[arch-commits] Commit in linux-hardened/trunk (PKGBUILD config.x86_64)
Levente Polyak
anthraxx at archlinux.org
Tue May 8 00:25:32 UTC 2018
Date: Tuesday, May 8, 2018 @ 00:25:31
Author: anthraxx
Revision: 323465
upgpkg: linux-hardened 4.16.7.b-1
- bpf hardening
- always enable kpti, if one trusts the vendor statement, disable it
- page poisoning
- no kexec file
Modified:
linux-hardened/trunk/PKGBUILD
linux-hardened/trunk/config.x86_64
---------------+
PKGBUILD | 6 +++---
config.x86_64 | 14 ++++++--------
2 files changed, 9 insertions(+), 11 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-05-07 22:31:53 UTC (rev 323464)
+++ PKGBUILD 2018-05-08 00:25:31 UTC (rev 323465)
@@ -6,7 +6,7 @@
pkgbase=linux-hardened
_srcname=linux-4.16
_pkgver=4.16.7
-pkgver=${_pkgver}.a
+pkgver=${_pkgver}.b
pkgrel=1
url='https://github.com/anthraxx/linux-hardened'
arch=('x86_64')
@@ -32,9 +32,9 @@
'SKIP'
'f5ef83461054024814846eb816c76eba1b903f7e3e38c3417027b33070b60d91'
'SKIP'
- '263b331ee4f18ae9500541265ca2d37764d4b25a2541aa9824e92909456e2285'
+ '3dc7b94bd1907a4e9381da29b23442c8c418e682b1ed17642258f88b1010a8c5'
'SKIP'
- '8e1484d775b378be0cb424674ac66e5e96a0ab1adbde3bb5b4f9ad0be75d5993'
+ 'fe48716a74a7934d0519194c222fe2d21eaf199fe74fcbc55b1f0b41a514a299'
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
'75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
Modified: config.x86_64
===================================================================
--- config.x86_64 2018-05-07 22:31:53 UTC (rev 323464)
+++ config.x86_64 2018-05-08 00:25:31 UTC (rev 323465)
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.16.6 Kernel Configuration
+# Linux/x86 4.16.7 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -274,8 +274,6 @@
CONFIG_SYSTEM_DATA_VERIFICATION=y
CONFIG_PROFILING=y
CONFIG_TRACEPOINTS=y
-CONFIG_CRASH_CORE=y
-CONFIG_KEXEC_CORE=y
CONFIG_OPROFILE=m
# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
CONFIG_HAVE_OPROFILE=y
@@ -680,8 +678,7 @@
CONFIG_HZ=300
CONFIG_SCHED_HRTICK=y
# CONFIG_KEXEC is not set
-CONFIG_KEXEC_FILE=y
-# CONFIG_KEXEC_VERIFY_SIG is not set
+# CONFIG_KEXEC_FILE is not set
CONFIG_CRASH_DUMP=y
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
@@ -697,7 +694,7 @@
# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
CONFIG_LEGACY_VSYSCALL_NONE=y
CONFIG_CMDLINE_BOOL=y
-CONFIG_CMDLINE="audit=0"
+CONFIG_CMDLINE="audit=0 slub_debug=P page_poison=1 slab_nomerge pti=on"
# CONFIG_CMDLINE_OVERRIDE is not set
# CONFIG_MODIFY_LDT_SYSCALL is not set
CONFIG_HAVE_LIVEPATCH=y
@@ -8590,7 +8587,6 @@
#
# CONFIG_EFI_VARS is not set
CONFIG_EFI_ESRT=y
-CONFIG_EFI_RUNTIME_MAP=y
# CONFIG_EFI_FAKE_MEMMAP is not set
CONFIG_EFI_RUNTIME_WRAPPERS=y
CONFIG_EFI_CAPSULE_LOADER=m
@@ -8985,7 +8981,9 @@
#
# CONFIG_PAGE_EXTENSION is not set
# CONFIG_DEBUG_PAGEALLOC is not set
-# CONFIG_PAGE_POISONING is not set
+CONFIG_PAGE_POISONING=y
+CONFIG_PAGE_POISONING_NO_SANITY=y
+CONFIG_PAGE_POISONING_ZERO=y
# CONFIG_DEBUG_PAGE_REF is not set
# CONFIG_DEBUG_RODATA_TEST is not set
# CONFIG_DEBUG_OBJECTS is not set
More information about the arch-commits
mailing list