kernel

Clone of https://src.fedoraproject.org/rpms/kernel

Go to file

Josh Boyer f0cec8a3bb CVE-2016-1237 missing check for permissions setting ACL (rhbz 1350845 1350847)		2016-06-28 13:26:11 -04:00
scripts	Add check-configs.pl script from Paul Bolle	2014-11-11 09:57:11 -05:00
.gitignore	add kernel-4* to .gitignore	2015-03-13 12:54:51 -04:00
0001-drm-i915-Pretend-cursor-is-always-on-for-ILK-style-W.patch	Fix for flickering on Intel graphics (rhbz 1310252 1313318)	2016-03-02 10:39:41 -08:00
0001-usb-hub-fix-panic-in-usb_reset_and_verify_device.patch	Linux v4.4.3	2016-02-26 10:58:46 -08:00
acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
ACPI-Limit-access-to-custom_method.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
acpi-video-Add-force-native-backlight-quirk-for-Leno.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00
acpi-video-Allow-forcing-native-backlight-on-non-win.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00
Add-an-EFI-signature-blob-parser-and-key-loader.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
Add-EFI-signature-data-types.patch	Linux v4.4.3	2016-02-26 10:58:46 -08:00
Add-option-to-automatically-enforce-module-signature.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
Add-secure_modules-call.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
Add-sysrq-option-to-disable-secure-boot-mode.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca.patch	CVE-2016-4569 info leak in sound module (rhbz 1334643 1334645)	2016-05-10 08:18:51 -04:00
ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch	CVE-2016-4569 info leak in sound module (rhbz 1334643 1334645)	2016-05-10 08:18:51 -04:00
ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS.patch	CVE-2016-4569 info leak in sound module (rhbz 1334643 1334645)	2016-05-10 08:18:51 -04:00
alua_fix.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
arm64-acpi-drop-expert-patch.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
arm64-avoid-needing-console-to-enable-serial-console.patch	Linux v4.4.3	2016-02-26 10:58:46 -08:00
arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch	Refresh from git tree	2015-06-23 09:06:14 -04:00
arm-dts-am335x-boneblack-add-cpu0-opp-points.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00
arm-dts-am335x-boneblack-lcdc-add-panel-info.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00
arm-i.MX6-Utilite-device-dtb.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00
ARM-tegra-usb-no-reset.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
asus-wmi-Restrict-debugfs-interface-when-module-load.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
ath9k-rx-dma-stop-check.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00
bluetooth-Validate-socket-address-length-in-sco_sock.patch	CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841)	2015-12-18 08:57:18 -05:00
cdc_ncm-do-not-call-usbnet_link_change-from-cdc_ncm_.patch	CVE-2016-3951 usbnet: crash on invalid USB descriptors (rhbz 1324782 1324815)	2016-04-11 09:52:24 -04:00
config-arm64	Linux v4.4.3	2016-02-26 10:58:46 -08:00
config-arm-generic	Bring missed 4.4 ARMv7 fixes from F-23 kernel, Fix deferred nouveau module loading on tegra	2016-02-27 11:31:21 +00:00
config-armv7	Bring missed 4.4 ARMv7 fixes from F-23 kernel, Fix deferred nouveau module loading on tegra	2016-02-27 11:31:21 +00:00
config-armv7-generic	Enable IEEE802154_AT86RF230 on more arches (rhbz 1330356)	2016-04-26 11:13:13 -04:00
config-armv7-lpae	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
config-debug	Linux v4.4.3	2016-02-26 10:58:46 -08:00
config-generic	Enable IEEE802154_AT86RF230 on more arches (rhbz 1330356)	2016-04-26 11:13:13 -04:00
config-i686-PAE	Remove all references to unknown Kconfig symbols	2014-10-02 08:26:50 -04:00
config-local	Add support for local rebuild config option overrides	2011-01-10 17:37:27 -05:00
config-no-extra	disable extras on arm	2013-10-03 12:22:16 -04:00
config-nodebug	Linux v4.4.3	2016-02-26 10:58:46 -08:00
config-powerpc64	Linux v4.2.3	2015-10-07 16:39:21 -05:00
config-powerpc64-generic	Linux v4.4.3	2016-02-26 10:58:46 -08:00
config-powerpc64le	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
config-powerpc64p7	Linux v4.2.3	2015-10-07 16:39:21 -05:00
config-s390x	Linux v4.4.3	2016-02-26 10:58:46 -08:00
config-x86_64-generic	Linux v4.4.3	2016-02-26 10:58:46 -08:00
config-x86-32-generic	Linux v4.2.3	2015-10-07 16:39:21 -05:00
