[11/11] Kernel: Update rootfile for x86_64

Message ID 1b36a9fd-18a3-ffd2-4c95-34bbe75ca754@ipfire.org
State Dropped
Headers
Series Kernel: Improve hardening |

Commit Message

Peter Müller March 19, 2022, 9:11 p.m. UTC
  Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/rootfiles/common/x86_64/linux | 33 ++++++++++++++++------------
 1 file changed, 19 insertions(+), 14 deletions(-)
  

Patch

diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
index a01af1fc4..85d8ffc66 100644
--- a/config/rootfiles/common/x86_64/linux
+++ b/config/rootfiles/common/x86_64/linux
@@ -6408,6 +6408,7 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/ALX
 #lib/modules/KVER-ipfire/build/include/config/AMD8111_ETH
 #lib/modules/KVER-ipfire/build/include/config/AMD_IOMMU
+#lib/modules/KVER-ipfire/build/include/config/AMD_IOMMU_V2
 #lib/modules/KVER-ipfire/build/include/config/AMD_NB
 #lib/modules/KVER-ipfire/build/include/config/AMD_PHY
 #lib/modules/KVER-ipfire/build/include/config/AMD_PMC
@@ -6680,7 +6681,6 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/BLK_DEV_INITRD
 #lib/modules/KVER-ipfire/build/include/config/BLK_DEV_INTEGRITY
 #lib/modules/KVER-ipfire/build/include/config/BLK_DEV_INTEGRITY_T10
-#lib/modules/KVER-ipfire/build/include/config/BLK_DEV_IO_TRACE
 #lib/modules/KVER-ipfire/build/include/config/BLK_DEV_LOOP
 #lib/modules/KVER-ipfire/build/include/config/BLK_DEV_LOOP_MIN_COUNT
 #lib/modules/KVER-ipfire/build/include/config/BLK_DEV_MD
@@ -6763,6 +6763,7 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/BTRFS_FS_POSIX_ACL
 #lib/modules/KVER-ipfire/build/include/config/BTT
 #lib/modules/KVER-ipfire/build/include/config/BUG
+#lib/modules/KVER-ipfire/build/include/config/BUG_ON_DATA_CORRUPTION
 #lib/modules/KVER-ipfire/build/include/config/BUILDTIME_TABLE_SORT
 #lib/modules/KVER-ipfire/build/include/config/BUILD_SALT
 #lib/modules/KVER-ipfire/build/include/config/CACHEFILES
@@ -6786,6 +6787,7 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/CC_HAS_NO_PROFILE_FN_ATTR
 #lib/modules/KVER-ipfire/build/include/config/CC_HAS_SANCOV_TRACE_PC
 #lib/modules/KVER-ipfire/build/include/config/CC_HAS_SANE_STACKPROTECTOR
+#lib/modules/KVER-ipfire/build/include/config/CC_HAS_UBSAN_BOUNDS
 #lib/modules/KVER-ipfire/build/include/config/CC_HAS_WORKING_NOSANITIZE_ADDRESS
 #lib/modules/KVER-ipfire/build/include/config/CC_HAS_ZERO_CALL_USED_REGS
 #lib/modules/KVER-ipfire/build/include/config/CC_IS_GCC
@@ -7086,6 +7088,7 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/DEBUG_FS
 #lib/modules/KVER-ipfire/build/include/config/DEBUG_FS_ALLOW_ALL
 #lib/modules/KVER-ipfire/build/include/config/DEBUG_KERNEL
+#lib/modules/KVER-ipfire/build/include/config/DEBUG_LIST
 #lib/modules/KVER-ipfire/build/include/config/DEBUG_MISC
 #lib/modules/KVER-ipfire/build/include/config/DEBUG_WX
 #lib/modules/KVER-ipfire/build/include/config/DECOMPRESS_BZIP2
