From 6aa0837d24c6f135368ff6338e5cce5fe5fa095a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Tue, 18 Apr 2023 20:51:00 +0000 Subject: [PATCH] linux: Update to 6.1.24 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Compiling the kernel has automatically introduced CONFIG_INIT_STACK_ALL_ZERO=y and removed GCC's structleak plugin (not to be confused with its stackleak counterpart). However, according to related documentation, this neither introduces a security nor performance disadvantage. Signed-off-by: Peter Müller Reviewed-by: Michael Tremer --- config/kernel/kernel.config.aarch64-ipfire | 24 ++++++++++------------ config/kernel/kernel.config.x86_64-ipfire | 24 ++++++++++------------ config/rootfiles/common/x86_64/linux | 4 ---- lfs/linux | 4 ++-- 4 files changed, 24 insertions(+), 32 deletions(-) diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 9fbe4b7a2e..7e3918d847 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,15 +1,15 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.1.6-ipfire Kernel Configuration +# Linux/arm64 6.1.24-ipfire Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.3.0" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=110300 +CONFIG_GCC_VERSION=120200 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=23900 +CONFIG_AS_VERSION=24000 CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=23900 +CONFIG_LD_VERSION=24000 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y @@ -1536,7 +1536,6 @@ CONFIG_DEFAULT_NET_SCH="fq_codel" # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=m -CONFIG_NET_CLS_TCINDEX=m CONFIG_NET_CLS_ROUTE4=m CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m @@ -3544,7 +3543,6 @@ CONFIG_SERIAL_ARC=m CONFIG_SERIAL_ARC_NR_PORTS=1 # CONFIG_SERIAL_RP2 is not set CONFIG_SERIAL_FSL_LPUART=m -CONFIG_SERIAL_FSL_LPUART_CONSOLE=y CONFIG_SERIAL_FSL_LINFLEXUART=y CONFIG_SERIAL_FSL_LINFLEXUART_CONSOLE=y # CONFIG_SERIAL_CONEXANT_DIGICOLOR is not set @@ -5463,7 +5461,6 @@ CONFIG_DVB_SP2=m CONFIG_APERTURE_HELPERS=y CONFIG_DRM=m CONFIG_DRM_MIPI_DSI=y -CONFIG_DRM_USE_DYNAMIC_DEBUG=y CONFIG_DRM_KMS_HELPER=m # CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set CONFIG_DRM_DEBUG_MODESET_LOCK=y @@ -5943,6 +5940,7 @@ CONFIG_SND_HDA_CODEC_SI3054=m CONFIG_SND_HDA_GENERIC=m CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 # CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set +# CONFIG_SND_HDA_CTL_DEV_ID is not set # end of HD-Audio CONFIG_SND_HDA_CORE=m @@ -7937,16 +7935,16 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" # # Kernel hardening options # -CONFIG_GCC_PLUGIN_STRUCTLEAK=y # # Memory initialization # +CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y # CONFIG_INIT_STACK_NONE is not set -# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set -# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set -CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y -# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set +# CONFIG_INIT_STACK_ALL_PATTERN is not set +CONFIG_INIT_STACK_ALL_ZERO=y # CONFIG_GCC_PLUGIN_STACKLEAK is not set CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 988ec980b6..867e99e9f6 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,15 +1,15 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.1.6 Kernel Configuration +# Linux/x86 6.1.24-ipfire Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.3.0" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=110300 +CONFIG_GCC_VERSION=120200 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=23900 +CONFIG_AS_VERSION=24000 CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=23900 +CONFIG_LD_VERSION=24000 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y @@ -1579,7 +1579,6 @@ CONFIG_DEFAULT_NET_SCH="fq_codel" # CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=m -CONFIG_NET_CLS_TCINDEX=m CONFIG_NET_CLS_ROUTE4=m CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m @@ -3444,7 +3443,6 @@ CONFIG_SERIAL_ARC_NR_PORTS=1 CONFIG_SERIAL_RP2=m CONFIG_SERIAL_RP2_NR_UARTS=32 