config-x86-generic	Switch back to not using CONFIG_ACPI_REV_OVERRIDE_POSSIBLE	2016-03-03 18:03:32 -08:00
cpupower.config	Create the kernel-tools package. WHEE	2011-08-17 21:19:57 -04:00
cpupower.service	Create the kernel-tools package. WHEE	2011-08-17 21:19:57 -04:00
crash-driver.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
criu-no-expert.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
die-floppy-die.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00
disable-i8042-check-on-apple-mac.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
drm-i915-hush-check-crtc-state.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
drm-i915-turn-off-wc-mmaps.patch	Linux v4.1.2 rebase	2015-07-15 11:26:14 -07:00
drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch	Fix vmware driver issues from Thomas Hellström (rhbz 1227193)	2015-08-27 13:45:32 -04:00
efi-Add-EFI_SECURE_BOOT-bit.patch	Linux v4.4.3	2016-02-26 10:58:46 -08:00
efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
filter-aarch64.sh	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
filter-armv7hl.sh	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
filter-i686.sh	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
filter-modules.sh	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
filter-ppc64.sh	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
filter-ppc64le.sh	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
filter-ppc64p7.sh	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
filter-s390x.sh	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
filter-x86_64.sh	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
hibernate-Disable-in-a-signed-modules-environment.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch	Patch from Nicholas Kudriavtsev for Acer Switch 12 Fn keys (rhbz 1244511)	2015-08-04 14:32:11 -04:00
HID-hid-input-Fix-accessing-freed-memory-during-devi.patch	Fix use after free in HID input (rhbz 1251877 1251880 1250279 1248741)	2015-08-10 08:56:44 -07:00
HID-hiddev-validate-num_values-for-HIDIOCGUSAGES-HID.patch	CVE-2016-5829 heap overflow in hiddev (rhbz 1350509 1350513)	2016-06-27 12:01:49 -04:00
HID-multitouch-enable-palm-rejection-if-device-imple.patch	Add patch to fix palm rejection on certain touchpads (rhbz 1287819)	2015-12-03 11:01:02 -05:00
HID-sony-do-not-bail-out-when-the-sixaxis-refuses-th.patch	Backport HID sony patch to fix some gamepads (rhbz 1255235)	2016-01-29 15:25:26 -05:00
HID-wacom-fix-Bamboo-ONE-oops.patch	Fix Bamboo ONE issues (rhbz 1317116)	2016-04-12 08:13:12 -04:00
hp-wmi-fix-wifi-cannot-be-hard-unblock.patch	hp-wmi: fix wifi cannot be hard-unblock (rhbz 1338025)	2016-06-15 14:11:15 -07:00
ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch	Patch from Hans de Goede to add yoga 3 rfkill quirk (rhbz 1239050)	2015-08-15 20:59:03 -04:00
input-kill-stupid-messages.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
input-silence-i8042-noise.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
Input-synaptics-pin-3-touches-when-the-firmware-repo.patch	Linux v4.1.2 rebase	2015-07-15 11:26:14 -07:00
iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch	Fix iscsi issue (rhbz 1253789)	2015-08-17 11:47:25 -04:00
Kbuild-Add-an-option-to-enable-GCC-VTA.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
kbuild-AFTER_LINK.patch	Linux v4.4.4	2016-03-03 17:53:18 -08:00
kernel.spec	CVE-2016-1237 missing check for permissions setting ACL (rhbz 1350845 1350847)	2016-06-28 13:26:11 -04:00
kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
kexec-uefi-copy-secure_boot-flag-in-boot-params.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
KEYS-Add-a-system-blacklist-keyring.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch	CVE-2016-0758 pointer corruption in asn1 decoder (rhbz 1300257 1335386)	2016-05-13 08:14:16 -04:00
KEYS-potential-uninitialized-variable.patch	CVE-2016-4470 keys: uninitialized variable crash (rhbz 1341716 1346626)	2016-06-15 09:38:47 -04:00
lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
lis3-improve-handling-of-null-rate.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
Makefile	Linux v3.19-rc2	2015-01-05 16:09:49 -05:00
Makefile.config	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
Makefile.release	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
media-ivtv-avoid-going-past-input-audio-array.patch	Fix issues with ivtv driver on PVR350 devices (rhbz 1278942)	2016-01-28 15:43:15 -05:00
merge.pl	initial srpm import	2010-07-29 16:46:31 -07:00
mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
misc-mic-Fix-for-double-fetch-security-bug-in-mic_co.patch	CVE-2016-5728 race condition in mic driver (rhbz 1350811 1350812)	2016-06-28 10:02:40 -04:00
mod-extra.list	Add USBIP drivers to kernel-modules-extra	2014-12-17 12:28:18 -05:00
mod-extra.sh	Prep mod-extra.sh for signed modules	2012-09-25 13:22:00 -04:00
mod-sign.sh	simplify the signing stuff now that sign-file takes pub/priv key args	2013-03-28 16:33:21 -04:00
MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
MODSIGN-Support-not-importing-certs-from-db.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
net-add-validation-for-the-socket-syscall-protocol-a.patch	CVE-2015-8543 ipv6: DoS via NULL pointer dereference (rhbz 1290475 1290477)	2015-12-15 10:59:07 -05:00
netfilter-x_tables-check-for-size-overflow.patch	CVE-2016-3135 netfilter: size overflow in x_tables (rhbz 1317386 1317387)	2016-03-14 08:46:22 -04:00
netfilter-x_tables-deal-with-bogus-nextoffset-values.patch	Linux v4.4.14	2016-06-24 13:56:52 -07:00
nfsd-check-permissions-when-setting-ACLs.patch	CVE-2016-1237 missing check for permissions setting ACL (rhbz 1350845 1350847)	2016-06-28 13:26:11 -04:00
no-pcspkr-modalias.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00
nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch	Add patch from Hans de Goede to fix nv46 based cards (rhbz 1257534)	2015-08-27 10:50:53 -04:00
PatchList.txt	Linux v3.13-rc1-77-g4c1cc40	2013-11-24 08:42:45 -05:00
PCI-Lock-down-BAR-access-when-module-security-is-ena.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
pinctrl-pinctrl-single-must-be-initialized-early.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00
PNP-Add-Broadwell-to-Intel-MCH-size-workaround.patch	Fix backtrace from PNP conflict on Broadwell (rhbz 1083853)	2016-01-12 12:02:09 -05:00
PNP-Add-Haswell-ULT-to-Intel-MCH-size-workaround.patch	Fix backtrace from PNP conflict on Haswell-ULT (rhbz 1300955)	2016-01-22 12:56:43 -05:00
posix_acl-Add-set_posix_acl.patch	CVE-2016-1237 missing check for permissions setting ACL (rhbz 1350845 1350847)	2016-06-28 13:26:11 -04:00
pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch	CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)	2015-12-17 08:22:07 -05:00
rds-fix-an-infoleak-in-rds_inc_info_copy.txt	CVE-2016-5244 info leak in rds (rhbz 1343338 1343337)	2016-06-07 08:25:14 -04:00
README.txt	document inheritance/heirarchy of config generation	2012-01-13 15:42:52 -05:00
rebase-notes.txt	rebase-notes: no X32	2012-03-19 20:54:31 -04:00
regulator-axp20x-module-alias.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch	Linux v4.4.3	2016-02-26 10:58:46 -08:00
sctp-Prevent-soft-lockup-when-sctp_accept-is-called-.patch	CVE-2015-8767 sctp: DoS during timeout (rhbz 1297389 1298437)	2016-01-15 08:56:27 -05:00
silence-fbcon-logo.patch	Linux v4.2.3	2015-10-07 16:39:21 -05:00
sources	Linux v4.4.14	2016-06-24 13:56:52 -07:00
tipc-fix-an-infoleak-in-tipc_nl_compat_link_dump.patch	CVE-2016-5243 info leak in tipc (rhbz 1343338 1343335)	2016-06-07 08:18:46 -04:00
TODO	re-enable RCU_FAST_NO_HZ, enable NO_HZ_FULL on x86_64	2014-09-17 13:10:12 -05:00
USB-usbfs-fix-potential-infoleak-in-devio.patch	CVE-2016-4482 info leak in devio.c (rhbz 1332931 1332932)	2016-05-04 08:16:22 -04:00
vmwgfx-Rework-device-initialization.patch	Fix vmware driver issues from Thomas Hellström (rhbz 1227193)	2015-08-27 13:45:32 -04:00
watchdog-Disable-watchdog-on-virtual-machines.patch	Linux v4.4.3	2016-02-26 10:58:46 -08:00
x86-apic-Fix-fallout-from-x2apic-cleanup.patch	Fix x2apic refactoring breakage (rhbz 1224764)	2015-08-25 19:29:47 -07:00
x86-efi-bgrt-Switch-all-pr_err-to-pr_debug-for-inval.patch	Don't splash warnings from broken BGRT firmware implementations	2016-04-28 08:37:40 -04:00
x86-Lock-down-IO-port-access-when-module-security-is.patch	Linux v4.4.7	2016-04-12 14:32:05 -07:00
x86-mm-32-Enable-full-randomization-on-i386-and-X86_.patch	Enable Full Randomization on 32bit x86 CVE-2016-3672 (rhbz 1324749 1324750)	2016-04-07 12:16:20 -05:00
x86-Restrict-MSR-access-when-module-loading-is-restr.patch	Rebase to 4.3.y	2016-01-19 16:29:42 -05:00
x509.genkey	Switch to using modsign-post-KS upstream with x509 certs	2012-09-25 13:22:04 -04:00
xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch	Refresh from git tree	2015-05-07 08:15:54 -04:00

README.txt

		Kernel package tips & tricks.
		~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The kernel is one of the more complicated packages in the distro, and
for the newcomer, some of the voodoo in the spec file can be somewhat scary.
This file attempts to document some of the magic.


Speeding up make prep
---------------------
The kernel is nearly 500MB of source code, and as such, 'make prep'
takes a while. The spec file employs some trickery so that repeated
invocations of make prep don't take as long.  Ordinarily the %prep
phase of a package will delete the tree it is about to untar/patch.
The kernel %prep keeps around an unpatched version of the tree,
and makes a symlink tree clone of that clean tree and than applies
the patches listed in the spec to the symlink tree.
This makes a huge difference if you're doing multiple make preps a day.
As an added bonus, doing a diff between the clean tree and the symlink
tree is slightly faster than it would be doing two proper copies of the tree.


build logs.
-----------
There's a convenience helper script in scripts/grab-logs.sh
that will grab the build logs from koji for the kernel version reported
by make verrel


config heirarchy.
-----------------
Instead of having to maintain a config file for every arch variant we build on,
the kernel spec uses a nested system of configs.  At the top level, is
config-generic. Add options here that should be present in every possible
config on all architectures.

Beneath this are per-arch overrides. For example config-x86-generic add
additional x86 specific options, and also _override_ any options that were
set in config-generic.

The heirarchy looks like this..

                           config-generic
                                 |
                         config-x86-generic
                         |                |
             config-x86-32-generic   config-x86-64-generic

An option set in a lower level will override the same option set in one
of the higher levels.


There exist two additional overrides, config-debug, and config-nodebug,
which override -generic, and the per-arch overrides. It is documented
further below.


debug options.
--------------
This is a little complicated, as the purpose & meaning of this changes
depending on where we are in the release cycle.
If we are building for a current stable release, 'make release' has
typically been run already, which sets up the following..
- Two builds occur, a 'kernel' and a 'kernel-debug' flavor.
- kernel-debug will get various heavyweight debugging options like
  lockdep etc turned on.

If we are building for rawhide, 'make debug' has been run, which changes
the status quo to:
- We only build one kernel 'kernel'
- The debug options from 'config-debug' are always turned on.
This is done to increase coverage testing, as not many people actually
run kernel-debug.

To add new debug options, add an option to _both_ config-debug and config-nodebug,
and also new stanzas to the Makefile 'debug' and 'release' targets.

Sometimes debug options get added to config-generic, or per-arch overrides
instead of config-[no]debug. In this instance, the options should have no
discernable performance impact, otherwise they belong in the debug files.