@@ -7417,10 +7420,6 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/DYNAMIC_DEBUG
 #lib/modules/KVER-ipfire/build/include/config/DYNAMIC_DEBUG_CORE
 #lib/modules/KVER-ipfire/build/include/config/DYNAMIC_EVENTS
-#lib/modules/KVER-ipfire/build/include/config/DYNAMIC_FTRACE
-#lib/modules/KVER-ipfire/build/include/config/DYNAMIC_FTRACE_WITH_ARGS
-#lib/modules/KVER-ipfire/build/include/config/DYNAMIC_FTRACE_WITH_DIRECT_CALLS
-#lib/modules/KVER-ipfire/build/include/config/DYNAMIC_FTRACE_WITH_REGS
 #lib/modules/KVER-ipfire/build/include/config/DYNAMIC_MEMORY_LAYOUT
 #lib/modules/KVER-ipfire/build/include/config/E100
 #lib/modules/KVER-ipfire/build/include/config/E1000
@@ -7589,14 +7588,9 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/FS_MBCACHE
 #lib/modules/KVER-ipfire/build/include/config/FS_POSIX_ACL
 #lib/modules/KVER-ipfire/build/include/config/FTRACE
-#lib/modules/KVER-ipfire/build/include/config/FTRACE_MCOUNT_RECORD
-#lib/modules/KVER-ipfire/build/include/config/FTRACE_MCOUNT_USE_CC
 #lib/modules/KVER-ipfire/build/include/config/FTRACE_SYSCALLS
 #lib/modules/KVER-ipfire/build/include/config/FUJITSU_ES
 #lib/modules/KVER-ipfire/build/include/config/FUJITSU_LAPTOP
-#lib/modules/KVER-ipfire/build/include/config/FUNCTION_GRAPH_TRACER
-#lib/modules/KVER-ipfire/build/include/config/FUNCTION_PROFILER
-#lib/modules/KVER-ipfire/build/include/config/FUNCTION_TRACER
 #lib/modules/KVER-ipfire/build/include/config/FUSE_FS
 #lib/modules/KVER-ipfire/build/include/config/FUSION
 #lib/modules/KVER-ipfire/build/include/config/FUSION_CTL
@@ -8070,6 +8064,7 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/INTEL_IOATDMA
 #lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU
 #lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU_FLOPPY_WA
+#lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU_SVM
 #lib/modules/KVER-ipfire/build/include/config/INTEL_IPS
 #lib/modules/KVER-ipfire/build/include/config/INTEL_ISH_HID
 #lib/modules/KVER-ipfire/build/include/config/INTEL_LDMA
@@ -8090,6 +8085,7 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/IOMMU_IOVA
 #lib/modules/KVER-ipfire/build/include/config/IOMMU_IO_PGTABLE
 #lib/modules/KVER-ipfire/build/include/config/IOMMU_SUPPORT
+#lib/modules/KVER-ipfire/build/include/config/IOMMU_SVA_LIB
 #lib/modules/KVER-ipfire/build/include/config/IONIC
 #lib/modules/KVER-ipfire/build/include/config/IOSCHED_BFQ
 #lib/modules/KVER-ipfire/build/include/config/IOSF_MBI
@@ -8345,7 +8341,6 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/LAN743X
 #lib/modules/KVER-ipfire/build/include/config/LCD_CLASS_DEVICE
 #lib/modules/KVER-ipfire/build/include/config/LCD_PLATFORM
-#lib/modules/KVER-ipfire/build/include/config/LDISC_AUTOLOAD
 #lib/modules/KVER-ipfire/build/include/config/LDM_PARTITION
 #lib/modules/KVER-ipfire/build/include/config/LD_IS_BFD
 #lib/modules/KVER-ipfire/build/include/config/LD_ORPHAN_WARN
@@ -8414,6 +8409,7 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/LOCKD_V4
