From 8dfc059e2776fdaebd74a93734357f1338623654 Mon Sep 17 00:00:00 2001 From: Nils Freydank Date: Thu, 18 Jan 2018 14:29:06 +0100 Subject: [PATCH] fluffy: Bump to 4.14.14-gentoo, which contains ktpi and basics for the rest. fixed: meltdown vuln.: spectre v1, v2 (AFAIK) --- fluffy-config | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/fluffy-config b/fluffy-config index 2c11d51..28eb9fa 100644 --- a/fluffy-config +++ b/fluffy-config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.7-gentoo Kernel Configuration +# Linux/x86 4.14.14-gentoo Kernel Configuration # # @@ -461,6 +461,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y # CONFIG_X86_X2APIC is not set CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set +CONFIG_RETPOLINE=y # CONFIG_INTEL_RDT is not set # CONFIG_X86_EXTENDED_PLATFORM is not set CONFIG_X86_INTEL_LPSS=y @@ -1207,6 +1208,7 @@ CONFIG_DEBUG_DEVRES=y # CONFIG_SYS_HYPERVISOR is not set # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=y CONFIG_DMA_SHARED_BUFFER=y @@ -3376,8 +3378,7 @@ CONFIG_DEBUG_FS=y # CONFIG_HEADERS_CHECK is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set CONFIG_SECTION_MISMATCH_WARN_ONLY=y -CONFIG_FRAME_POINTER=y -# CONFIG_STACK_VALIDATION is not set +CONFIG_STACK_VALIDATION=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set CONFIG_MAGIC_SYSRQ=y CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 @@ -3580,9 +3581,9 @@ CONFIG_OPTIMIZE_INLINING=y CONFIG_DEBUG_NMI_SELFTEST=y CONFIG_X86_DEBUG_FPU=y # CONFIG_PUNIT_ATOM_DEBUG is not set -CONFIG_FRAME_POINTER_UNWINDER=y -# CONFIG_ORC_UNWINDER is not set -# CONFIG_GUESS_UNWINDER is not set +CONFIG_UNWINDER_ORC=y +# CONFIG_UNWINDER_FRAME_POINTER is not set +# CONFIG_UNWINDER_GUESS is not set # # Security options @@ -3598,6 +3599,7 @@ CONFIG_SECURITY=y # CONFIG_SECURITY_WRITABLE_HOOKS is not set # CONFIG_SECURITYFS is not set CONFIG_SECURITY_NETWORK=y +CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_SECURITY_NETWORK_XFRM=y # CONFIG_SECURITY_PATH is not set # CONFIG_INTEL_TXT is not set