coreos-{kernel/sources}: bump to v4.4-coreos

sys-kernel/coreos-kernel/coreos-kernel-4.3.3-r1.ebuild → sys-kernel/coreos-kernel/coreos-kernel-4.4.0.ebuild

@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=5
-COREOS_SOURCE_REVISION="-r1"
+COREOS_SOURCE_REVISION=""
 inherit coreos-kernel
 
 DESCRIPTION="CoreOS Linux kernel"

sys-kernel/coreos-kernel/files/amd64_defconfig-4.3 → sys-kernel/coreos-kernel/files/amd64_defconfig-4.4

@@ -66,7 +66,6 @@ CONFIG_SCHED_SMT=y
 CONFIG_PREEMPT_VOLUNTARY=y
 CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
 # CONFIG_X86_16BIT is not set
-CONFIG_MICROCODE=m
 CONFIG_MICROCODE_AMD=y
 CONFIG_X86_MSR=m
 CONFIG_X86_CPUID=m
@@ -219,8 +218,6 @@ CONFIG_NF_CONNTRACK_SIP=m
 CONFIG_NF_CONNTRACK_TFTP=m
 CONFIG_NF_CT_NETLINK=m
 CONFIG_NF_CT_NETLINK_TIMEOUT=m
-CONFIG_NF_CT_NETLINK_HELPER=m
-CONFIG_NETFILTER_NETLINK_QUEUE_CT=y
 CONFIG_NETFILTER_XTABLES=y
 CONFIG_NETFILTER_XT_SET=m
 CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
@@ -465,7 +462,6 @@ CONFIG_NET_9P_RDMA=m
 # CONFIG_UEVENT_HELPER is not set
 CONFIG_DEVTMPFS=y
 CONFIG_DEVTMPFS_MOUNT=y
-CONFIG_FW_LOADER=m
 # CONFIG_FIRMWARE_IN_KERNEL is not set
 CONFIG_CONNECTOR=m
 CONFIG_MTD=m
@@ -477,13 +473,13 @@ CONFIG_BLK_CPQ_CISS_DA=m
 CONFIG_BLK_DEV_LOOP=m
 CONFIG_BLK_DEV_DRBD=m
 CONFIG_BLK_DEV_NBD=m
-CONFIG_BLK_DEV_NVME=m
 CONFIG_BLK_DEV_RAM=m
 CONFIG_ATA_OVER_ETH=m
 CONFIG_XEN_BLKDEV_FRONTEND=m
 CONFIG_XEN_BLKDEV_BACKEND=m
 CONFIG_VIRTIO_BLK=m
 CONFIG_BLK_DEV_RBD=m
+CONFIG_BLK_DEV_NVME=m
 CONFIG_HP_ILO=m
 CONFIG_VMWARE_BALLOON=m
 CONFIG_INTEL_MEI_ME=m
@@ -512,7 +508,6 @@ CONFIG_SCSI_MVSAS_TASKLET=y
 CONFIG_SCSI_ARCMSR=m
 CONFIG_MEGARAID_SAS=m
 CONFIG_SCSI_MPT2SAS=m
-CONFIG_SCSI_MPT3SAS=m
 CONFIG_SCSI_BUSLOGIC=m
 CONFIG_VMWARE_PVSCSI=m
 CONFIG_XEN_SCSI_FRONTEND=m
@@ -617,7 +612,6 @@ CONFIG_IXGBEVF=m
 CONFIG_I40E=m
 CONFIG_I40E_VXLAN=y
 CONFIG_I40EVF=m
-CONFIG_IP1000=m
 CONFIG_JME=m
 CONFIG_SKGE=m
 CONFIG_SKY2=m

sys-kernel/coreos-kernel/files/arm64_defconfig-4.3 → sys-kernel/coreos-kernel/files/arm64_defconfig-4.4

@@ -38,7 +38,6 @@ CONFIG_MODULES=y
 CONFIG_MODULE_UNLOAD=y
 # CONFIG_IOSCHED_DEADLINE is not set
 CONFIG_ARCH_EXYNOS7=y
-CONFIG_ARCH_FSL_LS2085A=y
 CONFIG_ARCH_MEDIATEK=y
 CONFIG_ARCH_QCOM=y
 CONFIG_ARCH_SEATTLE=y

sys-kernel/coreos-sources/coreos-sources-4.3.3-r1.ebuild → sys-kernel/coreos-sources/coreos-sources-4.4.0.ebuild

