[packages/kernel] up to 5.18.14 (bunch of new x86 mitigations)

Fri Jul 29 12:56:05 CEST 2022

commit f9fc8a48bffd96c5ea73b52dbd9a75ad5d86e539
Author: Jan Palus <atler at pld-linux.org>
Date:   Fri Jul 29 12:51:22 2022 +0200

    up to 5.18.14 (bunch of new x86 mitigations)

 kernel-layer7.patch     | 2 +-
 kernel-multiarch.config | 8 ++++----
 kernel-x86.config       | 9 +++++++--
 kernel.spec             | 4 ++--
 4 files changed, 14 insertions(+), 9 deletions(-)
---

diff --git a/kernel.spec b/kernel.spec
index 2179557f..0eab377a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -67,7 +67,7 @@
 
 %define		rel		1
 %define		basever		5.18
-%define		postver		.12
+%define		postver		.14
 
 # define this to '-%{basever}' for longterm branch
 %define		versuffix	%{nil}
@@ -121,7 +121,7 @@ Source0:	https://www.kernel.org/pub/linux/kernel/v5.x/linux-%{basever}.tar.xz
 # Source0-md5:	58e80452e2d8e1993cd7ec95e697ab5a
 %if "%{postver}" != ".0"
 Patch0:		https://www.kernel.org/pub/linux/kernel/v5.x/patch-%{version}.xz
-# Patch0-md5:	49c8a948f51f29467b902a8d841becd6
+# Patch0-md5:	05dee8a9a2d04a0cde691b449114177b
 %endif
 Source1:	kernel.sysconfig
 
diff --git a/kernel-layer7.patch b/kernel-layer7.patch
index 8795f11f..8f90bad9 100644
--- a/kernel-layer7.patch
+++ b/kernel-layer7.patch
@@ -98,7 +98,7 @@ diff -urNp -x '*.orig' linux-5.11/net/netfilter/nf_conntrack_core.c linux-5.11/n
 +	#endif
 +
 +
- 	/* We overload first tuple to link into unconfirmed or dying list.*/
+ 	/* We overload first tuple to link into unconfirmed list.*/
  	pcpu = per_cpu_ptr(nf_ct_net(ct)->ct.pcpu_lists, ct->cpu);
  
 diff -urNp -x '*.orig' linux-5.11/net/netfilter/nf_conntrack_standalone.c linux-5.11/net/netfilter/nf_conntrack_standalone.c
diff --git a/kernel-multiarch.config b/kernel-multiarch.config
index 82817d7f..9d7e797a 100644
--- a/kernel-multiarch.config
+++ b/kernel-multiarch.config
@@ -39,6 +39,7 @@ KPROBES arm=y arm64=y
 LOCK_EVENT_COUNTS all=n
 LTO_NONE all=y
 MICROCODE_OLD_INTERFACE all=n
+PAGE_TABLE_ISOLATION all=y
 PERF_EVENTS_AMD_POWER all=m
 PERF_EVENTS_AMD_UNCORE all=m
 PERF_EVENTS_INTEL_CSTATE all=m
@@ -14400,7 +14401,6 @@ GCC_PLUGIN_RANDSTRUCT_PERFORMANCE all=y
 SECURITY_DMESG_RESTRICT all=y
 SECURITY all=y
 SECURITY_NETWORK all=y
-PAGE_TABLE_ISOLATION all=y
 SECURITY_INFINIBAND all=y
 SECURITY_NETWORK_XFRM all=y
 SECURITY_PATH all=y
@@ -14954,6 +14954,9 @@ SND_SOC_MIKROE_PROTO arm=m arm64=m
 #-
 SND_BCM2835_SOC_I2S arm=m
 SND_BCM63XX_I2S_WHISTLER all=m
+SND_BCM2708_SOC_HIFIBERRY_DAC arm=m arm64=m
+SND_RPI_SIMPLE_SOUNDCARD arm=m arm64=m
+SND_RPI_WM8804_SOUNDCARD arm=m arm64=m
 
 #-
 #- *** FILE: sound/soc/codecs/Kconfig ***
@@ -15599,9 +15602,6 @@ SATA_DWC_DEBUG all=n
 SBNI i386=m x86_64=m
 SBNI_MULTILINE i386=y x86_64=y
 SENSORS_AMD_ENERGY all=m
-SND_BCM2708_SOC_HIFIBERRY_DAC arm=m arm64=m
-SND_RPI_SIMPLE_SOUNDCARD arm=m arm64=m
-SND_RPI_WM8804_SOUNDCARD arm=m arm64=m
 SND_SOC_SOF_HDA_ALWAYS_ENABLE_DMI_L1 all=y
 SND_SOC_ZX_AUD96P22 all=m
 SPI_INTEL_SPI_PCI all=m
diff --git a/kernel-x86.config b/kernel-x86.config
index 0f85cd2a..7fd7449d 100644
--- a/kernel-x86.config
+++ b/kernel-x86.config
@@ -6,8 +6,6 @@
 SMP x86=y
 X86_X2APIC all=y
 X86_MPPARSE x86=y
-RETPOLINE x86=y
-SLS x86_64=y
 X86_CPU_RESCTRL all=y
 X86_BIGSMP i386=y
 X86_EXTENDED_PLATFORM i386=y x86_64=y
@@ -105,6 +103,13 @@ LEGACY_VSYSCALL_XONLY all=y
 LEGACY_VSYSCALL_NONE all=n
 CMDLINE_BOOL x86=n
 #- file kernel/livepatch/Kconfig goes here
+SPECULATION_MITIGATIONS x86=y
+RETPOLINE x86=y
+RETHUNK x86=y
+CPU_UNRET_ENTRY x86=y
+CPU_IBPB_ENTRY x86=y
+CPU_IBRS_ENTRY x86=y
+SLS x86_64=y
 #- file kernel/power/Kconfig goes here
 #- file drivers/acpi/Kconfig goes here
 APM i386=m
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/f9fc8a48bffd96c5ea73b52dbd9a75ad5d86e539

