1 |
I have used the kernel config checking script from |
2 |
https://github.com/a13xp0p0v/kconfig-hardened-check/blob/master/kconfig-hardened-check.py |
3 |
on three systems. Two are fine, but one has lost audio. The driver is |
4 |
loaded, but aplay -L and /dev/snd are missing devices. |
5 |
|
6 |
Here's the changes in the new, broken audio, config. Any suspects for the |
7 |
breakage? |
8 |
|
9 |
# diff config-23jun2018-pre-hardening config-25jun2018 | grep ^\> |
10 |
> # CONFIG_BPF_SYSCALL is not set |
11 |
> CONFIG_SLUB_DEBUG=y |
12 |
> # CONFIG_SLUB_MEMCG_SYSFS_ON is not set |
13 |
> # CONFIG_SLAB is not set |
14 |
> CONFIG_SLUB=y |
15 |
> CONFIG_SLAB_FREELIST_RANDOM=y |
16 |
> CONFIG_SLAB_FREELIST_HARDENED=y |
17 |
> CONFIG_SLUB_CPU_PARTIAL=y |
18 |
> CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y |
19 |
> CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y |
20 |
> CONFIG_MODULE_SIG=y |
21 |
> CONFIG_MODULE_SIG_FORCE=y |
22 |
> CONFIG_MODULE_SIG_ALL=y |
23 |
> # CONFIG_MODULE_SIG_SHA1 is not set |
24 |
> # CONFIG_MODULE_SIG_SHA224 is not set |
25 |
> # CONFIG_MODULE_SIG_SHA256 is not set |
26 |
> # CONFIG_MODULE_SIG_SHA384 is not set |
27 |
> CONFIG_MODULE_SIG_SHA512=y |
28 |
> CONFIG_MODULE_SIG_HASH="sha512" |
29 |
> # CONFIG_X86_VSYSCALL_EMULATION is not set |
30 |
> CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 |
31 |
> # CONFIG_KEXEC is not set |
32 |
> # CONFIG_KEXEC_FILE is not set |
33 |
> # CONFIG_LEGACY_VSYSCALL_EMULATE is not set |
34 |
> CONFIG_LEGACY_VSYSCALL_NONE=y |
35 |
> # CONFIG_MODIFY_LDT_SYSCALL is not set |
36 |
> # CONFIG_IA32_EMULATION is not set |
37 |
> # CONFIG_DEVKMEM is not set |
38 |
> CONFIG_PAGE_POISONING=y |
39 |
> # CONFIG_PAGE_POISONING_NO_SANITY is not set |
40 |
> # CONFIG_PAGE_POISONING_ZERO is not set |
41 |
> CONFIG_SLUB_DEBUG_ON=y |
42 |
> # CONFIG_SLUB_STATS is not set |
43 |
> CONFIG_SCHED_STACK_END_CHECK=y |
44 |
> CONFIG_DEBUG_LIST=y |
45 |
> CONFIG_DEBUG_SG=y |
46 |
> CONFIG_DEBUG_NOTIFIERS=y |
47 |
> CONFIG_DEBUG_CREDENTIALS=y |
48 |
> # CONFIG_FTRACE is not set |
49 |
> # CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set |
50 |
> # CONFIG_RUNTIME_TESTING_MENU is not set |
51 |
> CONFIG_BUG_ON_DATA_CORRUPTION=y |
52 |
> CONFIG_STRICT_DEVMEM=y |
53 |
> CONFIG_IO_STRICT_DEVMEM=y |
54 |
> CONFIG_X86_PTDUMP_CORE=y |
55 |
> CONFIG_DEBUG_WX=y |
56 |
> CONFIG_SECURITY_DMESG_RESTRICT=y |
57 |
> CONFIG_STATIC_USERMODEHELPER=y |
58 |
> CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper" |
59 |
> CONFIG_SECURITY_YAMA=y |
60 |
> CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" |