@@ -34,9 +34,8 @@ UNIPATCH_LIST="
         ${PATCH_DIR}/0016-SELinux-Stub-in-copy-up-handling.patch \
         ${PATCH_DIR}/0017-SELinux-Handle-opening-of-a-unioned-file.patch \
         ${PATCH_DIR}/0018-SELinux-Check-against-union-label-for-file-operation.patch \
-        ${PATCH_DIR}/0019-net-wireless-wl18xx-Add-missing-MODULE_FIRMWARE.patch \
-        ${PATCH_DIR}/0020-overlayfs-use-a-minimal-buffer-in-ovl_copy_xattr.patch \
-        ${PATCH_DIR}/0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
-	${PATCH_DIR}/0022-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch \
+        ${PATCH_DIR}/0019-overlayfs-use-a-minimal-buffer-in-ovl_copy_xattr.patch \
+        ${PATCH_DIR}/0020-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
+        ${PATCH_DIR}/0021-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch \
 "
 

sys-kernel/coreos-sources/files/4.3/0001-Add-secure_modules-call.patch → sys-kernel/coreos-sources/files/4.4/0001-Add-secure_modules-call.patch

@@ -1,4 +1,4 @@
-From 58ac4936ef210d203f9b1b1314c6f08f9df34cdc Mon Sep 17 00:00:00 2001
+From ed3da1ded7b7581a9a1dc2b48f8ddc7975f3ea67 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
 Subject: [PATCH 01/21] Add secure_modules() call
@@ -41,10 +41,10 @@ index 3a19c79..db38634 100644
 
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index 8f051a1..58e636c 100644
+index 38c7bd5..a8f8c64 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4091,3 +4091,13 @@ void module_layout(struct module *mod,
+@@ -4097,3 +4097,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif

sys-kernel/coreos-sources/files/4.3/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch → sys-kernel/coreos-sources/files/4.4/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch

@@ -1,4 +1,4 @@
-From e2dbd4f7aa5913b660e251f5b657e4e4d47a44d7 Mon Sep 17 00:00:00 2001
+From e797ce01ad3c0faa578734900a7c03ee04c06c08 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
 Subject: [PATCH 02/21] PCI: Lock down BAR access when module security is
@@ -18,7 +18,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  3 files changed, 19 insertions(+), 2 deletions(-)
 
 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index 9261868..9e99a3c 100644
+index eead54c..bb59ecd 100644
 --- a/drivers/pci/pci-sysfs.c
 +++ b/drivers/pci/pci-sysfs.c
 @@ -30,6 +30,7 @@
@@ -29,7 +29,7 @@ index 9261868..9e99a3c 100644
  #include "pci.h"
 
  static int sysfs_initialized;	/* = 0 */
-@@ -710,6 +711,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
+@@ -713,6 +714,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj,
  	loff_t init_off = off;
  	u8 *data = (u8 *) buf;
 
@@ -39,7 +39,7 @@ index 9261868..9e99a3c 100644
  	if (off > dev->cfg_size)
  		return 0;
  	if (off + count > dev->cfg_size) {
-@@ -1004,6 +1008,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
+@@ -1007,6 +1011,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr,
  	resource_size_t start, end;
  	int i;
 
@@ -49,7 +49,7 @@ index 9261868..9e99a3c 100644
  	for (i = 0; i < PCI_ROM_RESOURCE; i++)
  		if (res == &pdev->resource[i])
  			break;
-@@ -1105,6 +1112,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
+@@ -1108,6 +1115,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj,
  				     struct bin_attribute *attr, char *buf,
  				     loff_t off, size_t count)
  {

sys-kernel/coreos-sources/files/4.3/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch → sys-kernel/coreos-sources/files/4.4/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch

@@ -1,4 +1,4 @@
-From 122b2c146762195197cf60b98e0a4cbf9da8c8f1 Mon Sep 17 00:00:00 2001
+From e1e4b600d77353180227e93c3dda49ebde147578 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
 Subject: [PATCH 03/21] x86: Lock down IO port access when module security is

sys-kernel/coreos-sources/files/4.3/0004-ACPI-Limit-access-to-custom_method.patch → sys-kernel/coreos-sources/files/4.4/0004-ACPI-Limit-access-to-custom_method.patch

