From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 01FD4139360 for ; Tue, 10 Aug 2021 11:49:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3B39FE086B; Tue, 10 Aug 2021 11:49:51 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 831FEE086B for ; Tue, 10 Aug 2021 11:49:50 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id CF914342A8F for ; Tue, 10 Aug 2021 11:49:48 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E91CD7CE for ; Tue, 10 Aug 2021 11:49:46 +0000 (UTC) From: "Mike Pagano" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Pagano" Message-ID: <1628596134.3a5b30d38a0dcc2a21213fcffb3cb4a3dfe454d8.mpagano@gentoo> Subject: [gentoo-commits] proj/linux-patches:5.10 commit in: / X-VCS-Repository: proj/linux-patches X-VCS-Files: 4567_distro-Gentoo-Kconfig.patch X-VCS-Directories: / X-VCS-Committer: mpagano X-VCS-Committer-Name: Mike Pagano X-VCS-Revision: 3a5b30d38a0dcc2a21213fcffb3cb4a3dfe454d8 X-VCS-Branch: 5.10 Date: Tue, 10 Aug 2021 11:49:46 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: bb49c498-5d4b-4794-bd0b-7d178cd9558f X-Archives-Hash: aae0bff2afc21da7b36195628600a98c commit: 3a5b30d38a0dcc2a21213fcffb3cb4a3dfe454d8 Author: Mike Pagano gentoo org> AuthorDate: Tue Aug 3 22:49:56 2021 +0000 Commit: Mike Pagano gentoo org> CommitDate: Tue Aug 10 11:48:54 2021 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3a5b30d3 Add CONFIG_RELOCATABLE when selecting RANDOMIZE_BASE Redo menu's to make more user-friendly Bug: https://bugs.gentoo.org/806300 Signed-off-by: Mike Pagano gentoo.org> 4567_distro-Gentoo-Kconfig.patch | 51 ++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 23 deletions(-) diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch index fa005e6..429e9d4 100644 --- a/4567_distro-Gentoo-Kconfig.patch +++ b/4567_distro-Gentoo-Kconfig.patch @@ -6,9 +6,9 @@ source "Documentation/Kconfig" + +source "distro/Kconfig" ---- /dev/null 2021-07-04 10:53:51.006624416 -0400 -+++ b/distro/Kconfig 2021-07-04 11:07:33.534248860 -0400 -@@ -0,0 +1,263 @@ +--- /dev/null 2021-08-03 06:44:27.767516067 -0400 ++++ b/distro/Kconfig 2021-08-03 18:43:33.303563865 -0400 +@@ -0,0 +1,268 @@ +menu "Gentoo Linux" + +config GENTOO_LINUX @@ -166,11 +166,22 @@ + +endmenu + -+menu "Enable Kernel Self Protection Project Recommendations" -+ visible if GENTOO_LINUX ++menuconfig GENTOO_KERNEL_SELF_PROTECTION ++ bool "Kernel Self Protection Project" ++ depends on GENTOO_LINUX ++ help ++ Recommended Kernel settings based on the suggestions from the Kernel Self Protection Project ++ See: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings ++ Note, there may be additional settings for which the CONFIG_ setting is invisible in menuconfig due ++ to unmet dependencies. Search for GENTOO_KERNEL_SELF_PROTECTION_COMMON and search for ++ GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for dependency information on your ++ specific architecture. ++ Note 2: Please see the URL above for numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 ++ for X86_64 + -+config GENTOO_KERNEL_SELF_PROTECTION -+ bool "Architecture Independant Kernel Self Protection Project Recommendations" ++if GENTOO_KERNEL_SELF_PROTECTION ++config GENTOO_KERNEL_SELF_PROTECTION_COMMON ++ bool "Enable Kernel Self Protection Project Recommendations" + + depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL + @@ -214,26 +225,21 @@ + select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE + + help -+ Recommended Kernel settings based on the suggestions from the Kernel Self Protection Project -+ See: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings -+ Note, there may be additional settings for which the CONFIG_ setting is invisible in menuconfig due -+ to unmet dependencies. Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for -+ dependency information on your specific architecture. -+ Note 2: Please see the URL above for numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 -+ for X86_64 -+ -+menu "Architecture Specific Self Protection Project Recommendations" ++ Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for dependency ++ information on your specific architecture. Note 2: Please see the URL above for ++ numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 for X86_64 + +config GENTOO_KERNEL_SELF_PROTECTION_X86_64 -+ bool "X86_64 KSPP Settings" ++ bool "X86_64 KSPP Settings" if GENTOO_KERNEL_SELF_PROTECTION_COMMON + -+ depends on !X86_MSR && X86_64 ++ depends on !X86_MSR && X86_64 && GENTOO_KERNEL_SELF_PROTECTION + default n + + select RANDOMIZE_BASE + select RANDOMIZE_MEMORY ++ select RELOCATABLE + select LEGACY_VSYSCALL_NONE -+ select PAGE_TABLE_ISOLATION ++ select PAGE_TABLE_ISOLATION + + +config GENTOO_KERNEL_SELF_PROTECTION_ARM64 @@ -243,6 +249,7 @@ + default n + + select RANDOMIZE_BASE ++ select RELOCATABLE + select ARM64_SW_TTBR0_PAN + select CONFIG_UNMAP_KERNEL_AT_EL0 + @@ -255,6 +262,7 @@ + select HIGHMEM64G + select X86_PAE + select RANDOMIZE_BASE ++ select RELOCATABLE + select PAGE_TABLE_ISOLATION + +config GENTOO_KERNEL_SELF_PROTECTION_ARM @@ -267,10 +275,7 @@ + select STRICT_MEMORY_RWX + select CPU_SW_DOMAIN_PAN + -+endmenu -+ -+endmenu -+ ++endif +endmenu diff --git a/security/Kconfig b/security/Kconfig index 7561f6f99..01f0bf73f 100644