summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid P <megver83@parabola.nu>2022-07-27 11:40:20 -0400
committerDavid P <megver83@parabola.nu>2022-07-27 11:40:20 -0400
commit42413e9d52a82e3a6d0af98c5ed1685a2e184b27 (patch)
treecebd3330894d084fa2462a1ab6f3792647cd2795
parenta53021f9ea8ec48b0fea4fe9b66b0ef94a69b054 (diff)
updpkg: libre/linux-libre 5.18.14-1
Signed-off-by: David P <megver83@parabola.nu>
-rw-r--r--libre/linux-libre/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch14
-rw-r--r--libre/linux-libre/0002-HID-apple-Properly-handle-function-keys-on-Keychron-.patch6
-rw-r--r--libre/linux-libre/0003-soundwire-Raise-DEFAULT_PROBE_TIMEOUT-to-10000-ms.patch26
-rw-r--r--libre/linux-libre/PKGBUILD27
-rw-r--r--libre/linux-libre/config.i68639
-rw-r--r--libre/linux-libre/config.x86_6425
6 files changed, 99 insertions, 38 deletions
diff --git a/libre/linux-libre/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/libre/linux-libre/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
index a1c62dc7f..ba0d75381 100644
--- a/libre/linux-libre/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+++ b/libre/linux-libre/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
@@ -1,7 +1,7 @@
-From 9baf57b4c2d9348bd5adecbb893870d1d79fade1 Mon Sep 17 00:00:00 2001
+From 63cec1d1efdb31caeef17411c7560e8b0f941073 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Mon, 16 Sep 2019 04:53:20 +0200
-Subject: [PATCH 1/2] ZEN: Add sysctl and CONFIG to disallow unprivileged
+Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged
CLONE_NEWUSER
Our default behavior continues to match the vanilla kernel.
@@ -36,10 +36,10 @@ index 33a4240e6a6f..82213f9c4c17 100644
{
return &init_user_ns;
diff --git a/init/Kconfig b/init/Kconfig
-index b19e2eeaae80..2c2e01d76076 100644
+index fa63cc019ebf..5aa29feccae3 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -1240,6 +1240,22 @@ config USER_NS
+@@ -1249,6 +1249,22 @@ config USER_NS
If unsure, say N.
@@ -102,7 +102,7 @@ index 0d8abfb9e0f4..bd7c215e315f 100644
if (err)
goto bad_unshare_out;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 830aaf8ca08e..af4c0806bd8e 100644
+index c42ba2d669dc..a6ddbf02a809 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -91,6 +91,9 @@
@@ -115,7 +115,7 @@ index 830aaf8ca08e..af4c0806bd8e 100644
#if defined(CONFIG_SYSCTL)
-@@ -1803,6 +1806,15 @@ static struct ctl_table kern_table[] = {
+@@ -1806,6 +1809,15 @@ static struct ctl_table kern_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
@@ -150,5 +150,5 @@ index 5481ba44a8d6..423ab2563ad7 100644
static DEFINE_MUTEX(userns_state_mutex);
--
-2.36.1
+2.37.1
diff --git a/libre/linux-libre/0002-HID-apple-Properly-handle-function-keys-on-Keychron-.patch b/libre/linux-libre/0002-HID-apple-Properly-handle-function-keys-on-Keychron-.patch
index 4d36e40fb..7212fe4a7 100644
--- a/libre/linux-libre/0002-HID-apple-Properly-handle-function-keys-on-Keychron-.patch
+++ b/libre/linux-libre/0002-HID-apple-Properly-handle-function-keys-on-Keychron-.patch
@@ -1,7 +1,7 @@
