summaryrefslogtreecommitdiff
path: root/libre/linux-libre-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'libre/linux-libre-grsec')
-rw-r--r--libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch110
-rw-r--r--libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch94
-rw-r--r--libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch125
-rw-r--r--libre/linux-libre-grsec/PKGBUILD63
-rw-r--r--libre/linux-libre-grsec/config.i6862
-rw-r--r--libre/linux-libre-grsec/config.x86_642
6 files changed, 30 insertions, 366 deletions
diff --git a/libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch b/libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch
deleted file mode 100644
index 898ee1543..000000000
--- a/libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From 720a9dbf61c88bd57d6f8198ed8ccb2bd4a6abd8 Mon Sep 17 00:00:00 2001
-From: Matt Fleming <matt@console-pimps.org>
-Date: Wed, 9 Apr 2014 10:33:49 +0200
-Subject: [PATCH 07/10] x86/efi: Correct EFI boot stub use of code32_start
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-code32_start should point at the start of the protected mode code, and
-*not* at the beginning of the bzImage. This is much easier to do in
-assembly so document that callers of make_boot_params() need to fill out
-code32_start.
-
-The fallout from this bug is that we would end up relocating the image
-but copying the image at some offset, resulting in what appeared to be
-memory corruption.
-
-Reported-by: Thomas Bächler <thomas@archlinux.org>
-Signed-off-by: Matt Fleming <matt.fleming@intel.com>
----
- arch/x86/boot/compressed/eboot.c | 5 +++--
- arch/x86/boot/compressed/head_32.S | 14 ++++++++------
- arch/x86/boot/compressed/head_64.S | 9 +++------
- 3 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index a7677ba..78cbb2d 100644
---- a/arch/x86/boot/compressed/eboot.c
-+++ b/arch/x86/boot/compressed/eboot.c
-@@ -425,6 +425,9 @@ void setup_graphics(struct boot_params *boot_params)
- * Because the x86 boot code expects to be passed a boot_params we
- * need to create one ourselves (usually the bootloader would create
- * one for us).
-+ *
-+ * The caller is responsible for filling out ->code32_start in the
-+ * returned boot_params.
- */
- struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
- {
-@@ -483,8 +486,6 @@ struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
- hdr->vid_mode = 0xffff;
- hdr->boot_flag = 0xAA55;
-
-- hdr->code32_start = (__u64)(unsigned long)image->image_base;
--
- hdr->type_of_loader = 0x21;
-
- /* Convert unicode cmdline to ascii */
-diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
-index 9116aac..f45ab7a 100644
---- a/arch/x86/boot/compressed/head_32.S
-+++ b/arch/x86/boot/compressed/head_32.S
-@@ -50,6 +50,13 @@ ENTRY(efi_pe_entry)
- pushl %eax
- pushl %esi
- pushl %ecx
-+
-+ call reloc
-+reloc:
-+ popl %ecx
-+ subl reloc, %ecx
-+ movl %ecx, BP_code32_start(%eax)
-+
- sub $0x4, %esp
-
- ENTRY(efi_stub_entry)
-@@ -63,12 +70,7 @@ ENTRY(efi_stub_entry)
- hlt
- jmp 1b
- 2:
-- call 3f
--3:
-- popl %eax
-- subl $3b, %eax
-- subl BP_pref_address(%esi), %eax
-- add BP_code32_start(%esi), %eax
-+ movl BP_code32_start(%esi), %eax
- leal preferred_addr(%eax), %eax
- jmp *%eax
-
-diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index c5c1ae0..b10fa66 100644
---- a/arch/x86/boot/compressed/head_64.S
-+++ b/arch/x86/boot/compressed/head_64.S
-@@ -217,6 +217,8 @@ ENTRY(efi_pe_entry)
- cmpq $0,%rax
- je 1f
- mov %rax, %rdx
-+ leaq startup_32(%rip), %rax
-+ movl %eax, BP_code32_start(%rdx)
- popq %rsi
- popq %rdi
-
-@@ -230,12 +232,7 @@ ENTRY(efi_stub_entry)
- hlt
- jmp 1b
- 2:
-- call 3f
--3:
-- popq %rax
-- subq $3b, %rax
-- subq BP_pref_address(%rsi), %rax
-- add BP_code32_start(%esi), %eax
-+ movl BP_code32_start(%esi), %eax
- leaq preferred_addr(%rax), %rax
- jmp *%rax
-
---
-1.9.2
-
diff --git a/libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch b/libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch
deleted file mode 100644
index 8685e1168..000000000
--- a/libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From aafcd8f8692fb9e389608c1efad2e57c0bbb9362 Mon Sep 17 00:00:00 2001
-From: Linus Torvalds <torvalds@linux-foundation.org>
-Date: Tue, 8 Apr 2014 15:30:07 -0700
-Subject: [PATCH 08/10] futex: avoid race between requeue and wake
-
-commit 69cd9eba38867a493a043bb13eb9b33cad5f1a9a upstream.
