From d138bcc8cdf8c8509af3a96e35ede847ac86068d Mon Sep 17 00:00:00 2001 From: Nils Freydank Date: Tue, 7 Feb 2023 20:38:19 +0100 Subject: [PATCH] pygoscelis: Enable CONFIG_GENTOO_KERNEL_SELF_PROTECTION_COMMON --- pygoscelis-config | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/pygoscelis-config b/pygoscelis-config index b1a3f8c..7aa05ed 100644 --- a/pygoscelis-config +++ b/pygoscelis-config @@ -747,6 +747,7 @@ CONFIG_HAVE_NOINSTR_HACK=y CONFIG_HAVE_NOINSTR_VALIDATION=y CONFIG_HAVE_UACCESS_VALIDATION=y CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_RELIABLE_STACKTRACE=y CONFIG_COMPAT_32BIT_TIME=y CONFIG_HAVE_ARCH_VMAP_STACK=y CONFIG_VMAP_STACK=y @@ -780,7 +781,7 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y -# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y # end of General architecture-dependent options CONFIG_RT_MUTEXES=y @@ -4613,6 +4614,7 @@ CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" # # Kernel hardening options # +CONFIG_GCC_PLUGIN_STRUCTLEAK=y # # Memory initialization @@ -4623,6 +4625,7 @@ CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y # CONFIG_INIT_STACK_NONE is not set # CONFIG_INIT_STACK_ALL_PATTERN is not set CONFIG_INIT_STACK_ALL_ZERO=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set CONFIG_GCC_PLUGIN_STACKLEAK=y # CONFIG_GCC_PLUGIN_STACKLEAK_VERBOSE is not set CONFIG_STACKLEAK_TRACK_MIN_SIZE=100 @@ -5026,6 +5029,7 @@ CONFIG_MEMREGION=y CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y CONFIG_ARCH_HAS_COPY_MC=y CONFIG_ARCH_STACKWALK=y +CONFIG_STACKDEPOT=y CONFIG_SBITMAP=y # end of Library routines @@ -5101,7 +5105,8 @@ CONFIG_HAVE_KCSAN_COMPILER=y # # CONFIG_PAGE_EXTENSION is not set # CONFIG_DEBUG_PAGEALLOC is not set -# CONFIG_SLUB_DEBUG is not set +CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG_ON is not set # CONFIG_PAGE_OWNER is not set # CONFIG_PAGE_TABLE_CHECK is not set CONFIG_PAGE_POISONING=y @@ -5130,7 +5135,12 @@ CONFIG_CC_HAS_KASAN_GENERIC=y CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y # CONFIG_KASAN is not set CONFIG_HAVE_ARCH_KFENCE=y -# CONFIG_KFENCE is not set +CONFIG_KFENCE=y +CONFIG_KFENCE_SAMPLE_INTERVAL=100 +CONFIG_KFENCE_NUM_OBJECTS=255 +# CONFIG_KFENCE_DEFERRABLE is not set +# CONFIG_KFENCE_STATIC_KEYS is not set +CONFIG_KFENCE_STRESS_TEST_FAULTS=0 CONFIG_HAVE_ARCH_KMSAN=y # end of Memory Debugging @@ -5182,7 +5192,7 @@ CONFIG_LOCK_DEBUGGING_SUPPORT=y # end of Lock Debugging (spinlocks, mutexes, etc...) # CONFIG_DEBUG_IRQFLAGS is not set -# CONFIG_STACKTRACE is not set +CONFIG_STACKTRACE=y CONFIG_WARN_ALL_UNSEEDED_RANDOM=y # CONFIG_DEBUG_KOBJECT is not set @@ -5191,7 +5201,7 @@ CONFIG_WARN_ALL_UNSEEDED_RANDOM=y # CONFIG_DEBUG_LIST=y # CONFIG_DEBUG_PLIST is not set -# CONFIG_DEBUG_SG is not set +CONFIG_DEBUG_SG=y CONFIG_DEBUG_NOTIFIERS=y CONFIG_BUG_ON_DATA_CORRUPTION=y # CONFIG_DEBUG_MAPLE_TREE is not set @@ -5257,9 +5267,8 @@ CONFIG_IO_DELAY_NONE=y # CONFIG_DEBUG_NMI_SELFTEST is not set # CONFIG_X86_DEBUG_FPU is not set # CONFIG_PUNIT_ATOM_DEBUG is not set -# CONFIG_UNWINDER_ORC is not set +CONFIG_UNWINDER_ORC=y # CONFIG_UNWINDER_FRAME_POINTER is not set -CONFIG_UNWINDER_GUESS=y # end of x86 Debugging # @@ -5297,6 +5306,6 @@ CONFIG_GENTOO_LINUX_INIT_SYSTEMD=y # end of Support for init systems, system and service managers CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y -# CONFIG_GENTOO_KERNEL_SELF_PROTECTION_COMMON is not set +CONFIG_GENTOO_KERNEL_SELF_PROTECTION_COMMON=y CONFIG_GENTOO_PRINT_FIRMWARE_INFO=y # end of Gentoo Linux