From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id BFFF61382C5 for ; Tue, 8 Jun 2021 20:08:18 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E41C9E07A5; Tue, 8 Jun 2021 20:08:17 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C9BC4E07A5 for ; Tue, 8 Jun 2021 20:08:17 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id F095C340B54 for ; Tue, 8 Jun 2021 20:08:16 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 5CD4E7A0 for ; Tue, 8 Jun 2021 20:08:15 +0000 (UTC) From: "Mike Pagano" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Pagano" Message-ID: <1623182831.042e689970b1b2d89ad38c3cfe339065b5caa397.mpagano@gentoo> Subject: [gentoo-commits] proj/linux-patches:master commit in: / X-VCS-Repository: proj/linux-patches X-VCS-Files: 4567_distro-Gentoo-Kconfig.patch X-VCS-Directories: / X-VCS-Committer: mpagano X-VCS-Committer-Name: Mike Pagano X-VCS-Revision: 042e689970b1b2d89ad38c3cfe339065b5caa397 X-VCS-Branch: master Date: Tue, 8 Jun 2021 20:08:15 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 076489d8-51f4-4b47-9693-e902d4323b06 X-Archives-Hash: d90a9b374f4977b34edd9a67d7a3d202 commit: 042e689970b1b2d89ad38c3cfe339065b5caa397 Author: Mike Pagano gentoo org> AuthorDate: Tue Jun 8 20:07:11 2021 +0000 Commit: Mike Pagano gentoo org> CommitDate: Tue Jun 8 20:07:11 2021 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=042e6899 Updates from gyakovlev Signed-off-by: Mike Pagano gentoo.org> 4567_distro-Gentoo-Kconfig.patch | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch index 9a7a02d..56adbbd 100644 --- a/4567_distro-Gentoo-Kconfig.patch +++ b/4567_distro-Gentoo-Kconfig.patch @@ -170,16 +170,16 @@ + visible if GENTOO_LINUX + +config GENTOO_KERNEL_SELF_PROTECTION -+ bool "Architecture Independant Kernel Self Protection Project Recommendations" ++ bool "Architecture Independent Kernel Self Protection Project Recommendations" + + help -+ Recommended Kernel settings based on the suggestions from the Kernel Self Protection Project -+ See: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings -+ Note, there may be additional settings for which the CONFIG_ setting is invisible in menuconfig due -+ to unmet dependencies. Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for -+ dependency information on your specific architecture. -+ Note 2: Please see the URL above for numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 -+ for X86_64 ++ Recommended Kernel settings based on the suggestions from the Kernel Self Protection Project ++ See: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings ++ Note, there may be additional settings for which the CONFIG_ setting is invisible in menuconfig due ++ to unmet dependencies. Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for ++ dependency information on your specific architecture. ++ Note 2: Please see the URL above for numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 ++ for X86_64 + + depends on GENTOO_LINUX && !HARDENED_USERCOPY_FALLBACK && !HARDENED_USERCOPY_PAGESPAN && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !SECURITY_SELINUX_DISABLE && !X86_X32 && !MODIFY_LDT_SYSCALL + @@ -218,7 +218,7 @@ + select FORTIFY_SOURCE + select SECURITY_DMESG_RESTRICT + select PANIC_ON_OOPS -+ select CONFIG_GCC_PLUGINS=y ++ select CONFIG_GCC_PLUGINS + select GCC_PLUGIN_LATENT_ENTROPY + select GCC_PLUGIN_STRUCTLEAK + select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL @@ -237,7 +237,7 @@ + select RANDOMIZE_BASE + select RANDOMIZE_MEMORY + select LEGACY_VSYSCALL_NONE -+ select PAGE_TABLE_ISOLATION ++ select PAGE_TABLE_ISOLATION + + +config GENTOO_KERNEL_SELF_PROTECTION_ARM64