-
-Jan Stancek reported:
- "pthread_cond_broadcast/4-1.c testcase from openposix testsuite (LTP)
- occasionally fails, because some threads fail to wake up.
-
- Testcase creates 5 threads, which are all waiting on same condition.
- Main thread then calls pthread_cond_broadcast() without holding mutex,
- which calls:
-
- futex(uaddr1, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, uaddr2, ..)
-
- This immediately wakes up single thread A, which unlocks mutex and
- tries to wake up another thread:
-
- futex(uaddr2, FUTEX_WAKE_PRIVATE, 1)
-
- If thread A manages to call futex_wake() before any waiters are
- requeued for uaddr2, no other thread is woken up"
-
-The ordering constraints for the hash bucket waiter counting are that
-the waiter counts have to be incremented _before_ getting the spinlock
-(because the spinlock acts as part of the memory barrier), but the
-"requeue" operation didn't honor those rules, and nobody had even
-thought about that case.
-
-This fairly simple patch just increments the waiter count for the target
-hash bucket (hb2) when requeing a futex before taking the locks. It
-then decrements them again after releasing the lock - the code that
-actually moves the futex(es) between hash buckets will do the additional
-required waiter count housekeeping.
-
-Reported-and-tested-by: Jan Stancek <jstancek@redhat.com>
-Acked-by: Davidlohr Bueso <davidlohr@hp.com>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- kernel/futex.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/kernel/futex.c b/kernel/futex.c
-index 08ec814..16b1f2c 100644
---- a/kernel/futex.c
-+++ b/kernel/futex.c
-@@ -1450,6 +1450,7 @@ retry:
- hb2 = hash_futex(&key2);
-
- retry_private:
-+ hb_waiters_inc(hb2);
- double_lock_hb(hb1, hb2);
-
- if (likely(cmpval != NULL)) {
-@@ -1459,6 +1460,7 @@ retry_private:
-
- if (unlikely(ret)) {
- double_unlock_hb(hb1, hb2);
-+ hb_waiters_dec(hb2);
-
- ret = get_user(curval, uaddr1);
- if (ret)
-@@ -1508,6 +1510,7 @@ retry_private:
- break;
- case -EFAULT:
- double_unlock_hb(hb1, hb2);
-+ hb_waiters_dec(hb2);
- put_futex_key(&key2);
- put_futex_key(&key1);
- ret = fault_in_user_writeable(uaddr2);
-@@ -1517,6 +1520,7 @@ retry_private:
- case -EAGAIN:
- /* The owner was exiting, try again. */
- double_unlock_hb(hb1, hb2);
-+ hb_waiters_dec(hb2);
- put_futex_key(&key2);
- put_futex_key(&key1);
- cond_resched();
-@@ -1592,6 +1596,7 @@ retry_private:
-
- out_unlock:
- double_unlock_hb(hb1, hb2);
-+ hb_waiters_dec(hb2);
-
- /*
- * drop_futex_key_refs() must be called outside the spinlocks. During
---
-1.9.2
-
diff --git a/libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch b/libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch
deleted file mode 100644
index 5acbf53dd..000000000
--- a/libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 06af061dd673d749d5516bea41e2becb034e00b8 Mon Sep 17 00:00:00 2001
-From: Eyal Shapira <eyal@wizery.com>
-Date: Sun, 16 Mar 2014 05:23:21 +0200
-Subject: [PATCH 09/10] iwlwifi: mvm: rs: fix search cycle rules
-
-commit 8930b05090acd321b1fc7c642528c697cb105c42 upstream.
-
-We should explore all possible columns when searching to be
-as resilient as possible to changing conditions. This fixes
-for example a scenario where even after a sudden creation of
-rssi difference between the 2 antennas we would keep doing MIMO
-at a low rate instead of switching to SISO at a higher rate using
-the better antenna which was the optimal configuration.
-
-Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
-Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/net/wireless/iwlwifi/mvm/rs.c | 36 +++++++++++++++++------------------
- 1 file changed, 18 insertions(+), 18 deletions(-)
-
-diff --git a/drivers/net/wireless/iwlwifi/mvm/rs.c b/drivers/net/wireless/iwlwifi/mvm/rs.c
-index 6abf74e..5bc8715 100644
---- a/drivers/net/wireless/iwlwifi/mvm/rs.c
-+++ b/drivers/net/wireless/iwlwifi/mvm/rs.c
-@@ -211,9 +211,9 @@ static const struct rs_tx_column rs_tx_columns[] = {
- .next_columns = {
- RS_COLUMN_LEGACY_ANT_B,
- RS_COLUMN_SISO_ANT_A,
-+ RS_COLUMN_SISO_ANT_B,
- RS_COLUMN_MIMO2,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
-+ RS_COLUMN_MIMO2_SGI,
- },
- },
- [RS_COLUMN_LEGACY_ANT_B] = {
-@@ -221,10 +221,10 @@ static const struct rs_tx_column rs_tx_columns[] = {
- .ant = ANT_B,
- .next_columns = {
- RS_COLUMN_LEGACY_ANT_A,
-+ RS_COLUMN_SISO_ANT_A,
- RS_COLUMN_SISO_ANT_B,
- RS_COLUMN_MIMO2,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
-+ RS_COLUMN_MIMO2_SGI,
- },
- },
- [RS_COLUMN_SISO_ANT_A] = {
-@@ -234,8 +234,8 @@ static const struct rs_tx_column rs_tx_columns[] = {
- RS_COLUMN_SISO_ANT_B,
- RS_COLUMN_MIMO2,
- RS_COLUMN_SISO_ANT_A_SGI,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
-+ RS_COLUMN_SISO_ANT_B_SGI,
-+ RS_COLUMN_MIMO2_SGI,
- },
- .checks = {
- rs_siso_allow,
-@@ -248,8 +248,8 @@ static const struct rs_tx_column rs_tx_columns[] = {
- RS_COLUMN_SISO_ANT_A,
- RS_COLUMN_MIMO2,
- RS_COLUMN_SISO_ANT_B_SGI,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
-+ RS_COLUMN_SISO_ANT_A_SGI,
-+ RS_COLUMN_MIMO2_SGI,
- },
- .checks = {
- rs_siso_allow,
-@@ -263,8 +263,8 @@ static const struct rs_tx_column rs_tx_columns[] = {
- RS_COLUMN_SISO_ANT_B_SGI,
- RS_COLUMN_MIMO2_SGI,
- RS_COLUMN_SISO_ANT_A,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
-+ RS_COLUMN_SISO_ANT_B,
-+ RS_COLUMN_MIMO2,
- },
- .checks = {
- rs_siso_allow,
-@@ -279,8 +279,8 @@ static const struct rs_tx_column rs_tx_columns[] = {
- RS_COLUMN_SISO_ANT_A_SGI,
- RS_COLUMN_MIMO2_SGI,
- RS_COLUMN_SISO_ANT_B,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
-+ RS_COLUMN_SISO_ANT_A,
-+ RS_COLUMN_MIMO2,
- },
- .checks = {
- rs_siso_allow,
-@@ -292,10 +292,10 @@ static const struct rs_tx_column rs_tx_columns[] = {
- .ant = ANT_AB,
- .next_columns = {
- RS_COLUMN_SISO_ANT_A,
-+ RS_COLUMN_SISO_ANT_B,
-+ RS_COLUMN_SISO_ANT_A_SGI,
-+ RS_COLUMN_SISO_ANT_B_SGI,
- RS_COLUMN_MIMO2_SGI,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
- },
- .checks = {
- rs_mimo_allow,
-@@ -307,10 +307,10 @@ static const struct rs_tx_column rs_tx_columns[] = {
- .sgi = true,
- .next_columns = {
- RS_COLUMN_SISO_ANT_A_SGI,
-+ RS_COLUMN_SISO_ANT_B_SGI,
-+ RS_COLUMN_SISO_ANT_A,
-+ RS_COLUMN_SISO_ANT_B,
- RS_COLUMN_MIMO2,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
-- RS_COLUMN_INVALID,
- },
- .checks = {
- rs_mimo_allow,
---
-1.9.2
-
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD
index 97aab4398..5d1d2da74 100644
--- a/libre/linux-libre-grsec/PKGBUILD
+++ b/libre/linux-libre-grsec/PKGBUILD
@@ -12,13 +12,13 @@
pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel
#pkgbase=linux-libre-custom # Build kernel with a different name
_basekernel=3.14
-_sublevel=2
+_sublevel=3
_grsecver=3.0
-_timestamp=201405051841
+_timestamp=201405071928
_pkgver=${_basekernel}.${_sublevel}
pkgver=${_basekernel}.${_sublevel}.${_timestamp}
pkgrel=1
-_lxopkgver=${_basekernel}.2 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver
arch=('i686' 'x86_64' 'mips64el')
url="https://grsecurity.net/"
license=('GPL2')
@@ -42,7 +42,6 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'0004-fs-Don-t-return-0-from-get_anon_bdev.patch'
'0005-Revert-Bluetooth-Enable-autosuspend-for-Intel-Blueto.patch'
'0006-genksyms-fix-typeof-handling.patch'
- '0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch'
'0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch'
'0011-kernfs-fix-removed-error-check.patch'
'0012-fix-saa7134.patch'
@@ -50,35 +49,34 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'0015-fix-xsdt-validation.patch'
'sysctl.conf'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
-md5sums=('c108ec52eeb2a9b9ddbb8d12496ff25f'
- '77c34d5c5c2663d0daaf8ad3761fbaf3'
- '886c74ae6a77a7c380f14226fc5f4058'
- 'SKIP'
- '1b830bf677c7df400ac30192fa37f97f'
- '408dd180559f71dab1fcc80a19da1343'
- '5f66bed97a5c37e48eb2f71b2d354b9a'
- '2967cecc3af9f954ccc822fd63dca6ff'
- '8267264d9a8966e57fdacd1fa1fc65c4'
- '14bb375a8a1d86d2875f72fcbaa03f3e'
- '98beb36f9b8cf16e58de2483ea9985e3'
- '6839ddec74a5300beff1709a81b0e4f3'
- '706549e8a05f33f7fc697f28c0ca71d2'
- 'd23fc66be93ebce698bd7da844789de1'
- 'b240cc8ebb4b5d74e94b4c72d033f726'
- 'a89d593774ccb955eb8368d3bc87ce26'
- '16a161979f846b049e90daea907c35dd'
- '00727251b0d337a25d3ca392218afdf4'
- '353b553d69da810ef954618aca60e1e2'
- 'b3f98eba6322463ed6644784c56893be'
- '4f547d79fa1b2bb855dc2996be2a515e'
- '21d25aef69f9da33c6087b7ffd97783e'
- '278417ab07b6f5fe8e3e0ed656f35f3e'
- '7a052645280da78a98bfe8cf805ddab5'
- '4a8ea53fef63e90c5244c2f2806ad4c8')
+sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b'
+ 'fcd8398a41a7e55e44123857342fd9041ae1bdacbcf8c5099a53293c96e6fba6'
+ 'ca5bd99e3ee12836e2442c096fa2af7fdf9f75f750a471a0c0e981b08abdd330'
+ 'SKIP'
+ '16ee96f4e9c5686f5fc72242932e872b26c5ad7c8b8c022ff2a3fe68f6c1a6f0'
+ 'ea3eec6e11c4feda78493c15c89defcfa482597d069b3c7c9b7bf60121d24ad7'
+ '9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486'
+ 'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b'
+ '55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9'
+ 'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6'
+ 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182'
+ '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02'
+ '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29'
+ '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d'
+ '1e1ae0f31f722e80da083ecada1f1be57f9ddad133941820c4483b0240e494c1'
+ '3fffb01cf97a5a7ab9601cb277d2468c0fb1e1cceba4225915f3ffae3a5694ec'
+ 'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7'
+ 'c0af4622f75c89fef62183e18b7d49998228d4eaa906c6accaf4aa4ff0134f85'
+ '04f44bf5c181d6dc31905937c1bdccb0f5aecaad3a579e99b302502b9cbe0f7a'
+ '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18'
+ 'f2a5e22c1ba6e9b8a32a7bd4a5327ee95538aa10edcee3cd12578f8ff49bf6be'
+ '384dd13fd4248fd6809da8c6ae29ced55d4a5cacc33ac2ae7522093ec0fb26d4'
+ 'a37823f0cdf3f318ec3f486f6e4035a7a8f887522d3a563d4dfe155f143ba24f'
+ '43d975e9c9c68de131005a87c3c755fadef1eaed6c551bcafd08f2746f9d71fd')
if [ "$CARCH" != "mips64el" ]; then
# don't use the Loongson-specific patches on non-mips64el arches.
unset source[${#source[@]}-1]
- unset md5sums[${#md5sums[@]}-1]
+ unset sha256sums[${#sha256sums[@]}-1]
fi
_kernelname=${pkgbase#linux-libre}
@@ -126,11 +124,6 @@ prepare() {
# http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18
patch -p1 -i "${srcdir}/0006-genksyms-fix-typeof-handling.patch"
- # Fix the use of code32_start in the EFI boot stub
- # http://permalink.gmane.org/gmane.linux.kernel/1679881
- # https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/commit/?h=urgent&id=7e8213c1f3acc064aef37813a39f13cbfe7c3ce7
- patch -p1 -i "${srcdir}/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch"
-
# https://git.kernel.org/cgit/linux/kernel/git/iwlwifi/iwlwifi-fixes.git/commit/?id=12f853a89e29f50b17698e17e73c328a35f1498d
# FS#39815
patch -p1 -i "${srcdir}/0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch"
diff --git a/libre/linux-libre-grsec/config.i686 b/libre/linux-libre-grsec/config.i686
index cc0487d43..fc977efe5 100644
--- a/libre/linux-libre-grsec/config.i686
+++ b/libre/linux-libre-grsec/config.i686
@@ -1664,7 +1664,7 @@ CONFIG_BLK_DEV_DAC960=m
# CONFIG_BLK_DEV_UMEM is not set
# CONFIG_BLK_DEV_COW_COMMON is not set
CONFIG_BLK_DEV_LOOP=m
-CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=0
CONFIG_BLK_DEV_CRYPTOLOOP=m
CONFIG_BLK_DEV_DRBD=m
# CONFIG_DRBD_FAULT_INJECTION is not set
diff --git a/libre/linux-libre-grsec/config.x86_64 b/libre/linux-libre-grsec/config.x86_64
index 4b3e0d5fd..d1e29cf01 100644
--- a/libre/linux-libre-grsec/config.x86_64
+++ b/libre/linux-libre-grsec/config.x86_64
@@ -1629,7 +1629,7 @@ CONFIG_BLK_DEV_DAC960=m
# CONFIG_BLK_DEV_UMEM is not set
# CONFIG_BLK_DEV_COW_COMMON is not set
CONFIG_BLK_DEV_LOOP=m
-CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=0
CONFIG_BLK_DEV_CRYPTOLOOP=m
CONFIG_BLK_DEV_DRBD=m
# CONFIG_DRBD_FAULT_INJECTION is not set