From 7f8d26419cb9c9b82b5a672586c026f64f1f8914 Mon Sep 17 00:00:00 2001 From: Alexey Skobkin Date: Tue, 2 Aug 2022 18:14:44 +0300 Subject: [PATCH] desktop. 5.18.14 oldconfig. Some hardening against vulnerabilities. --- desktop/.config | 45 +++++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/desktop/.config b/desktop/.config index 364fc33..8998e09 100644 --- a/desktop/.config +++ b/desktop/.config @@ -1,10 +1,10 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.18.0-gentoo Kernel Configuration +# Linux/x86 5.18.14-gentoo Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (Gentoo 11.3.0 p4) 11.3.0" +CONFIG_CC_VERSION_TEXT="gcc (Gentoo 12.1.1_p20220625 p8) 12.1.1 20220625" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=110300 +CONFIG_GCC_VERSION=120101 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y CONFIG_AS_VERSION=23800 @@ -15,6 +15,7 @@ CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y +CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y CONFIG_PAHOLE_VERSION=0 @@ -169,12 +170,15 @@ CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y # Scheduler features # # CONFIG_UCLAMP_TASK is not set +# CONFIG_SCHED_ALT is not set # end of Scheduler features CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_HAS_INT128=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC12_NO_ARRAY_BOUNDS=y +CONFIG_CC_NO_ARRAY_BOUNDS=y CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_NUMA_BALANCING=y CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y @@ -327,9 +331,6 @@ CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_X2APIC is not set # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y -CONFIG_CC_HAS_SLS=y -# CONFIG_SLS is not set CONFIG_X86_CPU_RESCTRL=y # CONFIG_X86_EXTENDED_PLATFORM is not set # CONFIG_X86_INTEL_LPSS is not set @@ -422,7 +423,7 @@ CONFIG_X86_MCE_THRESHOLD=y # Performance monitoring # CONFIG_PERF_EVENTS_INTEL_UNCORE=m -# CONFIG_PERF_EVENTS_INTEL_RAPL is not set +CONFIG_PERF_EVENTS_INTEL_RAPL=m CONFIG_PERF_EVENTS_INTEL_CSTATE=m CONFIG_PERF_EVENTS_AMD_POWER=m CONFIG_PERF_EVENTS_AMD_UNCORE=m @@ -433,7 +434,7 @@ CONFIG_X86_VSYSCALL_EMULATION=y CONFIG_MICROCODE=y CONFIG_MICROCODE_INTEL=y CONFIG_MICROCODE_AMD=y -CONFIG_MICROCODE_OLD_INTERFACE=y +# CONFIG_MICROCODE_OLD_INTERFACE is not set CONFIG_X86_MSR=y CONFIG_X86_CPUID=y # CONFIG_X86_5LEVEL is not set @@ -505,6 +506,15 @@ CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features +CONFIG_CC_HAS_SLS=y +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +# CONFIG_RETHUNK is not set +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y +CONFIG_SLS=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y @@ -1918,6 +1928,7 @@ CONFIG_UEFI_CPER=y CONFIG_UEFI_CPER_X86=y CONFIG_EFI_DEV_PATH_PARSER=y CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y +# CONFIG_EFI_DISABLE_RUNTIME is not set # # Tegra firmware driver @@ -2687,7 +2698,7 @@ CONFIG_TCG_TIS_ST33ZP24_I2C=m # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set # CONFIG_XILLYUSB is not set -# CONFIG_RANDOM_TRUST_CPU is not set +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set # end of Character devices @@ -5705,7 +5716,6 @@ CONFIG_KEY_DH_OPERATIONS=y CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y -# CONFIG_PAGE_TABLE_ISOLATION is not set # CONFIG_SECURITY_NETWORK_XFRM is not set # CONFIG_SECURITY_PATH is not set # CONFIG_INTEL_TXT is not set @@ -5734,16 +5744,15 @@ CONFIG_LSM="yama,loadpin,safesetid,integrity" # # Kernel hardening options # -CONFIG_GCC_PLUGIN_STRUCTLEAK=y # # Memory initialization # +CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y # CONFIG_INIT_STACK_NONE is not set -# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set -# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set -CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y -# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set +# CONFIG_INIT_STACK_ALL_PATTERN is not set +CONFIG_INIT_STACK_ALL_ZERO=y # CONFIG_GCC_PLUGIN_STACKLEAK is not set # CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set @@ -5792,7 +5801,6 @@ CONFIG_CRYPTO_CRYPTD=y CONFIG_CRYPTO_AUTHENC=y # CONFIG_CRYPTO_TEST is not set CONFIG_CRYPTO_SIMD=y -CONFIG_CRYPTO_ENGINE=m # # Public-key cryptography @@ -5813,7 +5821,7 @@ CONFIG_CRYPTO_CURVE25519_X86=m # CONFIG_CRYPTO_CCM=y CONFIG_CRYPTO_GCM=y -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_AEGIS128=m CONFIG_CRYPTO_AEGIS128_AESNI_SSE2=m CONFIG_CRYPTO_SEQIV=y @@ -5968,7 +5976,7 @@ CONFIG_CRYPTO_DEV_CCP_CRYPTO=m # CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set # CONFIG_CRYPTO_DEV_QAT_C62XVF is not set # CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set -CONFIG_CRYPTO_DEV_VIRTIO=m +# CONFIG_CRYPTO_DEV_VIRTIO is not set # CONFIG_CRYPTO_DEV_SAFEXCEL is not set # CONFIG_CRYPTO_DEV_CCREE is not set # CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set @@ -6033,6 +6041,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=y CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set