From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/2] linux: Update to 6.1.24
Date: Wed, 19 Apr 2023 10:26:41 +0100 [thread overview]
Message-ID: <AF96E182-E745-487C-B2A6-67459EB7B4B6@ipfire.org> (raw)
In-Reply-To: <bbaa2b95-f35a-7108-b007-50c121112075@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 9355 bytes --]
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
> On 18 Apr 2023, at 21:51, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> Compiling the kernel has automatically introduced
> CONFIG_INIT_STACK_ALL_ZERO=y and removed GCC's structleak plugin (not to
> be confused with its stackleak counterpart). However, according to
> related documentation, this neither introduces a security nor
> performance disadvantage.
>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/kernel/kernel.config.aarch64-ipfire | 24 ++++++++++------------
> config/kernel/kernel.config.x86_64-ipfire | 24 ++++++++++------------
> config/rootfiles/common/x86_64/linux | 4 ----
> lfs/linux | 4 ++--
> 4 files changed, 24 insertions(+), 32 deletions(-)
>
> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
> index 9fbe4b7a2..7e3918d84 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -1,15 +1,15 @@
> #
> # Automatically generated file; DO NOT EDIT.
> -# Linux/arm64 6.1.6-ipfire Kernel Configuration
> +# Linux/arm64 6.1.24-ipfire Kernel Configuration
> #
> -CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.3.0"
> +CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0"
> CONFIG_CC_IS_GCC=y
> -CONFIG_GCC_VERSION=110300
> +CONFIG_GCC_VERSION=120200
> CONFIG_CLANG_VERSION=0
> CONFIG_AS_IS_GNU=y
> -CONFIG_AS_VERSION=23900
> +CONFIG_AS_VERSION=24000
> CONFIG_LD_IS_BFD=y
> -CONFIG_LD_VERSION=23900
> +CONFIG_LD_VERSION=24000
> CONFIG_LLD_VERSION=0
> CONFIG_CC_CAN_LINK=y
> CONFIG_CC_CAN_LINK_STATIC=y
> @@ -1536,7 +1536,6 @@ CONFIG_DEFAULT_NET_SCH="fq_codel"
> #
> CONFIG_NET_CLS=y
> CONFIG_NET_CLS_BASIC=m
> -CONFIG_NET_CLS_TCINDEX=m
> CONFIG_NET_CLS_ROUTE4=m
> CONFIG_NET_CLS_FW=m
> CONFIG_NET_CLS_U32=m
> @@ -3544,7 +3543,6 @@ CONFIG_SERIAL_ARC=m
> CONFIG_SERIAL_ARC_NR_PORTS=1
> # CONFIG_SERIAL_RP2 is not set
> CONFIG_SERIAL_FSL_LPUART=m
> -CONFIG_SERIAL_FSL_LPUART_CONSOLE=y
> CONFIG_SERIAL_FSL_LINFLEXUART=y
> CONFIG_SERIAL_FSL_LINFLEXUART_CONSOLE=y
> # CONFIG_SERIAL_CONEXANT_DIGICOLOR is not set
> @@ -5463,7 +5461,6 @@ CONFIG_DVB_SP2=m
> CONFIG_APERTURE_HELPERS=y
> CONFIG_DRM=m
> CONFIG_DRM_MIPI_DSI=y
> -CONFIG_DRM_USE_DYNAMIC_DEBUG=y
> CONFIG_DRM_KMS_HELPER=m
> # CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set
> CONFIG_DRM_DEBUG_MODESET_LOCK=y
> @@ -5943,6 +5940,7 @@ CONFIG_SND_HDA_CODEC_SI3054=m
> CONFIG_SND_HDA_GENERIC=m
> CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0
> # CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set
> +# CONFIG_SND_HDA_CTL_DEV_ID is not set
> # end of HD-Audio
>
> CONFIG_SND_HDA_CORE=m
> @@ -7937,16 +7935,16 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf"
> #
> # Kernel hardening options
> #
> -CONFIG_GCC_PLUGIN_STRUCTLEAK=y
>
> #
> # Memory initialization
> #
> +CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y
> +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y
> +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y
> # CONFIG_INIT_STACK_NONE is not set
> -# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set
> -# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
> -CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
> -# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
> +# CONFIG_INIT_STACK_ALL_PATTERN is not set
> +CONFIG_INIT_STACK_ALL_ZERO=y
> # CONFIG_GCC_PLUGIN_STACKLEAK is not set
> CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
> # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
> index 988ec980b..867e99e9f 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -1,15 +1,15 @@
> #
> # Automatically generated file; DO NOT EDIT.
