]> git.ipfire.org Git - ipfire-3.x.git/commitdiff
projects / ipfire-3.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8cdd5bc)
kernel: Improve memory hardening with KFENCE
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 14 Dec 2022 16:04:03 +0000 (16:04 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 15 Dec 2022 15:51:22 +0000 (15:51 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
kernel/config-aarch64-generic patch | blob | blame | history
kernel/config-generic patch | blob | blame | history
kernel/config-x86_64-generic patch | blob | blame | history
kernel/kernel.nm patch | blob | blame | history

diff --git a/kernel/config-aarch64-generic b/kernel/config-aarch64-generic
index 6d7f61380d042e2b42f6580670a87be8fa16f1e4..02a2b7eff91069cc85bf4bf5ae13cd1e6b79eb72 100644 (file)
--- a/kernel/config-aarch64-generic
+++ b/kernel/config-aarch64-generic
@@ -1453,7 +1453,6 @@ CONFIG_FRAME_POINTER=y
 #
 # Memory Debugging
 #
-# CONFIG_DEBUG_RODATA_TEST is not set
 # CONFIG_DEBUG_WX is not set
 # end of Memory Debugging
 
diff --git a/kernel/config-generic b/kernel/config-generic
index 5abff0c2389140ef993ffa7177519e67d8536793..880d86ae420abfa125ba3718f11042182dd4a44f 100644 (file)
--- a/kernel/config-generic
+++ b/kernel/config-generic
@@ -7358,13 +7358,14 @@ CONFIG_HAVE_KCSAN_COMPILER=y
 #
 # Memory Debugging
 #
-CONFIG_PAGE_EXTENSION=y
+# CONFIG_PAGE_EXTENSION is not set
 # CONFIG_DEBUG_PAGEALLOC is not set
 # CONFIG_SLUB_DEBUG is not set
 # CONFIG_PAGE_OWNER is not set
 # CONFIG_PAGE_TABLE_CHECK is not set
-CONFIG_PAGE_POISONING=y
+# CONFIG_PAGE_POISONING is not set
 # CONFIG_DEBUG_PAGE_REF is not set
+# CONFIG_DEBUG_RODATA_TEST is not set
 CONFIG_ARCH_HAS_DEBUG_WX=y
 CONFIG_GENERIC_PTDUMP=y
 # CONFIG_PTDUMP_DEBUGFS is not set
@@ -7379,7 +7380,7 @@ CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y
 # CONFIG_DEBUG_VM_PGTABLE is not set
 CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
 # CONFIG_DEBUG_VIRTUAL is not set
-CONFIG_DEBUG_MEMORY_INIT=y
+# CONFIG_DEBUG_MEMORY_INIT is not set
 # CONFIG_DEBUG_PER_CPU_MAPS is not set
 CONFIG_HAVE_ARCH_KASAN=y
 CONFIG_HAVE_ARCH_KASAN_VMALLOC=y
@@ -7387,7 +7388,12 @@ CONFIG_CC_HAS_KASAN_GENERIC=y
 CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y
 # CONFIG_KASAN is not set
 CONFIG_HAVE_ARCH_KFENCE=y
-# CONFIG_KFENCE is not set
+CONFIG_KFENCE=y
+CONFIG_KFENCE_SAMPLE_INTERVAL=100
+CONFIG_KFENCE_NUM_OBJECTS=255
+# CONFIG_KFENCE_DEFERRABLE is not set
+# CONFIG_KFENCE_STATIC_KEYS is not set
+CONFIG_KFENCE_STRESS_TEST_FAULTS=0
 # end of Memory Debugging
 
 CONFIG_DEBUG_SHIRQ=y
diff --git a/kernel/config-x86_64-generic b/kernel/config-x86_64-generic
index deace67f22fc3a5866f3808f29e4202e596dc213..3bbf9ecc7bd8c1f7cdd6b600fbc5e53b4206b0ec 100644 (file)
--- a/kernel/config-x86_64-generic
+++ b/kernel/config-x86_64-generic
@@ -1468,7 +1468,6 @@ CONFIG_OBJTOOL=y
 #
 # Memory Debugging
 #
-CONFIG_DEBUG_RODATA_TEST=y
 CONFIG_DEBUG_WX=y
 CONFIG_PTDUMP_CORE=y
 CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y
diff --git a/kernel/kernel.nm b/kernel/kernel.nm
index 86d7ea046ef600d4c60a278d0124d640201262be..7923155af9665fc0ed4956a3e1d1afce2c4e3c93 100644 (file)
--- a/kernel/kernel.nm
+++ b/kernel/kernel.nm
@@ -5,7 +5,7 @@
 
 name       = kernel
 version    = 6.0.6
-release    = 0.36
+release    = 0.37
 thisapp    = linux-%{version}
 
 maintainer = Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
IPFire 3.x development tree