@@ -1,4 +1,4 @@
-From fd2f3d4e41bfab8c0fcb854aba457a663dad0848 Mon Sep 17 00:00:00 2001
+From 15647227ed911e525339ece57b4af9d369390bb0 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
 Subject: [PATCH 04/21] ACPI: Limit access to custom_method

sys-kernel/coreos-sources/files/4.3/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch → sys-kernel/coreos-sources/files/4.4/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch

@@ -1,4 +1,4 @@
-From 2eeca20d2e55fb2d328b4cf7a7ce21422476ecaf Mon Sep 17 00:00:00 2001
+From 5b0f82c10dd93fd281e5f31c01deea1f3e2af1d1 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
 Subject: [PATCH 05/21] asus-wmi: Restrict debugfs interface when module
@@ -16,10 +16,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 9 insertions(+)
 
 diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
-index efbc3f0..071171b 100644
+index f96f7b8..01af903 100644
 --- a/drivers/platform/x86/asus-wmi.c
 +++ b/drivers/platform/x86/asus-wmi.c
-@@ -1868,6 +1868,9 @@ static int show_dsts(struct seq_file *m, void *data)
+@@ -1870,6 +1870,9 @@ static int show_dsts(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
 
@@ -29,7 +29,7 @@ index efbc3f0..071171b 100644
  	err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
 
  	if (err < 0)
-@@ -1884,6 +1887,9 @@ static int show_devs(struct seq_file *m, void *data)
+@@ -1886,6 +1889,9 @@ static int show_devs(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
 
@@ -39,7 +39,7 @@ index efbc3f0..071171b 100644
  	err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
  				    &retval);
 
-@@ -1908,6 +1914,9 @@ static int show_call(struct seq_file *m, void *data)
+@@ -1910,6 +1916,9 @@ static int show_call(struct seq_file *m, void *data)
  	union acpi_object *obj;
  	acpi_status status;
 

sys-kernel/coreos-sources/files/4.3/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch → sys-kernel/coreos-sources/files/4.4/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch

@@ -1,4 +1,4 @@
-From 5ccba0f780b05a21f25c89be27153e00395ed8f2 Mon Sep 17 00:00:00 2001
+From 37f5217e456a13bb92814e515616b0524fbf0a89 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
 Subject: [PATCH 06/21] Restrict /dev/mem and /dev/kmem when module loading is

sys-kernel/coreos-sources/files/4.3/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch → sys-kernel/coreos-sources/files/4.4/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch

@@ -1,4 +1,4 @@
-From 32a959e27631d17f0a7804cc08a145cac50cf00f Mon Sep 17 00:00:00 2001
+From f41415ab2cf92434113fbc97fc856ddd6e8a88da Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
 Subject: [PATCH 07/21] acpi: Ignore acpi_rsdp kernel parameter when module
@@ -14,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index 739a4a6..9ef2a02 100644
+index 32d684a..f8570a0 100644
 --- a/drivers/acpi/osl.c
 +++ b/drivers/acpi/osl.c
 @@ -40,6 +40,7 @@
@@ -25,7 +25,7 @@ index 739a4a6..9ef2a02 100644
 
  #include <asm/io.h>
  #include <asm/uaccess.h>
-@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
+@@ -252,7 +253,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
  acpi_physical_address __init acpi_os_get_root_pointer(void)
  {
  #ifdef CONFIG_KEXEC

sys-kernel/coreos-sources/files/4.3/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch → sys-kernel/coreos-sources/files/4.4/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch

@@ -1,4 +1,4 @@
-From 50bd32982e4a967cf77f1020c191f6d5d3f0c941 Mon Sep 17 00:00:00 2001
+From e227953c81434fb5156dd2504aeee7960c37a0ad Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@coreos.com>
 Date: Thu, 19 Nov 2015 18:55:53 -0800
 Subject: [PATCH 08/21] kexec: Disable at runtime if the kernel enforces module
@@ -14,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 4c5edc3..5920ebc 100644
+index d873b64..3d09642 100644
 --- a/kernel/kexec.c
 +++ b/kernel/kexec.c
-@@ -15,6 +15,7 @@
+@@ -17,6 +17,7 @@
  #include <linux/syscalls.h>
  #include <linux/vmalloc.h>
  #include <linux/slab.h>
 +#include <linux/module.h>
 