-From e410435c977a01e386fda83b5215540365a0086f Mon Sep 17 00:00:00 2001
+From 4b81eecd4c636d953aaf4ebafd8171716f4c61fe Mon Sep 17 00:00:00 2001
From: Bryan Cain <bryancain3@gmail.com>
Date: Thu, 5 May 2022 13:12:21 -0600
-Subject: [PATCH 2/2] HID: apple: Properly handle function keys on Keychron
+Subject: [PATCH 2/3] HID: apple: Properly handle function keys on Keychron
keyboards
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
@@ -103,5 +103,5 @@ index 0cf35caee9fa..42a568902f49 100644
}
--
-2.36.1
+2.37.1
diff --git a/libre/linux-libre/0003-soundwire-Raise-DEFAULT_PROBE_TIMEOUT-to-10000-ms.patch b/libre/linux-libre/0003-soundwire-Raise-DEFAULT_PROBE_TIMEOUT-to-10000-ms.patch
new file mode 100644
index 000000000..606afbdaf
--- /dev/null
+++ b/libre/linux-libre/0003-soundwire-Raise-DEFAULT_PROBE_TIMEOUT-to-10000-ms.patch
@@ -0,0 +1,26 @@
+From 2da21cf28e573b84e5a5baecc1eda7372322375d Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
+Date: Sat, 23 Jul 2022 11:14:46 +0200
+Subject: [PATCH 3/3] soundwire: Raise DEFAULT_PROBE_TIMEOUT to 10000 ms
+
+See: https://github.com/thesofproject/linux/issues/3777#issuecomment-1192655300
+---
+ drivers/soundwire/bus.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/soundwire/bus.h b/drivers/soundwire/bus.h
+index 7631ef5e71fb..d3ed828daac0 100644
+--- a/drivers/soundwire/bus.h
++++ b/drivers/soundwire/bus.h
+@@ -5,7 +5,7 @@
+ #define __SDW_BUS_H
+
+ #define DEFAULT_BANK_SWITCH_TIMEOUT 3000
+-#define DEFAULT_PROBE_TIMEOUT 2000
++#define DEFAULT_PROBE_TIMEOUT 10000
+
+ u64 sdw_dmi_override_adr(struct sdw_bus *bus, u64 addr);
+
+--
+2.37.1
+
diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD
index 06574adaf..42939874a 100644
--- a/libre/linux-libre/PKGBUILD
+++ b/libre/linux-libre/PKGBUILD
@@ -14,11 +14,11 @@ _replacesoldkernels=() # '%' gets replaced with kernel suffix
_replacesoldmodules=() # '%' gets replaced with kernel suffix
pkgbase=linux-libre
-pkgver=5.18.5
+pkgver=5.18.14
pkgrel=1
pkgdesc='Linux-libre'
-rcnver=5.18.2
-rcnrel=armv7-x6
+rcnver=5.18.12
+rcnrel=armv7-x8
url='https://linux-libre.fsfla.org/'
arch=(i686 x86_64 armv7h)
license=(GPL2)
@@ -47,6 +47,7 @@ source=(
# Arch Linux patches
0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
0002-HID-apple-Properly-handle-function-keys-on-Keychron-.patch
+ 0003-soundwire-Raise-DEFAULT_PROBE_TIMEOUT-to-10000-ms.patch
)
source_i686=(
# avoid using zstd compression in ultra mode (exhausts virtual memory)
@@ -72,7 +73,7 @@ validpgpkeys=(
)
sha512sums=('13be3762fffd74c63eeb23b0d34b994a3e5198bfdbda4f013b38f8d3edd24b9bbebe5a4bfde0f5191aa1cf2678e4517f3b5540a40b30ebc05da1f6708cbb98bb'
'SKIP'
- '9355c0f22606c0401e8a01d6e22f0fa6e97b69a9fce6d991235da6430907fb6a788fca30bd48e5cbb743cc4a211a40806c896f660db7432e7bc85ba7634b5d06'
+ '9016e87060d3ddbf4bad5adee54f07cba3930a23a5c2a7ca32338a98d0c51676228f3d97405c624f2f48a67849f9b40a5dc670e10fbc02bc75cc4d47deab4c34'
'SKIP'
'13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
'SKIP'
@@ -80,8 +81,8 @@ sha512sums=('13be3762fffd74c63eeb23b0d34b994a3e5198bfdbda4f013b38f8d3edd24b9bbeb
'SKIP'
