diff options
| author |   Mike Pagano <mpagano@gentoo.org> | 2022-08-25 13:36:30 -0400 |
|---|---|---|
| committer | Mike Pagano <mpagano@gentoo.org> | 2022-08-25 13:36:30 -0400 |
| commit | 27a3d3432243c1bd89ef3c68330f8d31da45ba34 (patch) | |
| tree | 3ffd4856d1d94a37618c684a1ed4b5ab4efc4688 /4567_distro-Gentoo-Kconfig.patch | |
| parent | Remove references to HARDENED_USERCOPY_PAGESPAN (diff) | |
| download | linux-patches-27a3d3432243c1bd89ef3c68330f8d31da45ba34.tar.gz linux-patches-27a3d3432243c1bd89ef3c68330f8d31da45ba34.tar.bz2 linux-patches-27a3d3432243c1bd89ef3c68330f8d31da45ba34.zip | |
Add CONFIG_LANDLOCK to KSPP and RANDSTRUCT fix
Bug: https://bugs.gentoo.org/865685
Signed-off-by: Mike Pagano <mpagano@gentoo.org>
Diffstat (limited to '4567_distro-Gentoo-Kconfig.patch')
| -rw-r--r-- | 4567_distro-Gentoo-Kconfig.patch | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch index 0a380985..9e0701dd 100644 --- a/4567_distro-Gentoo-Kconfig.patch +++ b/4567_distro-Gentoo-Kconfig.patch @@ -1,14 +1,14 @@ ---- a/Kconfig 2022-05-11 13:20:07.110347567 -0400 -+++ b/Kconfig 2022-05-11 13:21:12.127174393 -0400 +--- a/Kconfig 2022-08-25 10:11:47.220973785 -0400 ++++ b/Kconfig 2022-08-25 10:11:56.997682513 -0400 @@ -30,3 +30,5 @@ source "lib/Kconfig" source "lib/Kconfig.debug" source "Documentation/Kconfig" + +source "distro/Kconfig" ---- /dev/null 2022-05-10 13:47:17.750578524 -0400 -+++ b/distro/Kconfig 2022-05-11 13:21:20.540529032 -0400 -@@ -0,0 +1,290 @@ +--- /dev/null 2022-08-25 07:13:06.694086407 -0400 ++++ b/distro/Kconfig 2022-08-25 13:21:55.150660724 -0400 +@@ -0,0 +1,291 @@ +menu "Gentoo Linux" + +config GENTOO_LINUX @@ -185,7 +185,7 @@ +config GENTOO_KERNEL_SELF_PROTECTION_COMMON + bool "Enable Kernel Self Protection Project Recommendations" + -+ depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && !IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT ++ depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && !IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT && SECURITY && !ARCH_EPHEMERAL_INODES && RANDSTRUCT_PERFORMANCE + + select BUG + select STRICT_KERNEL_RWX @@ -202,6 +202,7 @@ + select HARDENED_USERCOPY if HAVE_HARDENED_USERCOPY_ALLOCATOR=y + select KFENCE if HAVE_ARCH_KFENCE && (!SLAB || SLUB) + select RANDOMIZE_KSTACK_OFFSET_DEFAULT if HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET && (INIT_STACK_NONE || !CC_IS_CLANG || CLANG_VERSION>=140000) ++ select SECURITY_LANDLOCK + select SCHED_CORE if SCHED_SMT + select BUG_ON_DATA_CORRUPTION + select SCHED_STACK_END_CHECK @@ -224,7 +225,7 @@ + select GCC_PLUGIN_LATENT_ENTROPY + select GCC_PLUGIN_STRUCTLEAK + select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL -+ select GCC_PLUGIN_RANDSTRUCT ++ select GCC_PLUGIN_RANDSTRUCT + select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE + select ZERO_CALL_USED_REGS if CC_HAS_ZERO_CALL_USED_REGS + @@ -239,12 +240,12 @@ + depends on !X86_MSR && X86_64 && GENTOO_KERNEL_SELF_PROTECTION + default n + ++ select GCC_PLUGIN_STACKLEAK ++ select LEGACY_VSYSCALL_NONE ++ select PAGE_TABLE_ISOLATION + select RANDOMIZE_BASE + select RANDOMIZE_MEMORY + select RELOCATABLE -+ select LEGACY_VSYSCALL_NONE -+ select PAGE_TABLE_ISOLATION -+ select GCC_PLUGIN_STACKLEAK + select VMAP_STACK + + |