CONFIG_SERIAL_FSL_LPUART=m -CONFIG_SERIAL_FSL_LPUART_CONSOLE=y CONFIG_SERIAL_FSL_LINFLEXUART=m CONFIG_SERIAL_SPRD=m # end of Serial drivers @@ -5171,7 +5169,6 @@ CONFIG_INTEL_GTT=y CONFIG_VGA_SWITCHEROO=y CONFIG_DRM=m CONFIG_DRM_MIPI_DSI=y -CONFIG_DRM_USE_DYNAMIC_DEBUG=y CONFIG_DRM_KMS_HELPER=m # CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set # CONFIG_DRM_DEBUG_MODESET_LOCK is not set @@ -5614,6 +5611,7 @@ CONFIG_SND_HDA_CODEC_SI3054=m CONFIG_SND_HDA_GENERIC=m CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 # CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set +# CONFIG_SND_HDA_CTL_DEV_ID is not set # end of HD-Audio CONFIG_SND_HDA_CORE=m @@ -7153,16 +7151,16 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" # # Kernel hardening options # -CONFIG_GCC_PLUGIN_STRUCTLEAK=y # # Memory initialization # +CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y # CONFIG_INIT_STACK_NONE is not set -# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set -# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set -CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y -# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set +# CONFIG_INIT_STACK_ALL_PATTERN is not set +CONFIG_INIT_STACK_ALL_ZERO=y # CONFIG_GCC_PLUGIN_STACKLEAK is not set CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index fab1e5064f..58ca6d1cd7 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -7460,7 +7460,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/DRM_TTM #lib/modules/KVER-ipfire/build/include/config/DRM_TTM_HELPER #lib/modules/KVER-ipfire/build/include/config/DRM_UDL -#lib/modules/KVER-ipfire/build/include/config/DRM_USE_DYNAMIC_DEBUG #lib/modules/KVER-ipfire/build/include/config/DRM_VBOXVIDEO #lib/modules/KVER-ipfire/build/include/config/DRM_VIRTIO_GPU #lib/modules/KVER-ipfire/build/include/config/DRM_VMWGFX @@ -9133,7 +9132,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/NET_CLS_ROUTE4 #lib/modules/KVER-ipfire/build/include/config/NET_CLS_RSVP #lib/modules/KVER-ipfire/build/include/config/NET_CLS_RSVP6 -#lib/modules/KVER-ipfire/build/include/config/NET_CLS_TCINDEX #lib/modules/KVER-ipfire/build/include/config/NET_CLS_U32 #lib/modules/KVER-ipfire/build/include/config/NET_CORE #lib/modules/KVER-ipfire/build/include/config/NET_DEVLINK @@ -10358,7 +10356,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/SERIAL_EARLYCON #lib/modules/KVER-ipfire/build/include/config/SERIAL_FSL_LINFLEXUART #lib/modules/KVER-ipfire/build/include/config/SERIAL_FSL_LPUART -#lib/modules/KVER-ipfire/build/include/config/SERIAL_FSL_LPUART_CONSOLE #lib/modules/KVER-ipfire/build/include/config/SERIAL_JSM #lib/modules/KVER-ipfire/build/include/config/SERIAL_LANTIQ #lib/modules/KVER-ipfire/build/include/config/SERIAL_MCTRL_GPIO @@ -22762,7 +22759,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/net/sched/cls_route.ko.xz #lib/modules/KVER-ipfire/kernel/net/sched/cls_rsvp.ko.xz #lib/modules/KVER-ipfire/kernel/net/sched/cls_rsvp6.ko.xz -#lib/modules/KVER-ipfire/kernel/net/sched/cls_tcindex.ko.xz #lib/modules/KVER-ipfire/kernel/net/sched/cls_u32.ko.xz #lib/modules/KVER-ipfire/kernel/net/sched/em_cmp.ko.xz #lib/modules/KVER-ipfire/kernel/net/sched/em_ipset.ko.xz diff --git a/lfs/linux b/lfs/linux index b790a4fe32..d9f7bdd71c 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@ include Config -VER = 6.1.11 +VER = 6.1.24 ARM_PATCHES = 6.1.y-ipfire0 THISAPP = linux-$(VER) @@ -75,7 +75,7 @@ objects = \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz -$(DL_FILE)_BLAKE2 = 2a1dc1acd63308d72a927f39bc5a9be0bc220673655422c90113300598e754d16021cec85751044114d161a82e476473896bd778180d889d54917ce19d176b4c +$(DL_FILE)_BLAKE2 = 2f20ad999655226bc79caca109bde0f940420d87a293cf000f2d8304122bdfcc388c1a558ff26f2f551c9b6133b8fb120dbd537f914e1b88d0fbbd5408e648b0 arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 3ef9a778c5c41ee8bf2942a48f63b21228a632a2910d2123f01155bbf571592898cffffa61c387a5a6c817b62e458947b4c406c6591b23b5401faa47b020337f install : $(TARGET) -- 2.39.2