From patchwork Sun Jan 19 13:10:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Hicks X-Patchwork-Id: 1225444 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 480wCh4sT2z9sRK; Mon, 20 Jan 2020 00:10:54 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1itALq-0007F9-Kb; Sun, 19 Jan 2020 13:10:50 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALo-0007Ea-7L for kernel-team@lists.ubuntu.com; Sun, 19 Jan 2020 13:10:48 +0000 Received: from 2.general.tyhicks.uk.vpn ([10.172.192.53] helo=sec.lxd) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALn-0004re-DB; Sun, 19 Jan 2020 13:10:48 +0000 From: Tyler Hicks To: kernel-team@lists.ubuntu.com Subject: [PATCH 1/8] UBUNTU: [Config] Fix typo in annotations file Date: Sun, 19 Jan 2020 13:10:22 +0000 Message-Id: <20200119131029.23160-2-tyhicks@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200119131029.23160-1-tyhicks@canonical.com> References: <20200119131029.23160-1-tyhicks@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Fix a typo in the CONFIG_LATENCYTOP annotation line. Signed-off-by: Tyler Hicks --- debian.master/config/annotations | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 0b8d350765eb..a14064062df2 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -10631,7 +10631,7 @@ CONFIG_DEBUG_BLOCK_EXT_DEVT policy<{'amd64': 'n', 'arm64': ' CONFIG_CPU_HOTPLUG_STATE_CONTROL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_LATENCYTOP policy<{'amd64-generic': 'n', 'amd64-lowlatency': 'y', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> # -CONFIG_LATENCYTOP marl note +CONFIG_LATENCYTOP mark note # Menu: Kernel hacking >> Kernel debugging >> Architecture: arm CONFIG_ARM_PTDUMP_DEBUGFS policy<{'armhf': 'n'}> From patchwork Sun Jan 19 13:10:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Hicks X-Patchwork-Id: 1225446 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 480wCh5QGQz9sRV; Mon, 20 Jan 2020 00:10:56 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1itALs-0007GN-UP; Sun, 19 Jan 2020 13:10:52 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALq-0007F2-Fp for kernel-team@lists.ubuntu.com; Sun, 19 Jan 2020 13:10:50 +0000 Received: from 2.general.tyhicks.uk.vpn ([10.172.192.53] helo=sec.lxd) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALp-0004re-NG; Sun, 19 Jan 2020 13:10:50 +0000 From: Tyler Hicks To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/8] UBUNTU: [Config] Enable linked list manipulation checks Date: Sun, 19 Jan 2020 13:10:23 +0000 Message-Id: <20200119131029.23160-3-tyhicks@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200119131029.23160-1-tyhicks@canonical.com> References: <20200119131029.23160-1-tyhicks@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://launchpad.net/bugs/1855334 Turn on CONFIG_DEBUG_LIST which does some sanity checking on the surrounding linked list elements when adding or removing an element. If the sanity check fails, the list manipulation operation is not performed and a loud warning is printed to the logs. This may prevent some exploits that involve manipulating a linked list. Signed-off-by: Tyler Hicks --- debian.master/config/annotations | 3 ++- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index a14064062df2..c8781797bfe8 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -10621,7 +10621,7 @@ CONFIG_SCHED_STACK_END_CHECK policy<{'amd64': 'y', 'arm64': ' CONFIG_DEBUG_PREEMPT policy<{'amd64-lowlatency': 'n', 'i386-lowlatency': 'n'}> CONFIG_DEBUG_KOBJECT policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_DEBUG_BUGVERBOSE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> -CONFIG_DEBUG_LIST policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> +CONFIG_DEBUG_LIST policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_DEBUG_PLIST policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_DEBUG_SG policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_DEBUG_NOTIFIERS policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> @@ -10631,6 +10631,7 @@ CONFIG_DEBUG_BLOCK_EXT_DEVT policy<{'amd64': 'n', 'arm64': ' CONFIG_CPU_HOTPLUG_STATE_CONTROL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_LATENCYTOP policy<{'amd64-generic': 'n', 'amd64-lowlatency': 'y', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> # +CONFIG_DEBUG_LIST mark note CONFIG_LATENCYTOP mark note # Menu: Kernel hacking >> Kernel debugging >> Architecture: arm diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index 4aace08c2bfa..b0b3b98cfa6f 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -2323,7 +2323,7 @@ CONFIG_DEBUG_KERNEL=y # CONFIG_DEBUG_KERNEL_DC is not set # CONFIG_DEBUG_KMEMLEAK is not set # CONFIG_DEBUG_KOBJECT is not set -# CONFIG_DEBUG_LIST is not set +CONFIG_DEBUG_LIST=y # CONFIG_DEBUG_LL is not set CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S" # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set From patchwork Sun Jan 19 13:10:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Hicks X-Patchwork-Id: 1225447 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 480wCl2K4mz9sR8; Mon, 20 Jan 2020 00:10:59 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1itALv-0007Hm-6e; Sun, 19 Jan 2020 13:10:55 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALs-0007GA-IX for kernel-team@lists.ubuntu.com; Sun, 19 Jan 2020 13:10:52 +0000 Received: from 2.general.tyhicks.uk.vpn ([10.172.192.53] helo=sec.lxd) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALr-0004re-Rg; Sun, 19 Jan 2020 13:10:52 +0000 From: Tyler Hicks To: kernel-team@lists.ubuntu.com Subject: [PATCH 3/8] UBUNTU: [Config] Enable cred sanity checks Date: Sun, 19 Jan 2020 13:10:24 +0000 Message-Id: <20200119131029.23160-4-tyhicks@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200119131029.23160-1-tyhicks@canonical.com> References: <20200119131029.23160-1-tyhicks@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://launchpad.net/bugs/1855335 Enable CONFIG_DEBUG_CREDENTIALS to perform sanity checks, such as verifying usage counts and proper magic values, when handling cred structs. If a cred sanity check fails a loud warning is printed to the logs. This change raises the bar on the effort required to implement an exploit based on cred manipulation. CONFIG_DEBUG_CREDENTIALS will not prevent the attack but may aide an administrator in discovering such an attack on the system. Signed-off-by: Tyler Hicks --- debian.master/config/annotations | 3 ++- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index c8781797bfe8..3ce3a62a8d7d 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -10625,13 +10625,14 @@ CONFIG_DEBUG_LIST policy<{'amd64': 'y', 'arm64': ' CONFIG_DEBUG_PLIST policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_DEBUG_SG policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_DEBUG_NOTIFIERS policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> -CONFIG_DEBUG_CREDENTIALS policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> +CONFIG_DEBUG_CREDENTIALS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_DEBUG_WQ_FORCE_RR_CPU policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_DEBUG_BLOCK_EXT_DEVT policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_CPU_HOTPLUG_STATE_CONTROL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_LATENCYTOP policy<{'amd64-generic': 'n', 'amd64-lowlatency': 'y', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> # CONFIG_DEBUG_LIST mark note +CONFIG_DEBUG_CREDENTIALS mark note CONFIG_LATENCYTOP mark note # Menu: Kernel hacking >> Kernel debugging >> Architecture: arm diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index b0b3b98cfa6f..f989a8ba30ca 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -2304,7 +2304,7 @@ CONFIG_DEBUGGER=y # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set # CONFIG_DEBUG_BOOT_PARAMS is not set CONFIG_DEBUG_BUGVERBOSE=y -# CONFIG_DEBUG_CREDENTIALS is not set +CONFIG_DEBUG_CREDENTIALS=y # CONFIG_DEBUG_DEVRES is not set # CONFIG_DEBUG_DRIVER is not set # CONFIG_DEBUG_EFI is not set From patchwork Sun Jan 19 13:10:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Hicks X-Patchwork-Id: 1225448 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 480wCn6llSz9sRR; Mon, 20 Jan 2020 00:11:01 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1itALx-0007JD-Gz; Sun, 19 Jan 2020 13:10:57 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALu-0007HU-PG for kernel-team@lists.ubuntu.com; Sun, 19 Jan 2020 13:10:54 +0000 Received: from 2.general.tyhicks.uk.vpn ([10.172.192.53] helo=sec.lxd) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALt-0004re-Sa; Sun, 19 Jan 2020 13:10:54 +0000 From: Tyler Hicks To: kernel-team@lists.ubuntu.com Subject: [PATCH 4/8] UBUNTU: [Config] Enable scatterlist validation Date: Sun, 19 Jan 2020 13:10:25 +0000 Message-Id: <20200119131029.23160-5-tyhicks@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200119131029.23160-1-tyhicks@canonical.com> References: <20200119131029.23160-1-tyhicks@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://launchpad.net/bugs/1855336 