> -# Linux/x86 6.1.6 Kernel Configuration
> +# Linux/x86 6.1.24-ipfire Kernel Configuration
> #
> -CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.3.0"
> +CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0"
> CONFIG_CC_IS_GCC=y
> -CONFIG_GCC_VERSION=110300
> +CONFIG_GCC_VERSION=120200
> CONFIG_CLANG_VERSION=0
> CONFIG_AS_IS_GNU=y
> -CONFIG_AS_VERSION=23900
> +CONFIG_AS_VERSION=24000
> CONFIG_LD_IS_BFD=y
> -CONFIG_LD_VERSION=23900
> +CONFIG_LD_VERSION=24000
> CONFIG_LLD_VERSION=0
> CONFIG_CC_CAN_LINK=y
> CONFIG_CC_CAN_LINK_STATIC=y
> @@ -1579,7 +1579,6 @@ CONFIG_DEFAULT_NET_SCH="fq_codel"
> #
> CONFIG_NET_CLS=y
> CONFIG_NET_CLS_BASIC=m
> -CONFIG_NET_CLS_TCINDEX=m
> CONFIG_NET_CLS_ROUTE4=m
> CONFIG_NET_CLS_FW=m
> CONFIG_NET_CLS_U32=m
> @@ -3444,7 +3443,6 @@ CONFIG_SERIAL_ARC_NR_PORTS=1
> CONFIG_SERIAL_RP2=m
> CONFIG_SERIAL_RP2_NR_UARTS=32
> CONFIG_SERIAL_FSL_LPUART=m
> -CONFIG_SERIAL_FSL_LPUART_CONSOLE=y
> CONFIG_SERIAL_FSL_LINFLEXUART=m
> CONFIG_SERIAL_SPRD=m
> # end of Serial drivers
> @@ -5171,7 +5169,6 @@ CONFIG_INTEL_GTT=y
> CONFIG_VGA_SWITCHEROO=y
> CONFIG_DRM=m
> CONFIG_DRM_MIPI_DSI=y
> -CONFIG_DRM_USE_DYNAMIC_DEBUG=y
> CONFIG_DRM_KMS_HELPER=m
> # CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set
> # CONFIG_DRM_DEBUG_MODESET_LOCK is not set
> @@ -5614,6 +5611,7 @@ CONFIG_SND_HDA_CODEC_SI3054=m
> CONFIG_SND_HDA_GENERIC=m
> CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0
> # CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set
> +# CONFIG_SND_HDA_CTL_DEV_ID is not set
> # end of HD-Audio
>
> CONFIG_SND_HDA_CORE=m
> @@ -7153,16 +7151,16 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf"
> #
> # Kernel hardening options
> #
> -CONFIG_GCC_PLUGIN_STRUCTLEAK=y
>
> #
> # Memory initialization
> #
> +CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y
> +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y
> +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y
> # CONFIG_INIT_STACK_NONE is not set
> -# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set
> -# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
> -CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
> -# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
> +# CONFIG_INIT_STACK_ALL_PATTERN is not set
> +CONFIG_INIT_STACK_ALL_ZERO=y
> # CONFIG_GCC_PLUGIN_STACKLEAK is not set
> CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
> # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
> diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
> index fab1e5064..58ca6d1cd 100644
> --- a/config/rootfiles/common/x86_64/linux
> +++ b/config/rootfiles/common/x86_64/linux
> @@ -7460,7 +7460,6 @@ etc/modprobe.d/ipv6.conf
> #lib/modules/KVER-ipfire/build/include/config/DRM_TTM
> #lib/modules/KVER-ipfire/build/include/config/DRM_TTM_HELPER
> #lib/modules/KVER-ipfire/build/include/config/DRM_UDL
> -#lib/modules/KVER-ipfire/build/include/config/DRM_USE_DYNAMIC_DEBUG
