This is a first pass at getting the secureboot patches working with the
upstream lockdown patches that got merged. The final patch from our
lockdown set is the sysrq patch which also needs work. For the present
it is not applied.
This patch from 2013 stops the i915 driver from spitting out WARNs in
some cases, but nearly the same thing can be achieved with the
``verbose_state_checks=false`` module option added in 2014. With the
module setting the issue results in a log message at error level rather
than the debug level set by this patch. However, it's not known if this
is still a common issue. It seems worth the cost of (maybe) a few more
bug reports about new error-level logs to drop the patch.
To start with, we're going to leave ``verbose_state_checks=true`` (the
default), but if we run into a lot of WARNs we will turn it off.
We've come a long way. Let's just leave these drivers alone.
Banish the drivers to mod-extra to ensure they really don't
get loaded.
Signed-off-by: Laura Abbott <labbott@redhat.com>
We've been carrying this patch for years. If someone wants to
do the work to get it upstream, they are welcome to do so.
Signed-off-by: Laura Abbott <labbott@redhat.com>
We've been carrying a patch to make CPUMASK_OFFSTACK selectable
without debugging for a long time now. The comment said this was
going to be replaced with something else but that never seemed
to happen. We're carrying it to have a higher number of CPUs but
at this point, adjusting NR_CPUS doesn't really get us that much
benfit. Drop the patch and just use 8192 or NR_CPUS on x86.
Signed-off-by: Laura Abbott <labbott@redhat.com>
We've come a long way for namespaces since 2013 and
all arches now enable namespaces. Drop the patch where
we can turn it off and on.
Signed-off-by: Laura Abbott <labbott@redhat.com>