'267295aa0cea65684968420c68b32f1a66a22d018b9d2b2c1ef14267bcf4cb68aaf7099d073cbfefe6c25c8608bdcbbd45f7ac8893fdcecbf1e621abdfe9ecc1'
'SKIP'
- 'bcec71d3bd1daaa27bdf4c9a10f0b302b915e8236ef47b5e6d6eaf65bfd0b34644d8d3ff6c25d894ae21dedbece3c1f1ff152fbf8525b77100bc790d0541f3f1'
- 'e141c387e8045030278d683a1294bfd3d13197bf3466a9c89c4f72a53aafed606acc8e42e528479527c638af895bce2303944b5d8b8a29040f5aae8a9581dd5a'
+ '9833a9caf788aa928b7c4fab85205259459cc65ccf2b1ef1af8f9dfecf8804829aa4c1f0571a1a0819c6e838ab3f32a5322df9ddb07a201bc43c66ad6c3b2f3b'
+ '9112373138102b14ca900156afc6292334fc2b9ee542f1f5264ff2b6dc82073f761e9caf35aff56fb47cb285fbc2c4421f6d89c1d417f823f38b1e3f287d9294'
'47d16ffc94510d4a8773146a46cfb35aca8cfdae38d17283334cd62d92de36250fbec90e9892357033398ecc7d970127b1a41b703a8372972422ca4af7c90c70'
'53103bf55b957b657039510527df0df01279dec59cda115a4d6454e4135025d4546167fa30bdc99107f232561c1e096d8328609ab5a876cf7017176f92ad3e0b'
'f10af02f0cb2d31259d9633e1ba845f555f525789f750fc2ddc51bd18c5ff64fcdd242dae801623887f5ce5cdb5528bce890459f0fab9fd31a28868bb7f6bba5'
@@ -89,10 +90,11 @@ sha512sums=('13be3762fffd74c63eeb23b0d34b994a3e5198bfdbda4f013b38f8d3edd24b9bbeb
'143dea30c6da00e504c99984a98a0eb2411f558fcdd9dfa7f607d6c14e9e7dffff9cb00121d9317044b07e3e210808286598c785ee854084b993ec9cb14d8232'
'02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168'
- '1b6c3108d5628ca6db20c2bc3431e560ab2a274aaf863e7a796f1931a35982d175247f47cbfbb7d643ffc6b742442806755bb10339e5b0577c3f232b38288891'
- 'bf6d9a66be49c2cc67b0a0f3cfb61734adf7a3b032b5ed133e1e0afbf4a6ddbd3e8231e4b85fef2e3aeb7274a60f7572a4469c057ff13d81134613f01767d3b2')
+ '671ab29fb1858c3898792164ac49d57103ecdeff220d7b262efb0c74ee270a670cf40f746a76f400513019989d858326fb3da507a0159418215e0b645011c406'
+ '2fecb2fb31981af21e17ce08c8352236f8817e6000f7e542f7479eaa7300238c4581f992b4da4d49dd2657d3e3c038eb0369954559f233b2913c382ef25b5753'
+ '816ad9cb93a473376487234d4bf255f7d081c37186b1715e914c2c30dcdcfaee7b6db4eeb427969190d0cffa7499bc99c95ef58fb8c632d27e51d0350990f0ce')
sha512sums_i686=('bca15cc96f64c38adcd13a46752866b5b30555ac21e19b3f7afcd20fcb7ec585c9d990fe8f842f44d5f69d477d72867fe6a9102729f26f93f5a80b372e41ce85')
-sha512sums_armv7h=('5a75b12dd386940a0bf1be630d45a514ef3c32289ec5976988764baa8483b254e5dcc879337556bfa041b6dbf9ac16debbe4b57bf86db30089661e9536ffaa0a'
+sha512sums_armv7h=('94c6243d23bc995dec3edcb1dd5cc7d5e7d30fec70fc32b9be5f3e7d934da7035e9152fea3cce58a53b0f35f29060bdef2a3a2dac3c46f520adf1088897362f9'
'SKIP'
'8da996a42249672893fa532ccbd096347580a0dc1698c45e9c865646e2765789553b1bb42793e721de30aea70340fdc116d2e4a50580fef999ca5fc627aaf4c3'
'0e6ddc24011d77a2e422b642c4507317fc2d26b20f5649818a2f11acac165ccab2cf2e64ab50d44ce7affcfe12c2ef5158790e499058831e7995400b2087df78'
@@ -175,8 +177,7 @@ prepare() {
build() {
cd $_srcname
- make all
- make htmldocs
+ make htmldocs all
}
_package() {
@@ -236,7 +237,7 @@ _package-headers() {
localversion.* version vmlinux
install -Dt "$builddir/kernel" -m644 kernel/Makefile
install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile
- if [[ $CARCH = i686 ]]; then