> #lib/modules/KVER-ipfire/build/include/config/DRM_VBOXVIDEO
> #lib/modules/KVER-ipfire/build/include/config/DRM_VIRTIO_GPU
> #lib/modules/KVER-ipfire/build/include/config/DRM_VMWGFX
> @@ -9133,7 +9132,6 @@ etc/modprobe.d/ipv6.conf
> #lib/modules/KVER-ipfire/build/include/config/NET_CLS_ROUTE4
> #lib/modules/KVER-ipfire/build/include/config/NET_CLS_RSVP
> #lib/modules/KVER-ipfire/build/include/config/NET_CLS_RSVP6
> -#lib/modules/KVER-ipfire/build/include/config/NET_CLS_TCINDEX
> #lib/modules/KVER-ipfire/build/include/config/NET_CLS_U32
> #lib/modules/KVER-ipfire/build/include/config/NET_CORE
> #lib/modules/KVER-ipfire/build/include/config/NET_DEVLINK
> @@ -10358,7 +10356,6 @@ etc/modprobe.d/ipv6.conf
> #lib/modules/KVER-ipfire/build/include/config/SERIAL_EARLYCON
> #lib/modules/KVER-ipfire/build/include/config/SERIAL_FSL_LINFLEXUART
> #lib/modules/KVER-ipfire/build/include/config/SERIAL_FSL_LPUART
> -#lib/modules/KVER-ipfire/build/include/config/SERIAL_FSL_LPUART_CONSOLE
> #lib/modules/KVER-ipfire/build/include/config/SERIAL_JSM
> #lib/modules/KVER-ipfire/build/include/config/SERIAL_LANTIQ
> #lib/modules/KVER-ipfire/build/include/config/SERIAL_MCTRL_GPIO
> @@ -22762,7 +22759,6 @@ lib/modules/KVER-ipfire/kernel
> #lib/modules/KVER-ipfire/kernel/net/sched/cls_route.ko.xz
> #lib/modules/KVER-ipfire/kernel/net/sched/cls_rsvp.ko.xz
> #lib/modules/KVER-ipfire/kernel/net/sched/cls_rsvp6.ko.xz
> -#lib/modules/KVER-ipfire/kernel/net/sched/cls_tcindex.ko.xz
> #lib/modules/KVER-ipfire/kernel/net/sched/cls_u32.ko.xz
> #lib/modules/KVER-ipfire/kernel/net/sched/em_cmp.ko.xz
> #lib/modules/KVER-ipfire/kernel/net/sched/em_ipset.ko.xz
> diff --git a/lfs/linux b/lfs/linux
> index b790a4fe3..d9f7bdd71 100644
> --- a/lfs/linux
> +++ b/lfs/linux
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 6.1.11
> +VER = 6.1.24
> ARM_PATCHES = 6.1.y-ipfire0
>
> THISAPP = linux-$(VER)
> @@ -75,7 +75,7 @@ objects = \
> $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
> arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
>
> -$(DL_FILE)_BLAKE2 = 2a1dc1acd63308d72a927f39bc5a9be0bc220673655422c90113300598e754d16021cec85751044114d161a82e476473896bd778180d889d54917ce19d176b4c
> +$(DL_FILE)_BLAKE2 = 2f20ad999655226bc79caca109bde0f940420d87a293cf000f2d8304122bdfcc388c1a558ff26f2f551c9b6133b8fb120dbd537f914e1b88d0fbbd5408e648b0
> arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 3ef9a778c5c41ee8bf2942a48f63b21228a632a2910d2123f01155bbf571592898cffffa61c387a5a6c817b62e458947b4c406c6591b23b5401faa47b020337f
>
> install : $(TARGET)
> --
> 2.35.3
prev parent reply other threads:[~2023-04-19 9:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-18 20:51 Peter Müller
2023-04-18 20:52 ` [PATCH 2/2] linux: Compile "Intel XHCI USB Role Switch" as a module on x86_64 Peter Müller
2023-04-19 9:26 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AF96E182-E745-487C-B2A6-67459EB7B4B6@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox