| 1 |
commit: 27a3d3432243c1bd89ef3c68330f8d31da45ba34 |
| 2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Aug 25 17:36:30 2022 +0000 |
| 4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Aug 25 17:36:30 2022 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=27a3d343 |
| 7 |
|
| 8 |
Add CONFIG_LANDLOCK to KSPP and RANDSTRUCT fix |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/865685 |
| 11 |
|
| 12 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
| 13 |
|
| 14 |
4567_distro-Gentoo-Kconfig.patch | 21 +++++++++++---------- |
| 15 |
1 file changed, 11 insertions(+), 10 deletions(-) |
| 16 |
|
| 17 |
diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch |
| 18 |
index 0a380985..9e0701dd 100644 |
| 19 |
--- a/4567_distro-Gentoo-Kconfig.patch |
| 20 |
+++ b/4567_distro-Gentoo-Kconfig.patch |
| 21 |
@@ -1,14 +1,14 @@ |
| 22 |
---- a/Kconfig 2022-05-11 13:20:07.110347567 -0400 |
| 23 |
-+++ b/Kconfig 2022-05-11 13:21:12.127174393 -0400 |
| 24 |
+--- a/Kconfig 2022-08-25 10:11:47.220973785 -0400 |
| 25 |
++++ b/Kconfig 2022-08-25 10:11:56.997682513 -0400 |
| 26 |
@@ -30,3 +30,5 @@ source "lib/Kconfig" |
| 27 |
source "lib/Kconfig.debug" |
| 28 |
|
| 29 |
source "Documentation/Kconfig" |
| 30 |
+ |
| 31 |
+source "distro/Kconfig" |
| 32 |
---- /dev/null 2022-05-10 13:47:17.750578524 -0400 |
| 33 |
-+++ b/distro/Kconfig 2022-05-11 13:21:20.540529032 -0400 |
| 34 |
-@@ -0,0 +1,290 @@ |
| 35 |
+--- /dev/null 2022-08-25 07:13:06.694086407 -0400 |
| 36 |
++++ b/distro/Kconfig 2022-08-25 13:21:55.150660724 -0400 |
| 37 |
+@@ -0,0 +1,291 @@ |
| 38 |
+menu "Gentoo Linux" |
| 39 |
+ |
| 40 |
+config GENTOO_LINUX |
| 41 |
@@ -185,7 +185,7 @@ |
| 42 |
+config GENTOO_KERNEL_SELF_PROTECTION_COMMON |
| 43 |
+ bool "Enable Kernel Self Protection Project Recommendations" |
| 44 |
+ |
| 45 |
-+ depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && !IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT |
| 46 |
++ depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && !IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT && SECURITY && !ARCH_EPHEMERAL_INODES && RANDSTRUCT_PERFORMANCE |
| 47 |
+ |
| 48 |
+ select BUG |
| 49 |
+ select STRICT_KERNEL_RWX |
| 50 |
@@ -202,6 +202,7 @@ |
| 51 |
+ select HARDENED_USERCOPY if HAVE_HARDENED_USERCOPY_ALLOCATOR=y |
| 52 |
+ select KFENCE if HAVE_ARCH_KFENCE && (!SLAB || SLUB) |
| 53 |
+ select RANDOMIZE_KSTACK_OFFSET_DEFAULT if HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET && (INIT_STACK_NONE || !CC_IS_CLANG || CLANG_VERSION>=140000) |
| 54 |
++ select SECURITY_LANDLOCK |
| 55 |
+ select SCHED_CORE if SCHED_SMT |
| 56 |
+ select BUG_ON_DATA_CORRUPTION |
| 57 |
+ select SCHED_STACK_END_CHECK |
| 58 |
@@ -224,7 +225,7 @@ |
| 59 |
+ select GCC_PLUGIN_LATENT_ENTROPY |
| 60 |
+ select GCC_PLUGIN_STRUCTLEAK |
| 61 |
+ select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL |
| 62 |
-+ select GCC_PLUGIN_RANDSTRUCT |
| 63 |
++ select GCC_PLUGIN_RANDSTRUCT |
| 64 |
+ select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE |
| 65 |
+ select ZERO_CALL_USED_REGS if CC_HAS_ZERO_CALL_USED_REGS |
| 66 |
+ |
| 67 |
@@ -239,12 +240,12 @@ |
| 68 |
+ depends on !X86_MSR && X86_64 && GENTOO_KERNEL_SELF_PROTECTION |
| 69 |
+ default n |
| 70 |
+ |
| 71 |
++ select GCC_PLUGIN_STACKLEAK |
| 72 |
++ select LEGACY_VSYSCALL_NONE |
| 73 |
++ select PAGE_TABLE_ISOLATION |
| 74 |
+ select RANDOMIZE_BASE |
| 75 |
+ select RANDOMIZE_MEMORY |
| 76 |
+ select RELOCATABLE |
| 77 |
-+ select LEGACY_VSYSCALL_NONE |
| 78 |
-+ select PAGE_TABLE_ISOLATION |
| 79 |
-+ select GCC_PLUGIN_STACKLEAK |
| 80 |
+ select VMAP_STACK |
| 81 |
+ |
| 82 |
+ |
Archives