Enable CONFIG_DEBUG_SG to perform sanity checks when performing operations on scatterlists. If a sanity check fails a loud warning is printed to the logs. This change may help in detection of an attack that relies on scatterlist manipulation. Signed-off-by: Tyler Hicks --- debian.master/config/annotations | 3 ++- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 3ce3a62a8d7d..5bd7b6a2bda2 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -10623,7 +10623,7 @@ CONFIG_DEBUG_KOBJECT policy<{'amd64': 'n', 'arm64': ' CONFIG_DEBUG_BUGVERBOSE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_DEBUG_LIST policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_DEBUG_PLIST policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> -CONFIG_DEBUG_SG policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> +CONFIG_DEBUG_SG policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_DEBUG_NOTIFIERS policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_DEBUG_CREDENTIALS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_DEBUG_WQ_FORCE_RR_CPU policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> @@ -10633,6 +10633,7 @@ CONFIG_LATENCYTOP policy<{'amd64-generic': 'n', 'a # CONFIG_DEBUG_LIST mark note CONFIG_DEBUG_CREDENTIALS mark note +CONFIG_DEBUG_SG mark note CONFIG_LATENCYTOP mark note # Menu: Kernel hacking >> Kernel debugging >> Architecture: arm diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index f989a8ba30ca..46309da0e559 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -2346,7 +2346,7 @@ CONFIG_DEBUG_MISC=y # CONFIG_DEBUG_RT_MUTEXES is not set # CONFIG_DEBUG_RWSEMS is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set -# CONFIG_DEBUG_SG is not set +CONFIG_DEBUG_SG=y # CONFIG_DEBUG_SHIRQ is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_STACKOVERFLOW is not set From patchwork Sun Jan 19 13:10:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Hicks X-Patchwork-Id: 1225449 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 480wCq6T6Xz9sRG; Mon, 20 Jan 2020 00:11:03 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1itAM0-0007L3-08; Sun, 19 Jan 2020 13:11:00 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1itALx-0007J1-1g for kernel-team@lists.ubuntu.com; Sun, 19 Jan 2020 13:10:57 +0000 Received: from 2.general.tyhicks.uk.vpn ([10.172.192.53] helo=sec.lxd) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALw-0004re-44; Sun, 19 Jan 2020 13:10:56 +0000 From: Tyler Hicks To: kernel-team@lists.ubuntu.com Subject: [PATCH 5/8] UBUNTU: [Config] Enable notifier call chain validations Date: Sun, 19 Jan 2020 13:10:26 +0000 Message-Id: <20200119131029.23160-6-tyhicks@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200119131029.23160-1-tyhicks@canonical.com> References: <20200119131029.23160-1-tyhicks@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://launchpad.net/bugs/1855337 Enable CONFIG_DEBUG_NOTIFIERS to ensure that notifier functions are present in the core kernel text or module text sections before calling those functions. If an invalid function pointer is detected, a warning is issued and the function is not called. This helps in attack prevention and detection. Signed-off-by: Tyler Hicks --- debian.master/config/annotations | 3 ++- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 5bd7b6a2bda2..a2d2f04a83b4 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -10624,7 +10624,7 @@ CONFIG_DEBUG_BUGVERBOSE policy<{'amd64': 'y', 'arm64': ' CONFIG_DEBUG_LIST policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_DEBUG_PLIST policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_DEBUG_SG policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> -CONFIG_DEBUG_NOTIFIERS policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> +CONFIG_DEBUG_NOTIFIERS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_DEBUG_CREDENTIALS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_DEBUG_WQ_FORCE_RR_CPU policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_DEBUG_BLOCK_EXT_DEVT policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> @@ -10634,6 +10634,7 @@ CONFIG_LATENCYTOP policy<{'amd64-generic': 'n', 'a CONFIG_DEBUG_LIST mark note CONFIG_DEBUG_CREDENTIALS mark note CONFIG_DEBUG_SG mark note +CONFIG_DEBUG_NOTIFIERS mark note CONFIG_LATENCYTOP mark note # Menu: Kernel hacking >> Kernel debugging >> Architecture: arm diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index 46309da0e559..a2e5944d3c7a 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -2332,7 +2332,7 @@ CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S" CONFIG_DEBUG_MISC=y # CONFIG_DEBUG_MUTEXES is not set # CONFIG_DEBUG_NMI_SELFTEST is not set -# CONFIG_DEBUG_NOTIFIERS is not set +CONFIG_DEBUG_NOTIFIERS=y # CONFIG_DEBUG_OBJECTS is not set # CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_PAGE_REF is not set From patchwork Sun Jan 19 13:10:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Hicks X-Patchwork-Id: 1225451 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 480wCx3CBYz9sRW; Mon, 20 Jan 2020 00:11:09 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1itAM5-0007P9-58; Sun, 19 Jan 2020 13:11:05 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALz-0007Kc-GK for kernel-team@lists.ubuntu.com; Sun, 19 Jan 2020 13:10:59 +0000 Received: from 2.general.tyhicks.uk.vpn ([10.172.192.53] helo=sec.lxd) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itALy-0004re-9G; Sun, 19 Jan 2020 13:10:58 +0000 From: Tyler Hicks To: kernel-team@lists.ubuntu.com Subject: [PATCH 6/8] UBUNTU: [Config] Enforce filtered access to iomem Date: Sun, 19 Jan 2020 13:10:27 +0000 Message-Id: <20200119131029.23160-7-tyhicks@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200119131029.23160-1-tyhicks@canonical.com> References: <20200119131029.23160-1-tyhicks@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://launchpad.net/bugs/1855338 Enable CONFIG_IO_STRICT_DEVMEM to restrict userspace access of active io-memory ranges. This could impact kernel debugability. In that case, you may reboot with iomem=relaxed on the kernel commandline to override this setting. Signed-off-by: Tyler Hicks --- debian.master/config/annotations | 3 ++- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index a2d2f04a83b4..b3d861e12e28 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -10506,7 +10506,7 @@ CONFIG_PROVIDE_OHCI1394_DMA_INIT policy<{'amd64': 'n', 'i386': 'n CONFIG_MEMTEST policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_BUG_ON_DATA_CORRUPTION policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_STRICT_DEVMEM policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> -CONFIG_IO_STRICT_DEVMEM policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> +CONFIG_IO_STRICT_DEVMEM policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_PID_IN_CONTEXTIDR policy<{'arm64': 'n', 'armhf': 'n'}> CONFIG_DEBUG_WX policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y'}> CONFIG_DEBUG_ALIGN_RODATA policy<{'arm64': 'n', 'armhf': 'y'}> @@ -10515,6 +10515,7 @@ CONFIG_EARLY_PRINTK policy<{'amd64': 'y', 'i386': 'y CONFIG_PANIC_ON_OOPS note CONFIG_BUG_ON_DATA_CORRUPTION flag CONFIG_STRICT_DEVMEM mark +CONFIG_IO_STRICT_DEVMEM mark note # Menu: Kernel hacking >> Architecture: arm CONFIG_DEBUG_USER policy<{'armhf': 'n'}> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index a2e5944d3c7a..235652ce7895 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -4614,7 +4614,7 @@ CONFIG_IO_DELAY_0XED=y # CONFIG_IO_DELAY_NONE is not set # CONFIG_IO_DELAY_UDELAY is not set CONFIG_IO_EVENT_IRQ=y -# CONFIG_IO_STRICT_DEVMEM is not set +CONFIG_IO_STRICT_DEVMEM=y CONFIG_IO_URING=y CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_IPTABLES=m From patchwork Sun Jan 19 13:10:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Hicks X-Patchwork-Id: 1225450 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 480wCw2R71z9sR4; Mon, 20 Jan 2020 00:11:08 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1itAM3-0007Nk-Ee; Sun, 19 Jan 2020 13:11:03 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itAM1-0007M5-D1 for kernel-team@lists.ubuntu.com; Sun, 19 Jan 2020 13:11:01 +0000 Received: from 2.general.tyhicks.uk.vpn ([10.172.192.53] helo=sec.lxd) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itAM0-0004re-En; Sun, 19 Jan 2020 13:11:01 +0000 From: Tyler Hicks To: kernel-team@lists.ubuntu.com Subject: [PATCH 7/8] UBUNTU: [Config] Disable legacy PTY naming Date: Sun, 19 Jan 2020 13:10:28 +0000 Message-Id: <20200119131029.23160-8-tyhicks@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200119131029.23160-1-tyhicks@canonical.com> References: <20200119131029.23160-1-tyhicks@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://launchpad.net/bugs/1855339 Legacy BSD PTYs have been replaced by UNIX 98 PTYs a long time ago. Disable legacy BSD PTY support as it is no longer needed. Signed-off-by: Tyler Hicks --- debian.master/config/annotations | 4 ++-- debian.master/config/config.common.ubuntu | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index