| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This is needed for lxc-top to show I/O serviced reporting.
'cherry-pick' by hand from commit 6aef2d983bfc353adbf8d4e215c371140cdbe137
fixes #10754
|
| |
|
|
|
|
| |
fixes #10176
(cherry picked from commit e77158f7767e83d40f369b1ced7c192e5ede9558)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
also enable CONFIG_RANDOM_TRUST_CPU
https://askubuntu.com/questions/1070433/will-ubuntu-enable-random-trust-cpu-in-the-kernel-and-what-would-be-the-effect/1071196#1071196
ref #9960
|
| |
|
|
| |
The config option is required for busybox's mdev to work, or we'll get ".../lib/rc/sh/openrc-run.sh: line 21: can't create /proc/sys/kernel/hotplug: nonexistent directory" on boot.
|
| |
|
|
|
|
|
| |
CONFIG_KERNEL_NOBP should be off if CONFIG_EXPOLINE_AUTO is selected
NOBP has been the first line of defense and is basically outdated by
now
|
| | |
|
| |
|
|
| |
zkey in s390-tools requires pkey module
|
| |
|
|
|
|
|
|
|
|
|
| |
The goal of upstream Linux is to reduce the stackframe size on 32-bit to
1024 and on 64-bit to 1280, inline with how gcc generally works. While
this hasn't been achieved yet everywhere and in all configurations, the
Alpine status quo of 1024 on 64-bit is something that doesn't have plans
to happen. Given that the intent was to be conservative, we raise this
to 1280, rather than something large like 2048.
Reference: https://lore.kernel.org/lkml/CAK8P3a0CS3QzEKEV5==qj8hUYgW+q2v1f13jA+s0TjQd8kYXFA@mail.gmail.com/
|
| |
|
|
| |
ref #10044
|
| | |
|
| |
|
|
|
|
|
| |
build fix for s390x
commit 6e179d64126b909f0b288fa63cdbf07c531e9b1d allows either nobp or
expolines
|
| |
|
|
| |
fixes #8778
|
| |
|
|
| |
note that BPF_SYSCALL is disabled on other architectures
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit updates to kernel version 4.9.75 and enables
CONFIG_PAGE_TABLE_ISOLATION for x86, x86_64 and aarch64. For all
other architectures, CONFIG_PAGE_TABLE_ISOLATION is disabled.
CONFIG_PAGE_TABLE_ISOLATION mitigates the Meltdown security flaw
almost all Intel CPUs and some ARM CPUs are suspect to [1,2].
(This patch does not solve the Spectre security threat [2], which
affects also non-Intel CPUs [3].)
I believe this commit will cause some discussion, especially the
following points seem worth discussing:
a) CONFIG_PAGE_TABLE_ISOLATION has a performance impact on
syscalls, which can slow down specific applications
significantly. AMD users might benefit from a kernel without
KPTI (unless Meltdown turns out to affect them as well)
b) Is disabling this feature a reasonable choice for CPU
architectures different from x86, x86_64 and aarch64?
[1]: https://meltdownattack.com/#faq-systems-meltdown
[2]: http://kroah.com/log/blog/2018/01/06/meltdown-status/
[3]: https://meltdownattack.com/#faq-systems-spectre
|
| | |
|
|
|
Add CONFIG_SECURITY_YAMA. Update to 4.9.15.
[TT: Minor changes in config]
|