+ if [ "$CARCH" = i686 ]; then
install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile_32.cpu
fi
cp -t "$builddir" -a scripts
@@ -379,7 +380,7 @@ _package-chromebook() {
}
pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
-[[ $CARCH = armv7h ]] && pkgname+=("$pkgbase-chromebook")
+[ "$CARCH" = armv7h ] && pkgname+=("$pkgbase-chromebook")
for _p in "${pkgname[@]}"; do
eval "package_$_p() {
$(declare -f "_package${_p#$pkgbase}")
diff --git a/libre/linux-libre/config.i686 b/libre/linux-libre/config.i686
index 825810459..a23c25e10 100644
--- a/libre/linux-libre/config.i686
+++ b/libre/linux-libre/config.i686
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.18.5-gnu Kernel Configuration
+# Linux/x86 5.18.14-gnu Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.1.0"
CONFIG_CC_IS_GCC=y
@@ -18,7 +18,7 @@ CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
CONFIG_CC_HAS_ASM_INLINE=y
CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
-CONFIG_PAHOLE_VERSION=0
+CONFIG_PAHOLE_VERSION=123
CONFIG_IRQ_WORK=y
CONFIG_BUILDTIME_TABLE_SORT=y
CONFIG_THREAD_INFO_IN_TASK=y
@@ -187,6 +187,8 @@ CONFIG_UCLAMP_BUCKETS_COUNT=5
CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5"
+CONFIG_GCC12_NO_ARRAY_BOUNDS=y
+CONFIG_CC_NO_ARRAY_BOUNDS=y
CONFIG_CGROUPS=y
CONFIG_PAGE_COUNTER=y
CONFIG_MEMCG=y
@@ -332,8 +334,6 @@ CONFIG_SMP=y
CONFIG_X86_FEATURE_NAMES=y
CONFIG_X86_MPPARSE=y
# CONFIG_GOLDFISH is not set
-CONFIG_RETPOLINE=y
-CONFIG_CC_HAS_SLS=y
CONFIG_X86_CPU_RESCTRL=y
CONFIG_X86_BIGSMP=y
# CONFIG_X86_EXTENDED_PLATFORM is not set
@@ -493,6 +493,14 @@ CONFIG_MODIFY_LDT_SYSCALL=y
# CONFIG_STRICT_SIGALTSTACK_SIZE is not set
# end of Processor type and features
+CONFIG_CC_HAS_SLS=y
+CONFIG_CC_HAS_RETURN_THUNK=y
+CONFIG_SPECULATION_MITIGATIONS=y
+CONFIG_RETPOLINE=y
+CONFIG_RETHUNK=y
+CONFIG_CPU_UNRET_ENTRY=y
+CONFIG_CPU_IBPB_ENTRY=y
+CONFIG_CPU_IBRS_ENTRY=y
CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y
#
@@ -10478,14 +10486,24 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
CONFIG_SECURITY_LANDLOCK=y
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_TRUSTED_KEYRING=y
+CONFIG_INTEGRITY_PLATFORM_KEYRING=y
+CONFIG_INTEGRITY_MACHINE_KEYRING=y
+CONFIG_LOAD_UEFI_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_IMA is not set
+# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set
# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+# CONFIG_EVM is not set
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
# CONFIG_DEFAULT_SECURITY_SMACK is not set
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="landlock,lockdown,yama,bpf"
+CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"
#
# Kernel hardening options
@@ -10496,9 +10514,9 @@ CONFIG_LSM="landlock,lockdown,yama,bpf"
#
CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y
CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y
-# CONFIG_INIT_STACK_NONE is not set
+CONFIG_INIT_STACK_NONE=y
# CONFIG_INIT_STACK_ALL_PATTERN is not set
-CONFIG_INIT_STACK_ALL_ZERO=y
+# CONFIG_INIT_STACK_ALL_ZERO is not set
