Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:master commit in: /
Date: Wed, 11 May 2022 17:40:58
Message-Id: 1652289952.e6616502ad6e34b980112d4828cf526fdfbf0635.mpagano@gentoo
1 commit: e6616502ad6e34b980112d4828cf526fdfbf0635
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed May 11 17:25:52 2022 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed May 11 17:25:52 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e6616502
7
8 Update Gentoo Hardened patchset based on KSPP thanks to Peter Bo
9 Bug: https://bugs.gentoo.org/841488
10
11 Added:
12 CONFIG_HARDENED_USERCOPY=y
13 CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
14 CONFIG_KFENCE=y
15 CONFIG_IOMMU_DEFAULT_DMA_STRICT=y
16 CONFIG_SCHED_CORE=y
17 CONFIG_ZERO_CALL_USED_REGS=y
18
19 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
20
21 4567_distro-Gentoo-Kconfig.patch | 17 +++++++++++------
22 1 file changed, 11 insertions(+), 6 deletions(-)
23
24 diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch
25 index ab78353b..1efc0fba 100644
26 --- a/4567_distro-Gentoo-Kconfig.patch
27 +++ b/4567_distro-Gentoo-Kconfig.patch
28 @@ -1,14 +1,14 @@
29 ---- a/Kconfig 2022-04-12 13:11:48.403113171 -0400
30 -+++ b/Kconfig 2022-04-12 13:12:36.530084675 -0400
31 +--- a/Kconfig 2022-05-11 13:20:07.110347567 -0400
32 ++++ b/Kconfig 2022-05-11 13:21:12.127174393 -0400
33 @@ -30,3 +30,5 @@ source "lib/Kconfig"
34 source "lib/Kconfig.debug"
35
36 source "Documentation/Kconfig"
37 +
38 +source "distro/Kconfig"
39 ---- /dev/null 2022-04-12 05:39:54.696333295 -0400
40 -+++ b/distro/Kconfig 2022-04-12 13:21:04.666379519 -0400
41 -@@ -0,0 +1,285 @@
42 +--- /dev/null 2022-05-10 13:47:17.750578524 -0400
43 ++++ b/distro/Kconfig 2022-05-11 13:21:20.540529032 -0400
44 +@@ -0,0 +1,290 @@
45 +menu "Gentoo Linux"
46 +
47 +config GENTOO_LINUX
48 @@ -185,7 +185,7 @@
49 +config GENTOO_KERNEL_SELF_PROTECTION_COMMON
50 + bool "Enable Kernel Self Protection Project Recommendations"
51 +
52 -+ depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS
53 ++ depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && !IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT
54 +
55 + select BUG
56 + select STRICT_KERNEL_RWX
57 @@ -199,6 +199,10 @@
58 + select DEBUG_NOTIFIERS
59 + select DEBUG_LIST
60 + select DEBUG_SG
61 ++ select HARDENED_USERCOPY if HAVE_HARDENED_USERCOPY_ALLOCATOR=y
62 ++ select KFENCE if HAVE_ARCH_KFENCE && (!SLAB || SLUB)
63 ++ select RANDOMIZE_KSTACK_OFFSET_DEFAULT if HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET && (INIT_STACK_NONE || !CC_IS_CLANG || CLANG_VERSION>=140000)
64 ++ select SCHED_CORE if SCHED_SMT
65 + select BUG_ON_DATA_CORRUPTION
66 + select SCHED_STACK_END_CHECK
67 + select SECCOMP if HAVE_ARCH_SECCOMP
68 @@ -222,6 +226,7 @@
69 + select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
70 + select GCC_PLUGIN_RANDSTRUCT
71 + select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
72 ++ select ZERO_CALL_USED_REGS if CC_HAS_ZERO_CALL_USED_REGS
73 +
74 + help
75 + Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for dependency
Report Message
Find on MARC Find on Google Groups