Previous commit removed removing CONFIG_64BIT=y, but actually the config for i586 was incorrect because of that config value being set. Regenerated it with `setarch i386 make oldconfig`.
* disable Atom ISP as recommended by RussianNeuroMancer because it does not make cameras work on x86 Intel-based tablets where cameras are connected on i2c bus, but makes the camera consome power without working
* enable zswap by default and use the default allocator as in Arch Linux where zswap is enabled by default
https://wiki.archlinux.org/index.php/Zswap
* tune values of sysctls from le9 patch to make it have at least some effect on typical desktop and server systems but avoid too agressive OOM killer on systems with 2 GB RAM and less where OOM killer kills too many process
See discussion and my comments in the thread https://www.linux.org.ru/news/kernel/16052362
* remove not used variant of the patch which did not have any effect
Update existing x86 configs manually
Make an arm64 config based on them instead on the old one which was temporary copypasted from ALT Linux
In most cases I answered to `make ARCH=xxx defconfig` like this:
N/y -> Y
N/m(/y) -> M
Y/n(/m) -> Y
M/n(/y) -> M
But did not enable odd debug.
Probably too much hardware is enabled on arm64.
AUFS was updated to "4.20.4+-20190211" in the process.
As for the sorted entries in the config files - this helps a lot during
rebases to the newer stable kernel branches.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
It was long since obsolete but sometimes difficult to maintain.
Now that the common Ubuntu-like kernels are the main ones in ROSA, one
common flavour of stable-based kernels is enough.
Stable-based kernels are often inferior to Ubuntu-based ones in terms of
stability, performance and hardware support. Now they are only intended for
debugging and experiments with some new features.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
Besides the upstream update, I have disabled building of nrj-laptop
kernels here.
Now that the main kernels used in ROSA are based on the sources from
Ubuntu, the stable-based kernels like this one are mostly intended for
debugging. No need to build nrj-laptop flavour each time. Let us make
things a bit easier for other ABF users at least.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
While at it, made the configs a bit closer to those from Ubuntu:
* disabled IDE drivers which are now barely maintained anyway;
* disabled some debugging facilities (verboseness of some drivers,
etc.);
* made some often used modules like vfat, fuse, ata_piix, etc.,
built-in.
* and so forth.
...And set it to 3, which should only allow to print the messages with
KERN_EMERG, KERN_ALERT and KERN_CRIT levels. This should make the boot
process less noisy.
Can be overridden with loglevel=n boot option.
ASLR seems to cause hibernate-related regressions on at least one test
system: https://linux-hardware.org/index.php?probe=e6a06c64c7
When the system tries to resume, it automatically reboots after the
hibernation image has been loaded into memory.
git bisect pointed to the following commit as the first "bad" one:
commit 65fe935dd2387a4faf15314c73f5e6d31ef0217e
Author: Kees Cook <keescook@chromium.org>
Date: Mon Jun 13 15:10:02 2016 -0700
x86/KASLR, x86/power: Remove x86 hibernation restrictions
Before this commit, KASLR was disabled (unless enabled explicitly) if
the system supported hibernation.
Let us just disable KASLR for now in the 32-bit kernels - not a big deal
for home & office use, I suppose.
1. Got rid of statistics to simplify maintenance. Changing global
kernel structures is not a thing to take lightly.
2. Removed sanitization of pages. Starting from kernel 4.6, page
poisoning should be used instead. To enable it, set page_poison=on in
the boot options for the kernel.
3. The sanitization patch is now applied only if enhanced security is
enabled (disabled by default for ROSA Fresh, enabled for cert. builds).
You can also use "rpmbuild -ba --with enhanced_security <...>" to force
enable the feature.
This helps unify the kernels for the ordinary systems and for the
certified systems a bit more.
SELinux components are built-in but disabled by default. To enable
SELinux, it should be enough to add "selinux=1" to the kernel options
at boot time (or in the bootloader configuration file).