# CONFIG_GCC_PLUGIN_STACKLEAK is not set
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
@@ -10769,6 +10787,7 @@ CONFIG_CRYPTO_LIB_SM3=m
CONFIG_CRYPTO_LIB_SM4=m
# end of Crypto library routines
+CONFIG_LIB_MEMNEQ=y
CONFIG_CRC_CCITT=y
CONFIG_CRC16=m
CONFIG_CRC_T10DIF=y
@@ -10861,6 +10880,7 @@ CONFIG_LRU_CACHE=m
CONFIG_CLZ_TAB=y
CONFIG_IRQ_POLL=y
CONFIG_MPILIB=y
+CONFIG_SIGNATURE=y
CONFIG_DIMLIB=y
CONFIG_OID_REGISTRY=y
CONFIG_UCS2_STRING=y
@@ -10928,6 +10948,9 @@ CONFIG_DEBUG_INFO_DWARF4=y
# CONFIG_DEBUG_INFO_COMPRESSED is not set
# CONFIG_DEBUG_INFO_SPLIT is not set
CONFIG_DEBUG_INFO_BTF=y
+CONFIG_PAHOLE_HAS_SPLIT_BTF=y
+CONFIG_DEBUG_INFO_BTF_MODULES=y
+# CONFIG_MODULE_ALLOW_BTF_MISMATCH is not set
# CONFIG_GDB_SCRIPTS is not set
CONFIG_FRAME_WARN=1024
CONFIG_STRIP_ASM_SYMS=y
diff --git a/libre/linux-libre/config.x86_64 b/libre/linux-libre/config.x86_64
index 77f7e30ec..c9190a5bb 100644
--- a/libre/linux-libre/config.x86_64
+++ b/libre/linux-libre/config.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.18.5-gnu Kernel Configuration
+# Linux/x86 5.18.14-gnu Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.1.0"
CONFIG_CC_IS_GCC=y
@@ -197,6 +197,8 @@ CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
CONFIG_CC_HAS_INT128=y
CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5"
+CONFIG_GCC12_NO_ARRAY_BOUNDS=y
+CONFIG_CC_NO_ARRAY_BOUNDS=y
CONFIG_ARCH_SUPPORTS_INT128=y
CONFIG_NUMA_BALANCING=y
CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y
@@ -351,9 +353,6 @@ CONFIG_X86_FEATURE_NAMES=y
CONFIG_X86_X2APIC=y
CONFIG_X86_MPPARSE=y
# CONFIG_GOLDFISH is not set
-CONFIG_RETPOLINE=y
-CONFIG_CC_HAS_SLS=y
-CONFIG_SLS=y
CONFIG_X86_CPU_RESCTRL=y
# CONFIG_X86_EXTENDED_PLATFORM is not set
CONFIG_X86_INTEL_LPSS=y
@@ -497,7 +496,9 @@ CONFIG_SCHED_HRTICK=y
CONFIG_KEXEC=y
CONFIG_KEXEC_FILE=y
CONFIG_ARCH_HAS_KEXEC_PURGATORY=y
-# CONFIG_KEXEC_SIG is not set
+CONFIG_KEXEC_SIG=y
+# CONFIG_KEXEC_SIG_FORCE is not set
+CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
CONFIG_CRASH_DUMP=y
CONFIG_KEXEC_JUMP=y
CONFIG_PHYSICAL_START=0x1000000
@@ -522,6 +523,16 @@ CONFIG_HAVE_LIVEPATCH=y
# CONFIG_LIVEPATCH is not set
# end of Processor type and features
+CONFIG_CC_HAS_SLS=y
+CONFIG_CC_HAS_RETURN_THUNK=y
+CONFIG_SPECULATION_MITIGATIONS=y
+CONFIG_PAGE_TABLE_ISOLATION=y
+CONFIG_RETPOLINE=y
+CONFIG_RETHUNK=y
+CONFIG_CPU_UNRET_ENTRY=y
+CONFIG_CPU_IBPB_ENTRY=y
+CONFIG_CPU_IBRS_ENTRY=y
+CONFIG_SLS=y
CONFIG_ARCH_HAS_ADD_PAGES=y
CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y
@@ -10159,7 +10170,6 @@ CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
-CONFIG_PAGE_TABLE_ISOLATION=y
CONFIG_SECURITY_INFINIBAND=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
@@ -10219,7 +10229,7 @@ CONFIG_INTEGRITY_AUDIT=y
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="landlock,lockdown,yama,bpf"
+CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"
#
# Kernel hardening options
@@ -10533,6 +10543,7 @@ CONFIG_CRYPTO_LIB_SM3=m
CONFIG_CRYPTO_LIB_SM4=m
# end of Crypto library routines
+CONFIG_LIB_MEMNEQ=y
CONFIG_CRC_CCITT=y
CONFIG_CRC16=m
CONFIG_CRC_T10DIF=y