Summary: | sys-kernel/gentoo-sources: update KSPP settings to include UBSAN | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sam James <sam> |
Component: | Current packages | Assignee: | Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hardened, kocelfc |
Priority: | Normal | Keywords: | InVCS |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=930732 https://bugzilla.redhat.com/show_bug.cgi?id=2275162 https://salsa.debian.org/kernel-team/linux/-/merge_requests/1065 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sam James
![]() ![]() ![]() ![]() kees: "Note that really only BOUNDS and SHIFT are ready for real-world environments. BOOL and ENUM have low signal-to-noise ratio" I added UBSAN_BOUNDS and UBSAN_SHIFT and some dependencies. Please let me know if there are other config items you want to add. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f9505074541db86a09aaf77aeeb425f029565fcf commit f9505074541db86a09aaf77aeeb425f029565fcf Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-04-27 22:01:28 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-04-27 22:01:28 +0000 Add UBSAN_BOUNDS and UBSAN_SHIFT and dependencies Bug: https://bugs.gentoo.org/930733 Signed-off-by: Mike Pagano <mpagano@gentoo.org> 4567_distro-Gentoo-Kconfig.patch | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (In reply to Mike Pagano from comment #2) > I added UBSAN_BOUNDS and UBSAN_SHIFT and some dependencies. Please let me > know if there are other config items you want to add. Mike, could we add the following too please: amd64 only: CONFIG_X86_KERNEL_IBT=y CONFIG_X86_USER_SHADOW_STACK=y arm64 only: CONFIG_SHADOW_CALL_STACK=y CONFIG_UNWIND_PATCH_PAC_INTO_SCS=y CONFIG_ARM64_PTR_AUTH=y CONFIG_ARM64_PTR_AUTH_KERNEL=y CONFIG_ARM64_BTI=y CONFIG_ARM64_BTI_KERNEL=y CONFIG_ARM64_MTE=y CONFIG_KASAN_HW_TAGS=y CONFIG_ARM64_E0PD=y CONFIG_ARM64_EPAN=y all: CONFIG_RANDOM_KMALLOC_CACHES=y CONFIG_PAGE_TABLE_CHECK=y CONFIG_PAGE_TABLE_CHECK_ENFORCED=y Thank you! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12593a65130d8f0ca1b837d5a3cd05388194568b commit 12593a65130d8f0ca1b837d5a3cd05388194568b Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-02 16:20:27 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-02 16:20:27 +0000 sys-kernel/gentoo-sources: add 6.8.9, and KSPP updates and BMQ v6.8-r6 BMQ Patch v6.8-r6 Add UBSAN_BOUNDS and UBSAN_SHIFT and dependencies Bug: https://bugs.gentoo.org/930733 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 3 +++ .../gentoo-sources/gentoo-sources-6.8.9.ebuild | 27 ++++++++++++++++++++++ 2 files changed, 30 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55e3a97e981ac6415c11cae37ff93f833faa6955 commit 55e3a97e981ac6415c11cae37ff93f833faa6955 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-02 16:19:36 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-02 16:19:36 +0000 sys-kernel/gentoo-sources: add 6.6.30 and KSPP updates Add UBSAN_BOUNDS and UBSAN_SHIFT and dependencies Bug: https://bugs.gentoo.org/930733 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 3 +++ .../gentoo-sources/gentoo-sources-6.6.30.ebuild | 27 ++++++++++++++++++++++ 2 files changed, 30 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0cde63fe6a6311797f332a9cf873a478654e8ee commit f0cde63fe6a6311797f332a9cf873a478654e8ee Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-02 16:17:57 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-02 16:17:57 +0000 sys-kernel/gentoo-sources: add 5.15.158 and KSPP updates Add UBSAN_BOUNDS and UBSAN_SHIFT and dependencies Bug: https://bugs.gentoo.org/930733 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 2 ++ .../gentoo-sources/gentoo-sources-5.15.158.ebuild | 27 ++++++++++++++++++++++ 2 files changed, 29 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db756a95113a1477fafbdcbcdd4d580cc3c12b2a commit db756a95113a1477fafbdcbcdd4d580cc3c12b2a Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-02 16:16:37 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-02 16:16:37 +0000 sys-kernel/gentoo-sources: add 5.10.216 and KSPP updates Add UBSAN_BOUNDS and UBSAN_SHIFT and dependencies Bug: https://bugs.gentoo.org/930733 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 3 +++ .../gentoo-sources/gentoo-sources-5.10.216.ebuild | 27 ++++++++++++++++++++++ 2 files changed, 30 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=abbbd285be43f4a758e4cbaac9cf33c6bc74e32a commit abbbd285be43f4a758e4cbaac9cf33c6bc74e32a Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-05 17:54:13 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-05 17:54:13 +0000 Update to KSPP patch Bug: https://bugs.gentoo.org/930733 Signed-off-by: Mike Pagano <mpagano@gentoo.org> 4567_distro-Gentoo-Kconfig.patch | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc5171bf27ae9a8d1ac8c1cf83fb5732e2bc65b8 commit cc5171bf27ae9a8d1ac8c1cf83fb5732e2bc65b8 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-17 13:01:29 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-17 13:03:18 +0000 sys-kernel/gentoo-sources: add 6.8.10, update to KSPP Patch Closes: https://bugs.gentoo.org/930733 Do not select BMQ on default Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 3 +++ .../gentoo-sources/gentoo-sources-6.8.10.ebuild | 27 ++++++++++++++++++++++ 2 files changed, 30 insertions(+) Additionally, it has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2adea6ef97874fb30db50f1c554fdb4b2da0a76 commit a2adea6ef97874fb30db50f1c554fdb4b2da0a76 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-17 13:00:44 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-17 13:03:17 +0000 sys-kernel/gentoo-sources: add 6.6.31, update to KSPP Patch Bug: https://bugs.gentoo.org/930733 Removed redundant patch: 2930_gcc14-btrfs-fix-kvcalloc-args-order.patch Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 3 +++ .../gentoo-sources/gentoo-sources-6.6.31.ebuild | 27 ++++++++++++++++++++++ 2 files changed, 30 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5593f3ebe61daafe198689c1aa11627f7577abf9 commit 5593f3ebe61daafe198689c1aa11627f7577abf9 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-17 12:59:56 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-17 13:03:17 +0000 sys-kernel/gentoo-sources: add 6.1.91, update to KSPP Patch Bug: https://bugs.gentoo.org/930733 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 3 +++ .../gentoo-sources/gentoo-sources-6.1.91.ebuild | 27 ++++++++++++++++++++++ 2 files changed, 30 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3e8830d5f459f9025aa5368b4c6f31a752a1396 commit e3e8830d5f459f9025aa5368b4c6f31a752a1396 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-17 12:59:09 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-17 13:03:17 +0000 sys-kernel/gentoo-sources: add 5.15.159, update to KSPP Patch Bug: https://bugs.gentoo.org/930733 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 2 ++ .../gentoo-sources/gentoo-sources-5.15.159.ebuild | 27 ++++++++++++++++++++++ 2 files changed, 29 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=edc9e0c9c4bed12da70c14d10b7eb38b7cef1022 commit edc9e0c9c4bed12da70c14d10b7eb38b7cef1022 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2024-05-17 12:58:09 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2024-05-17 13:03:17 +0000 sys-kernel/gentoo-sources: add 5.10.217 Update to KSPP patch Bug: https://bugs.gentoo.org/930733 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 3 +++ .../gentoo-sources/gentoo-sources-5.10.217.ebuild | 27 ++++++++++++++++++++++ 2 files changed, 30 insertions(+) |