 #lib/modules/KVER-ipfire/build/include/config/LOCKUP_DETECTOR
 #lib/modules/KVER-ipfire/build/include/config/LOCK_DEBUGGING_SUPPORT
+#lib/modules/KVER-ipfire/build/include/config/LOCK_DOWN_KERNEL_FORCE_INTEGRITY
 #lib/modules/KVER-ipfire/build/include/config/LOCK_EVENT_COUNTS
 #lib/modules/KVER-ipfire/build/include/config/LOCK_SPIN_ON_OWNER
 #lib/modules/KVER-ipfire/build/include/config/LOGO
@@ -9867,6 +9863,11 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/SECURITY
 #lib/modules/KVER-ipfire/build/include/config/SECURITYFS
 #lib/modules/KVER-ipfire/build/include/config/SECURITY_DMESG_RESTRICT
+#lib/modules/KVER-ipfire/build/include/config/SECURITY_LOADPIN
+#lib/modules/KVER-ipfire/build/include/config/SECURITY_LOADPIN_ENFORCE
+#lib/modules/KVER-ipfire/build/include/config/SECURITY_LOCKDOWN_LSM
+#lib/modules/KVER-ipfire/build/include/config/SECURITY_LOCKDOWN_LSM_EARLY
+#lib/modules/KVER-ipfire/build/include/config/SECURITY_SAFESETID
 #lib/modules/KVER-ipfire/build/include/config/SELECT_MEMORY_MODEL
 #lib/modules/KVER-ipfire/build/include/config/SENSORS_ABITUGURU
 #lib/modules/KVER-ipfire/build/include/config/SENSORS_ABITUGURU3
@@ -10345,7 +10346,6 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/STACKPROTECTOR_STRONG
 #lib/modules/KVER-ipfire/build/include/config/STACKTRACE
 #lib/modules/KVER-ipfire/build/include/config/STACKTRACE_SUPPORT
-#lib/modules/KVER-ipfire/build/include/config/STACK_TRACER
 #lib/modules/KVER-ipfire/build/include/config/STACK_VALIDATION
 #lib/modules/KVER-ipfire/build/include/config/STAGING
 #lib/modules/KVER-ipfire/build/include/config/STANDALONE
@@ -10395,8 +10395,6 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/SYS_HYPERVISOR
 #lib/modules/KVER-ipfire/build/include/config/TAP
 #lib/modules/KVER-ipfire/build/include/config/TASKSTATS
-#lib/modules/KVER-ipfire/build/include/config/TASKS_RCU_GENERIC
-#lib/modules/KVER-ipfire/build/include/config/TASKS_RUDE_RCU
 #lib/modules/KVER-ipfire/build/include/config/TASK_DELAY_ACCT
 #lib/modules/KVER-ipfire/build/include/config/TASK_IO_ACCOUNTING
 #lib/modules/KVER-ipfire/build/include/config/TASK_XACCT
@@ -10502,6 +10500,13 @@  etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/TYPEC_TCPM
 #lib/modules/KVER-ipfire/build/include/config/TYPEC_UCSI
 #lib/modules/KVER-ipfire/build/include/config/TYPHOON
+#lib/modules/KVER-ipfire/build/include/config/UBSAN
+#lib/modules/KVER-ipfire/build/include/config/UBSAN_BOOL
+#lib/modules/KVER-ipfire/build/include/config/UBSAN_BOUNDS
+#lib/modules/KVER-ipfire/build/include/config/UBSAN_ENUM
+#lib/modules/KVER-ipfire/build/include/config/UBSAN_ONLY_BOUNDS
+#lib/modules/KVER-ipfire/build/include/config/UBSAN_SANITIZE_ALL
+#lib/modules/KVER-ipfire/build/include/config/UBSAN_SHIFT
 #lib/modules/KVER-ipfire/build/include/config/UCS2_STRING
 #lib/modules/KVER-ipfire/build/include/config/UCSI_ACPI
 #lib/modules/KVER-ipfire/build/include/config/UDF_FS