b3d861e12e28..064d0d0ed278 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -713,8 +713,7 @@ CONFIG_CONSOLE_TRANSLATIONS policy<{'amd64': 'y', 'arm64': ' CONFIG_VT_CONSOLE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_VT_HW_CONSOLE_BINDING policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_UNIX98_PTYS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> -CONFIG_LEGACY_PTYS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> -CONFIG_LEGACY_PTY_COUNT policy<{'amd64': '0', 'arm64': '0', 'armhf': '0', 'i386': '0', 'ppc64el': '0', 's390x': '0'}> +CONFIG_LEGACY_PTYS policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_NOZOMI policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'n'}> CONFIG_N_GSM policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'n'}> CONFIG_TRACE_ROUTER policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm'}> @@ -723,6 +722,7 @@ CONFIG_PPC_EPAPR_HV_BYTECHAN policy<{'ppc64el': 'n'}> CONFIG_NULL_TTY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_LDISC_AUTOLOAD policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> # +CONFIG_LEGACY_PTYS mark note CONFIG_N_GSM note # Menu: Device Drivers >> Character devices >> Enable TTY >> Non-standard serial port support diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index 235652ce7895..fe8a065e2262 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -5197,8 +5197,7 @@ CONFIG_LEDS_WM831X_STATUS=m CONFIG_LEDS_WM8350=m CONFIG_LEDS_WRAP=m CONFIG_LED_TRIGGER_PHY=y -CONFIG_LEGACY_PTYS=y -CONFIG_LEGACY_PTY_COUNT=0 +# CONFIG_LEGACY_PTYS is not set # CONFIG_LEGACY_VSYSCALL_EMULATE is not set # CONFIG_LEGACY_VSYSCALL_NONE is not set CONFIG_LEGACY_VSYSCALL_XONLY=y From patchwork Sun Jan 19 13:10:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Hicks X-Patchwork-Id: 1225452 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 480wCy65P2z9sRs; Mon, 20 Jan 2020 00:11:10 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1itAM6-0007QH-Jn; Sun, 19 Jan 2020 13:11:06 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itAM4-0007OM-EG for kernel-team@lists.ubuntu.com; Sun, 19 Jan 2020 13:11:04 +0000 Received: from 2.general.tyhicks.uk.vpn ([10.172.192.53] helo=sec.lxd) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1itAM3-0004re-9d; Sun, 19 Jan 2020 13:11:03 +0000 From: Tyler Hicks To: kernel-team@lists.ubuntu.com Subject: [PATCH 8/8] UBUNTU: [Config] Disable the uselib system call Date: Sun, 19 Jan 2020 13:10:29 +0000 Message-Id: <20200119131029.23160-9-tyhicks@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200119131029.23160-1-tyhicks@canonical.com> References: <20200119131029.23160-1-tyhicks@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://launchpad.net/bugs/1855341 Disable CONFIG_USELIB to make the uselib(2) system call unreachable in an effort to reduce the kernel attack surface. The system call is only used by very old libc implementations and is unlikely to be used today. Signed-off-by: Tyler Hicks --- debian.master/config/annotations | 3 ++- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 064d0d0ed278..07998d2822a1 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -10289,7 +10289,7 @@ CONFIG_SWAP policy<{'amd64': 'y', 'arm64': ' CONFIG_SYSVIPC policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_POSIX_MQUEUE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_CROSS_MEMORY_ATTACH policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> -CONFIG_USELIB policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> +CONFIG_USELIB policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_AUDIT policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_CPU_ISOLATION policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_IKCONFIG policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> @@ -10316,6 +10316,7 @@ CONFIG_SHUFFLE_PAGE_ALLOCATOR policy<{'amd64': 'y', 'arm64': ' CONFIG_SLUB_CPU_PARTIAL policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_PROFILING policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> # +CONFIG_USELIB mark note CONFIG_SYSFS_DEPRECATED mark note CONFIG_COMPAT_BRK mark note CONFIG_NUMA_BALANCING_DEFAULT_ENABLED note diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index fe8a065e2262..f2d01e7b1e1b 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -10788,7 +10788,7 @@ CONFIG_USB_ZD1201=m CONFIG_USB_ZERO=m # CONFIG_USB_ZERO_HNPTEST is not set CONFIG_USB_ZR364XX=m -CONFIG_USELIB=y +# CONFIG_USELIB is not set CONFIG_USERFAULTFD=y CONFIG_USERIO=m CONFIG_USER_NS=y