  #include "kexec_internal.h"
 
-@@ -129,7 +130,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+@@ -131,7 +132,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
  	int result;
 
  	/* We only trust the superuser with rebooting the system. */

sys-kernel/coreos-sources/files/4.3/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch → sys-kernel/coreos-sources/files/4.4/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch

@@ -1,4 +1,4 @@
-From c22062005f9c42f27299a5d09bcc8be0b3f465e5 Mon Sep 17 00:00:00 2001
+From 1636adeff714c17d2c9a872e6be9b025df85ef64 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
 Subject: [PATCH 09/21] x86: Restrict MSR access when module loading is

sys-kernel/coreos-sources/files/4.3/0010-Add-option-to-automatically-enforce-module-signature.patch → sys-kernel/coreos-sources/files/4.4/0010-Add-option-to-automatically-enforce-module-signature.patch

@@ -1,4 +1,4 @@
-From e26f71a6701bb47d43247ace523d967d471fc2f0 Mon Sep 17 00:00:00 2001
+From f08b4a4b93bc28efe2d7aab38a6b44592d944dda Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
 Subject: [PATCH 10/21] Add option to automatically enforce module signatures
@@ -34,10 +34,10 @@ index 95a4d34..b8527c6 100644
  290/040	ALL	edd_mbr_sig_buffer EDD MBR signatures
  2D0/A00	ALL	e820_map	E820 memory map table
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 96d058a..f7494bd 100644
+index db3622f..5578b6e 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1736,6 +1736,16 @@ config EFI_MIXED
+@@ -1720,6 +1720,16 @@ config EFI_MIXED
 
  	   If unsure, say N.
 
@@ -55,7 +55,7 @@ index 96d058a..f7494bd 100644
  	def_bool y
  	prompt "Enable seccomp to safely compute untrusted bytecode"
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index db51c1f..9dd115a 100644
+index 583d539..ca120ac 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -12,6 +12,7 @@
@@ -66,7 +66,7 @@ index db51c1f..9dd115a 100644
 
  #include "../string.h"
  #include "eboot.h"
-@@ -831,6 +832,37 @@ out:
+@@ -847,6 +848,37 @@ out:
  	return status;
  }
 
@@ -104,7 +104,7 @@ index db51c1f..9dd115a 100644
  /*
   * See if we have Graphics Output Protocol
   */
-@@ -1416,6 +1448,10 @@ struct boot_params *efi_main(struct efi_config *c,
+@@ -1432,6 +1464,10 @@ struct boot_params *efi_main(struct efi_config *c,
  	else
  		setup_boot_services32(efi_early);
 
@@ -130,10 +130,10 @@ index 3292543..b61f853 100644
  	 * The sentinel is set to a nonzero value (0xff) in header.S.
  	 *
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 37c8ea8..eddb9aa 100644
+index d2bbe34..a35c42f 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1143,6 +1143,12 @@ void __init setup_arch(char **cmdline_p)
 
  	io_delay_init();
 
@@ -164,10 +164,10 @@ index db38634..4b8df91 100644
 
  extern int modules_disabled; /* for sysctl */
 diff --git a/kernel/module.c b/kernel/module.c
-index 58e636c..6dd2bb3 100644
+index a8f8c64..3eb8c74 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4092,6 +4092,13 @@ void module_layout(struct module *mod,
+@@ -4098,6 +4098,13 @@ void module_layout(struct module *mod,
  EXPORT_SYMBOL(module_layout);
  #endif
 

sys-kernel/coreos-sources/files/4.3/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch → sys-kernel/coreos-sources/files/4.4/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch

@@ -1,4 +1,4 @@
-From 9ee65888bd6c5e88a589090583a5cffebaf4dcab Mon Sep 17 00:00:00 2001
+From 9bfe6c0b8200244a9517979dc06d3d7bcf8fde4a Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
 Subject: [PATCH 11/21] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
@@ -12,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index f7494bd..3a5e694 100644
+index 5578b6e..da9ae8a 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1737,7 +1737,8 @@ config EFI_MIXED
+@@ -1721,7 +1721,8 @@ config EFI_MIXED
  	   If unsure, say N.
 
  config EFI_SECURE_BOOT_SIG_ENFORCE