USER_DECRYPTED_DATA is not set # CONFIG_KEY_DH_OPERATIONS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y @@ -11681,7 +11682,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,apparmor,bpf" # # Kernel hardening options @@ -11731,6 +11732,7 @@ CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=m CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SIG=y CONFIG_CRYPTO_SIG2=y CONFIG_CRYPTO_SKCIPHER=y CONFIG_CRYPTO_SKCIPHER2=y @@ -12295,6 +12297,7 @@ CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y CONFIG_HAVE_ARCH_KASAN=y CONFIG_HAVE_ARCH_KASAN_VMALLOC=y CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_KASAN_SW_TAGS=y CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y # CONFIG_KASAN is not set CONFIG_HAVE_ARCH_KFENCE=y diff --git a/kernel.spec b/kernel.spec index 0045d19..e146773 100644 --- a/kernel.spec +++ b/kernel.spec @@ -95,7 +95,7 @@ %define _use_internal_dependency_generator 1 Name: kernel -Version: 6.6.58 +Version: 6.6.60 Release: 1mamba Summary: The Linux Kernel, the operating system core itself Group: System/Kernel and Hardware @@ -116,6 +116,7 @@ URL: https://www.kernel.org/ License: GPL ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel +BuildRequires: libelf-devel BuildRequires: libopenssl-devel BuildRequires: libperl BuildRequires: perl-Encode @@ -598,6 +599,10 @@ fi /lib/modules/%{kernel_ver}%{?KERNEL_LOCALVER}/build %changelog +* Thu Nov 14 2024 Silvan Calarco 6.6.60-1mamba +- update to 6.6.60 +- update CONFIG_LSM from "yama,loadpin,safesetid,integrity" to "landlock,lockdown,yama,loadpin,safesetid,apparmor,bpf" + * Fri Nov 01 2024 Silvan Calarco 6.6.58-1mamba - update to 6.6.58 - ghost /boot/initramfs-* and generated modules.* files